I am using cloudwatch to trigger AWS Lambda. Now to create this trigger first of all I have to create rule then I need to add target and then I need to add permission policy to that lambda function. Now the problem is there is a policy length limit(20k) for each lambda function and each cloudwatch trigger increase policy length. So if there are around 60 cloudwatch rules my lambda can still handle all of those events as size is still less than 20k, but after that if rules increase I get http://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html "policy length exceed exception error".
I know I can delete the policy by using removePermission method but that is not efficient because if there are around 100 rules present in cloudwatch which are triggering my lambda function then my lambda function can't handle that much amount of policy length.
This is how I solved it.
Cloudwatch Alerts --> SNS --> Lambda
No subscription, no permissions configuration needed. You can create multiple different SNS notifications if you want to isolate different team based on your alerts.
Steps:
Create SNS with a topic
Send Cloudwatch Alerts to SNS
Subscribe Lambda to that SNS Topic
Receive Alerts to Lambda!
Hope it helps.
Related
I can see that in AWS alerting works with SNS where protocols are available as Email, https and SMS...Basically push mechanisms..
Is it possible to make these alerts pull-based? any ideas around how this could be tried?
You would need to create a solution for this, natively when an alert triggers it can be configured to go to either an SNS topic which has 1 or more subscriptions to notify.
Instead you would need to use the describe-alarms function to retrieve a list of alarms, this can be narrowed down to alarming only by using the --state-value parameter such as the example below
aws cloudwatch describe-alarms --state-value ALARM
Does this fit your needs https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudwatch/describe-alarm-history.html ?
Please check aws cloudwatch there are several options for alarms.
I have a Lambda function that takes a list of tasks to be run at the time specified. This time can vary.
I am using SNS to trigger another Lambda function that in turn runs the tasks.
These tasks need to be run at specified time. Is it possible to publish a message to SNS using Lambda at the specified time?
Or send the message to SNS, but SNS in turn triggers Lambda at the specified time?
Any option would do.
P.S. I know there is an option of using Cloud Watch events, but I do not want to use any more services.
It appears that your requirement is to trigger an AWS Lambda function at specific times.
This can be done by using Amazon CloudWatch Events, which can take a cron-like expression to run a Lambda function at desired time intervals or specific times. This functionality was originally in the Lambda console, but was moved to CloudWatch Events when more services added scheduling capabilities.
However, CloudWatch Events cannot trigger an Amazon SNS message. If you need SNS to trigger Lambda, then you'll need CloudWatch Events to trigger a Lambda function that sends a message to SNS (which then triggers Lambda functions). Obviously, it would be cleaner to avoid SNS altogether unless you specifically need to fan-out the message to multiple subscriptions/Lambda functions.
I want to count number of successful IoT connection and messages at a time , based upon that I want to apply a notification if it increases by some threshold.
I could not see any cloudwatch matrices/event for the same.
Please guide
You have a couple options. You can create a topic rule that listens on lifecycle topics. The rule could push a custom metric into AWS Cloudwatch or invoke a lambda that has more complex logic.
Another option would be to turn on the IOT logs, and setup a Lambda subscription to the IoT log group. The Lambda function could then push a custom metric into AWS CloudWatch.
I would like to send out alerts and create logs any time an instance is created within an aws account. The instances in the account are mostly static and are rarely changed, so an alert should go off when an unauthorized change is made.
How can I create a cloudwatch alarm that can do this?
I can think of 2 options:
Option 1 - You write code
Enable CloudTrail
Have S3 trigger a Lambda function for PutObject (gets triggered whenever CloudTrail delivers events)
Write a Lambda function that reads the passed S3 object, looks for RunInstances event and sends a mail including instance name, instance id, who launched the instance etc., using AWS SES
You pay for CloudTrail+S3 only (SES cost is negligible)
Option 2 - Let AWS do everything
Enable CloudTrail
Have CloudTrail logs delivered to CloudWatch
Add an alarm in CloudWatch to send you an alert using SNS when CloudWatch detects RunInstances
You pay for CloudTrail+S3+CloudWatch
More info: Sending Events to CloudWatch Logs
Can an AWS CloudWatch event in region us-east-1 trigger a lambda in us-west-2? Or do I have to deploy my lambda in both regions?
An alternative is to have CloudWatch trigger SNS. As per the attached screenshot, SNS topic subscription will allow full ARN declaration, and the dropdown even showed a us-east-1 lambda when I was in US West (Oregon) region.
SNS Screenshot
From the dashboard, it is not possible to trigger cross region Lambda. When you create a CloudWatch event rule, select a Target to invoke, under Lambda function only the lambdas in the current region are shown.
This could be achieved by creating a the Event Rule in the source Region as well as SNS Topic in the same Region as a Target.
Then subscribe a Lambda in the target region to this SNS Topic.
You may relay an event to a Eventbus in the desired region. There you can set an event rule to trigger the desired lambda.