Using aws cloudwatch with lambda
TypeScriptAWS CloudWatch is a monitoring and observability service that allows you to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. AWS Lambda is a compute service that allows you to run code without provisioning or managing servers. Lambda can be triggered from various AWS services such as CloudWatch.
To demonstrate how to use AWS CloudWatch with AWS Lambda, we'll create an example where a Lambda function is invoked based on a CloudWatch Event (also known as EventBridge). This will include:
- A Lambda Function: The compute resource that will be invoked.
- An IAM Role: To grant our Lambda function permissions to be invoked and log to CloudWatch Logs.
- A CloudWatch Event Rule: To match certain events and trigger the Lambda function.
- A CloudWatch Event Target: To attach the Lambda function to the CloudWatch Event Rule, so that it gets invoked when the rule is triggered.
Here's how to write this in Pulumi using TypeScript:
import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws"; // Creating a Lambda Function. const lambdaRole = new aws.iam.Role("lambdaRole", { assumeRolePolicy: JSON.stringify({ Version: "2012-10-17", Statement: [{ Action: "sts:AssumeRole", Effect: "Allow", Principal: { Service: "lambda.amazonaws.com", }, }], }), }); const lambdaRolePolicyAttachment = new aws.iam.RolePolicyAttachment("lambdaRolePolicyAttachment", { role: lambdaRole, policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole, }); const lambdaFunction = new aws.lambda.Function("myLambdaFunction", { code: new pulumi.asset.AssetArchive({ "index.js": new pulumi.asset.StringAsset( 'exports.handler = (event, context, callback) => callback(null, "Hello, World!");' ), }), handler: "index.handler", role: lambdaRole.arn, runtime: "nodejs14.x", }); // Creating a CloudWatch Event Rule. const eventRule = new aws.cloudwatch.EventRule("myEventRule", { scheduleExpression: "cron(0 * * * ? *)", // Run once an hour. description: "Trigger Lambda every hour", }); // Attaching the Lambda Function to the CloudWatch Event Rule. const eventTarget = new aws.cloudwatch.EventTarget("myEventTarget", { rule: eventRule.name, arn: lambdaFunction.arn, }); // Granting CloudWatch Events permission to invoke the Lambda function const permission = new aws.lambda.Permission("myLambdaPermission", { action: "lambda:InvokeFunction", function: lambdaFunction, principal: "events.amazonaws.com", sourceArn: eventRule.arn, }); // Exporting the Lambda Function and CloudWatch Event Rule ARNs export const lambdaFunctionArn = lambdaFunction.arn; export const eventRuleArn = eventRule.arn;
In this code:
- We create an IAM role
lambdaRole
that allows the Lambda service to assume this role. The attached policy allows the Lambda function to write logs to CloudWatch (AWSLambdaBasicExecutionRole
). - We create a Lambda function
myLambdaFunction
with a simple "Hello, World!" Node.js lambda code. This function will be invoked by the CloudWatch Event. - We define a CloudWatch event rule
myEventRule
that is scheduled to run once an hour based on a cron expression. - We then set up an event target
myEventTarget
that points to the Lambda function so that the specified function gets invoked when the event rule triggers. - We add a Lambda permission
myLambdaPermission
to grant CloudWatch Events the necessary permission to execute the Lambda function when the rule is matched. - Finally, we export the ARN (Amazon Resource Name) of both the Lambda function and the CloudWatch event rule, so you can reference them outside of Pulumi if needed.
This program creates an automated trigger that invokes the provided lambda function every hour. By adjusting the
scheduleExpression
, you can customize the frequency of this trigger. The function can be updated to handle more complex logic or process various AWS events to suit your use cases.