I have tested how to use functionbeat for AWS cloudwatch via lambda function.
But when i deploy funtionbeat, stack creating is failed after the following error generating.
# ./functionbeat -v -e -d "*" deploy cloudwatch <snip> Stack event received, ResourceType: AWS::Logs::SubscriptionFilter, LogicalResourceId: fnbcloudwatchSFawslambdafunctionbeatcloudwatchlogs, ResourceStatus: **CREATE_FAILED, ResourceStatusReason: The specified log group does not exist. (Service: AWSLogs; Status Code: 400; Error Code:** ResourceNotFoundException; Request ID: 4a06307a-74e9-49a8-9d81-08415c6bac86) Stack event received, ResourceType: AWS::Lambda::Permission, LogicalResourceId: fnbcloudwatchPermission0, ResourceStatus: CREATE_IN_PROGRESS, ResourceStatusReason: Resource creation Initiated Stack event received, ResourceType: AWS::Lambda::Permission, LogicalResourceId: fnbcloudwatchPermission0, ResourceStatus: CREATE_FAILED, ResourceStatusReason: Resource creation cancelled Stack event received, ResourceType: AWS::CloudFormation::Stack, LogicalResourceId: fnb-cloudwatch-stack, ResourceStatus: ROLLBACK_IN_PROGRESS, ResourceStatusReason: The following resource(s) failed to create: [fnbcloudwatchPermission0, fnbcloudwatchSFawslambdafunctionbeatcloudwatchlogs]. . Rollback requested by user.
Please let me advise What is wrong configuration.
My operation is below,
I configured as office document like the below, and commented out the related with Google(gcp), others did not changed(with default).
Also, IAM permissions are set as the below sample.
export AWS_ACCESS_KEY_ID=MY ACCESS KEY ID export AWS_SECRET_ACCESS_KEY=MY SECRET ACCESS KEY export AWS_DEFAULT_REGION=us-east-2 # ================================== Provider ================================== functionbeat.provider.aws.endpoint: "s3.amazonaws.com" functionbeat.provider.aws.deploy_bucket: "functionbeat-kilho-deploy" functionbeat.provider.aws.functions: - name: cloudwatch enabled: true type: cloudwatch_logs description: "lambda function for cloudwatch logs" triggers: - log_group_name: /aws/lambda/functionbeat-cloudwatch_logs filter_pattern: mylog_ # =============================== Elastic Cloud ================================ cloud.id: "DEMO:My Cloud ID" # The cloud.auth setting overwrites the `output.elasticsearch.username` and # `output.elasticsearch.password` settings. The format is `<user>:<pass>`. cloud.auth: "elastic: My Pasward"
# ./functionbeat -v -e -d "*" deploy cloudwatch