I have tested how to use functionbeat for AWS cloudwatch via lambda function.
But when i deploy funtionbeat, stack creating is failed after the following error generating.
# ./functionbeat -v -e -d "*" deploy cloudwatch
<snip>
Stack event received, ResourceType: AWS::Logs::SubscriptionFilter, LogicalResourceId: fnbcloudwatchSFawslambdafunctionbeatcloudwatchlogs, ResourceStatus: **CREATE_FAILED, ResourceStatusReason: The specified log group does not exist. (Service: AWSLogs; Status Code: 400; Error Code:** ResourceNotFoundException; Request ID: 4a06307a-74e9-49a8-9d81-08415c6bac86)
Stack event received, ResourceType: AWS::Lambda::Permission, LogicalResourceId: fnbcloudwatchPermission0, ResourceStatus: CREATE_IN_PROGRESS, ResourceStatusReason: Resource creation Initiated
Stack event received, ResourceType: AWS::Lambda::Permission, LogicalResourceId: fnbcloudwatchPermission0, ResourceStatus: CREATE_FAILED, ResourceStatusReason: Resource creation cancelled
Stack event received, ResourceType: AWS::CloudFormation::Stack, LogicalResourceId: fnb-cloudwatch-stack, ResourceStatus: ROLLBACK_IN_PROGRESS, ResourceStatusReason: The following resource(s) failed to create: [fnbcloudwatchPermission0, fnbcloudwatchSFawslambdafunctionbeatcloudwatchlogs]. . Rollback requested by user.
Please let me advise What is wrong configuration.
My operation is below,
I configured as office document like the below, and commented out the related with Google(gcp), others did not changed(with default).
Also, IAM permissions are set as the below sample.
https://www.elastic.co/guide/en/beats/functionbeat/current/iam-permissions.html
export AWS_ACCESS_KEY_ID=MY ACCESS KEY ID
export AWS_SECRET_ACCESS_KEY=MY SECRET ACCESS KEY
export AWS_DEFAULT_REGION=us-east-2
# ================================== Provider ==================================
functionbeat.provider.aws.endpoint: "s3.amazonaws.com"
functionbeat.provider.aws.deploy_bucket: "functionbeat-kilho-deploy"
functionbeat.provider.aws.functions:
- name: cloudwatch
enabled: true
type: cloudwatch_logs
description: "lambda function for cloudwatch logs"
triggers:
- log_group_name: /aws/lambda/functionbeat-cloudwatch_logs
filter_pattern: mylog_
# =============================== Elastic Cloud ================================
cloud.id: "DEMO:My Cloud ID"
# The cloud.auth setting overwrites the `output.elasticsearch.username` and
# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
cloud.auth: "elastic: My Pasward"
Deploy Command
# ./functionbeat -v -e -d "*" deploy cloudwatch