From 6f28acc488220fc6de324af2d5da93dc69e29172 Mon Sep 17 00:00:00 2001 From: "Grayson, Matthew" Date: Mon, 2 Oct 2023 11:53:45 -0500 Subject: [PATCH 1/3] Add additional logging to cloudWatchToS3 lambda for troubleshooting. --- backend/src/tasks/cloudwatchToS3.ts | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/backend/src/tasks/cloudwatchToS3.ts b/backend/src/tasks/cloudwatchToS3.ts index 7c106cb36..272e670b1 100644 --- a/backend/src/tasks/cloudwatchToS3.ts +++ b/backend/src/tasks/cloudwatchToS3.ts @@ -34,8 +34,9 @@ export const handler = async () => { while (true) { const response = await logs.send(new DescribeLogGroupsCommand(extra_args)); + console.log(`response: ${JSON.stringify(response)}`); log_groups = log_groups.concat(response.logGroups!); - + console.log(`log_groups: ${JSON.stringify(log_groups)}`); if (!response.nextToken) { break; } @@ -46,16 +47,23 @@ export const handler = async () => { const command = new ListTagsForResourceCommand({ resourceArn: `arn:aws:logs:${region}:${accountId}:log-group:${log_group.logGroupName}` }); + console.log(`Processing log group: ${log_group.logGroupName}`); + console.log(`command: ${JSON.stringify(command)}`); const response = await logs.send(command); + console.log(`log group response: ${JSON.stringify(response)}`); const log_group_tags = response.tags || {}; if (log_group_tags.ExportToS3 === 'true') { log_groups_to_export.push(log_group.logGroupName!); } + console.log( + `log_groups_to_export: ${JSON.stringify(log_groups_to_export)}` + ); await delay(10 * 1000); // prevents LimitExceededException (AWS allows only one export task at a time) } for (const log_group_name of log_groups_to_export) { + console.log('Processing log group: ' + log_group_name); const ssm_parameter_name = ( '/log-exporter-last-export/' + log_group_name ).replace('//', '/'); From a31f2767fde5b2397cbc92c26e854f1d0cabb051 Mon Sep 17 00:00:00 2001 From: "Grayson, Matthew" Date: Tue, 3 Oct 2023 14:03:54 -0500 Subject: [PATCH 2/3] Add permissions to lambda role to access ssm parameters and bucket acls; add additional console.error to cloudwatchToS3. --- backend/serverless.yml | 9 +++++++++ backend/src/tasks/cloudwatchToS3.ts | 1 + 2 files changed, 10 insertions(+) diff --git a/backend/serverless.yml b/backend/serverless.yml index 12cf2f9c9..693ba2051 100644 --- a/backend/serverless.yml +++ b/backend/serverless.yml @@ -56,6 +56,8 @@ provider: - s3:GetObjectAcl - s3:PutObject - s3:PutObjectAcl + - s3:PutBucketAcl + - s3:GetBucketAcl Resource: '*' - Effect: Allow Action: @@ -69,6 +71,13 @@ provider: - logs:StartLiveTail - logs:StopLiveTail Resource: '*' + - Effect: Allow + Action: + - ssm:DescribeParameters + - ssm:GetParameter + - ssm:GetParameters + - ssm:GetParametersByPath + - ssm:PutParameter functions: - ${file(./src/tasks/functions.yml)} diff --git a/backend/src/tasks/cloudwatchToS3.ts b/backend/src/tasks/cloudwatchToS3.ts index 272e670b1..7364cecb2 100644 --- a/backend/src/tasks/cloudwatchToS3.ts +++ b/backend/src/tasks/cloudwatchToS3.ts @@ -78,6 +78,7 @@ export const handler = async () => { if (error.name !== 'ParameterNotFound') { console.error('Error fetching SSM parameter: ' + error.message); } + console.error(`error: ${error.message}`); } const export_to_time = Math.round(Date.now()); From 788ae6745715684151844b10e7cdd751922aa41f Mon Sep 17 00:00:00 2001 From: "Grayson, Matthew" Date: Tue, 3 Oct 2023 14:14:00 -0500 Subject: [PATCH 3/3] Add resource to lambda role permissions. --- backend/serverless.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/backend/serverless.yml b/backend/serverless.yml index 693ba2051..84c2fa23f 100644 --- a/backend/serverless.yml +++ b/backend/serverless.yml @@ -78,6 +78,7 @@ provider: - ssm:GetParameters - ssm:GetParametersByPath - ssm:PutParameter + Resource: '*' functions: - ${file(./src/tasks/functions.yml)}