LyleScott · August 31, 2019 04:41
diff --git a/formation.yml b/formation.yml
 #
 # Code goes along with the post made at:
 # https://ls3.io/post/ship_cloudwatch_logs_to_logentries/
 #
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
 Description: An AWS Serverless Specification for shipping CloudWatch logs to Logentries.
 Resources:

  # A generic Lambda role that allows execution and Cloud Watch logs.
  LambdaRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: 'sts:AssumeRole'
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'

  # The Lambda that will do the shipping to Logentries.
  LogentriesShipperLambda:
    Type: 'AWS::Serverless::Function'
    Properties:
      Handler: main
      Runtime: go1.x
      CodeUri: deployment.zip
      Description: 'Ship CloudWatch logs to Logentries.'
      MemorySize: 128
      Timeout: 60
      Role: !GetAtt LambdaRole.Arn

  # Create a Lambda that will generate log messages.
  LogGeneratorLambda:
    Type: 'AWS::Lambda::Function'
    Properties:
      Code:
        ZipFile: |
          print('Starting lambda...')
          def lambda_handler(event, context):
            print('Foo Bar Baz')
      Handler: index.lambda_handler
      Role: !GetAtt LambdaRole.Arn
      Runtime: python3.6

  # We get this LogGroup by default, but we need the reference for other Cloud Formation stacks.
  LogGeneratorLogGroup:
    Type: 'AWS::Logs::LogGroup'
    DependsOn: LogGeneratorLambda
    Properties:
      LogGroupName: !Sub '/aws/lambda/${LogGeneratorLambda}'
      RetentionInDays: 7

  # Subscribe the LogGroup of the "Log Generator" Lambda to the Log Shipper Lambda.
  LogentriesCloudwatchFilter:
    Type: 'AWS::Logs::SubscriptionFilter'
    DependsOn:
      - LogGeneratorLambda
      - LogGeneratorLogGroup
    Properties:
      DestinationArn: !GetAtt LogentriesShipperLambda.Arn
      FilterPattern: '[event]'
      LogGroupName: !Sub '/aws/lambda/${LogGeneratorLambda}'

  LambdaInvokePermission:
    Type: 'AWS::Lambda::Permission'
    Properties:
      Action: lambda:InvokeFunction
      FunctionName: !Ref LogentriesShipperLambda
      Principal: !Sub 'logs.${AWS::Region}.amazonaws.com'
      SourceArn: !GetAtt LogGeneratorLogGroup.Arn
	#
	# Code goes along with the post made at:
	# https://ls3.io/post/ship_cloudwatch_logs_to_logentries/
	#
	AWSTemplateFormatVersion: '2010-09-09'
	Transform: 'AWS::Serverless-2016-10-31'
	Description: An AWS Serverless Specification for shipping CloudWatch logs to Logentries.
	Resources:

	# A generic Lambda role that allows execution and Cloud Watch logs.
	LambdaRole:
	Type: 'AWS::IAM::Role'
	Properties:
	AssumeRolePolicyDocument:
	Statement:
	- Effect: Allow
	Principal:
	Service: lambda.amazonaws.com
	Action: 'sts:AssumeRole'
	ManagedPolicyArns:
	- 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'

	# The Lambda that will do the shipping to Logentries.
	LogentriesShipperLambda:
	Type: 'AWS::Serverless::Function'
	Properties:
	Handler: main
	Runtime: go1.x
	CodeUri: deployment.zip
	Description: 'Ship CloudWatch logs to Logentries.'
	MemorySize: 128
	Timeout: 60
	Role: !GetAtt LambdaRole.Arn

	# Create a Lambda that will generate log messages.
	LogGeneratorLambda:
	Type: 'AWS::Lambda::Function'
	Properties:
	Code:
	ZipFile: \|
	print('Starting lambda...')
	def lambda_handler(event, context):
	print('Foo Bar Baz')
	Handler: index.lambda_handler
	Role: !GetAtt LambdaRole.Arn
	Runtime: python3.6

	# We get this LogGroup by default, but we need the reference for other Cloud Formation stacks.
	LogGeneratorLogGroup:
	Type: 'AWS::Logs::LogGroup'
	DependsOn: LogGeneratorLambda
	Properties:
	LogGroupName: !Sub '/aws/lambda/${LogGeneratorLambda}'
	RetentionInDays: 7

	# Subscribe the LogGroup of the "Log Generator" Lambda to the Log Shipper Lambda.
	LogentriesCloudwatchFilter:
	Type: 'AWS::Logs::SubscriptionFilter'
	DependsOn:
	- LogGeneratorLambda
	- LogGeneratorLogGroup
	Properties:
	DestinationArn: !GetAtt LogentriesShipperLambda.Arn
	FilterPattern: '[event]'
	LogGroupName: !Sub '/aws/lambda/${LogGeneratorLambda}'

	LambdaInvokePermission:
	Type: 'AWS::Lambda::Permission'
	Properties:
	Action: lambda:InvokeFunction
	FunctionName: !Ref LogentriesShipperLambda
	Principal: !Sub 'logs.${AWS::Region}.amazonaws.com'
	SourceArn: !GetAtt LogGeneratorLogGroup.Arn