Failed to create the stack. AWS Lambda Stack event CREATE_FAILED, ResourceStatusReason: The specified log group does not exist

Elastic Stack Beats
1

I have tested how to use functionbeat for AWS cloudwatch via lambda function.

But when i deploy funtionbeat, stack creating is failed after the following error generating.

# ./functionbeat -v -e -d "*" deploy cloudwatch
<snip>

Stack event received, ResourceType: AWS::Logs::SubscriptionFilter, LogicalResourceId: fnbcloudwatchSFawslambdafunctionbeatcloudwatchlogs, ResourceStatus: **CREATE_FAILED, ResourceStatusReason: The specified log group does not exist. (Service: AWSLogs; Status Code: 400; Error Code:** ResourceNotFoundException; Request ID: 4a06307a-74e9-49a8-9d81-08415c6bac86)
Stack event received, ResourceType: AWS::Lambda::Permission, LogicalResourceId: fnbcloudwatchPermission0, ResourceStatus: CREATE_IN_PROGRESS, ResourceStatusReason: Resource creation Initiated
Stack event received, ResourceType: AWS::Lambda::Permission, LogicalResourceId: fnbcloudwatchPermission0, ResourceStatus: CREATE_FAILED, ResourceStatusReason: Resource creation cancelled
Stack event received, ResourceType: AWS::CloudFormation::Stack, LogicalResourceId: fnb-cloudwatch-stack, ResourceStatus: ROLLBACK_IN_PROGRESS, ResourceStatusReason: The following resource(s) failed to create: [fnbcloudwatchPermission0, fnbcloudwatchSFawslambdafunctionbeatcloudwatchlogs]. . Rollback requested by user.

Please let me advise What is wrong configuration.

My operation is below,

I configured as office document like the below, and commented out the related with Google(gcp), others did not changed(with default).

Also, IAM permissions are set as the below sample.
https://www.elastic.co/guide/en/beats/functionbeat/current/iam-permissions.html

export AWS_ACCESS_KEY_ID=MY ACCESS KEY ID
export AWS_SECRET_ACCESS_KEY=MY SECRET ACCESS KEY
export AWS_DEFAULT_REGION=us-east-2


# ================================== Provider ==================================
functionbeat.provider.aws.endpoint: "s3.amazonaws.com"
functionbeat.provider.aws.deploy_bucket: "functionbeat-kilho-deploy"
functionbeat.provider.aws.functions:
  - name: cloudwatch
    enabled: true
    type: cloudwatch_logs
    description: "lambda function for cloudwatch logs"
    
    triggers:
      - log_group_name: /aws/lambda/functionbeat-cloudwatch_logs
        filter_pattern: mylog_
        
# =============================== Elastic Cloud ================================
cloud.id: "DEMO:My Cloud ID"
# The cloud.auth setting overwrites the `output.elasticsearch.username` and
# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
cloud.auth: "elastic: My Pasward"

Deploy Command
# ./functionbeat -v -e -d "*" deploy cloudwatch

2

Does the log group /aws/lambda/functionbeat-cloudwatch_logsexist before Functionbeat is deployed?

3

Hi, Ványi

I thought that bucket and function, trigger(log group) for AWS is created by Deploy but that was wrong.

When I created manually configured trigger on AWS Cloudwatch log group Before deploying, All operations/deploy is successful.

I can know that the below should be created before deployed.

   triggers:
      - log_group_name: /aws/lambda/my-lambda-function

but, I met other issue(index creation) and i will create the related ticket.

Thanks for your support.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.