diff --git a/cloudwatch-log-alerts.go b/cloudwatch-log-alerts.go
index e91ee93..3245ddc 100644
--- a/cloudwatch-log-alerts.go
+++ b/cloudwatch-log-alerts.go
@@ -1,14 +1,25 @@
 package main
 
 import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"os"
+
 	"github.com/aws/aws-cdk-go/awscdk/v2"
-	// "github.com/aws/aws-cdk-go/awscdk/v2/awssqs"
+
+	"github.com/aws/aws-cdk-go/awscdk/v2/awsdynamodb"
+	"github.com/aws/aws-cdk-go/awscdk/v2/awslogs"
+	"github.com/aws/aws-cdk-go/awscdk/v2/awslogsdestinations"
+	"github.com/aws/aws-cdk-go/awscdklambdagoalpha/v2"
 	"github.com/aws/constructs-go/constructs/v10"
 	"github.com/aws/jsii-runtime-go"
 )
 
 type CloudwatchLogAlertsStackProps struct {
 	awscdk.StackProps
+	SlackWebhook        string
+	LambdaFunctionNames []string
 }
 
 func NewCloudwatchLogAlertsStack(scope constructs.Construct, id string, props *CloudwatchLogAlertsStackProps) awscdk.Stack {
@@ -18,12 +29,56 @@ func NewCloudwatchLogAlertsStack(scope constructs.Construct, id string, props *C
 	}
 	stack := awscdk.NewStack(scope, &id, &sprops)
 
-	// The code that defines your stack goes here
+	table := awsdynamodb.NewTableV2(stack, jsii.String("CloudwatchLogAlertsTable"), &awsdynamodb.TablePropsV2{
+		PartitionKey: &awsdynamodb.Attribute{
+			Name: jsii.String("fingerprint"),
+			Type: awsdynamodb.AttributeType_STRING,
+		},
+		TableClass:          awsdynamodb.TableClass_STANDARD,
+		Billing:             awsdynamodb.Billing_OnDemand(),
+		Encryption:          awsdynamodb.TableEncryptionV2_DynamoOwnedKey(),
+		PointInTimeRecovery: jsii.Bool(true),
+		TimeToLiveAttribute: jsii.String("expires"),
+	})
 
-	// example resource
-	// queue := awssqs.NewQueue(stack, jsii.String("CloudwatchLogAlertsQueue"), &awssqs.QueueProps{
-	// 	VisibilityTimeout: awscdk.Duration_Seconds(jsii.Number(300)),
-	// })
+	lambda_fn := awscdklambdagoalpha.NewGoFunction(stack, jsii.String("CloudwatchLogAlertsLambda"),
+		&awscdklambdagoalpha.GoFunctionProps{
+			Description: jsii.String("CloudWatch Log Alerts"),
+			Environment: &map[string]*string{
+				"SLACK_WEBHOOK": jsii.String(props.SlackWebhook),
+				"DDB_TABLE":     table.TableName(),
+			},
+			LogRetention: awslogs.RetentionDays_ONE_MONTH,
+			MemorySize:   jsii.Number(512),
+			Timeout:      awscdk.Duration_Seconds(jsii.Number(5)),
+			Entry:        jsii.String("./lambda-fn/main.go"),
+		},
+	)
+
+	table.GrantWriteData(lambda_fn)
+
+	for _, functionName := range props.LambdaFunctionNames {
+		awslogs.NewSubscriptionFilter(
+			stack,
+			jsii.String(fmt.Sprintf("SubscriptionFilter_%s", functionName)),
+			&awslogs.SubscriptionFilterProps{
+				LogGroup: awslogs.LogGroup_FromLogGroupName(
+					stack,
+					jsii.String(fmt.Sprintf("LogGroup_%s", functionName)),
+					jsii.String(fmt.Sprintf("/aws/lambda/%s", functionName)),
+				),
+				Destination: awslogsdestinations.NewLambdaDestination(
+					lambda_fn,
+					nil,
+				),
+				FilterPattern: awslogs.FilterPattern_StringValue(
+					jsii.String("$.level"),
+					jsii.String("="),
+					jsii.String("error"),
+				),
+			},
+		)
+	}
 
 	return stack
 }
@@ -31,13 +86,22 @@ func NewCloudwatchLogAlertsStack(scope constructs.Construct, id string, props *C
 func main() {
 	defer jsii.Close()
 
+	var props CloudwatchLogAlertsStackProps
+	f, err := os.Open("properties.json")
+	if err != nil {
+		log.Fatalf("Error opening properties.json: %v", err)
+	}
+	defer f.Close()
+	if err := json.NewDecoder(f).Decode(&props); err != nil {
+		log.Fatalf("Error parsing properties.json: %v", err)
+	}
+	props.StackProps = awscdk.StackProps{
+		Env: env(),
+	}
+
 	app := awscdk.NewApp(nil)
 
-	NewCloudwatchLogAlertsStack(app, "CloudwatchLogAlertsStack", &CloudwatchLogAlertsStackProps{
-		awscdk.StackProps{
-			Env: env(),
-		},
-	})
+	NewCloudwatchLogAlertsStack(app, "CloudwatchLogAlertsStack", &props)
 
 	app.Synth(nil)
 }
@@ -49,22 +113,22 @@ func env() *awscdk.Environment {
 	// Account/Region-dependent features and context lookups will not work, but a
 	// single synthesized template can be deployed anywhere.
 	//---------------------------------------------------------------------------
-	return nil
+	//return nil
 
 	// Uncomment if you know exactly what account and region you want to deploy
 	// the stack to. This is the recommendation for production stacks.
 	//---------------------------------------------------------------------------
 	// return &awscdk.Environment{
-	//  Account: jsii.String("123456789012"),
-	//  Region:  jsii.String("us-east-1"),
+	// 	Account: jsii.String("111111111111"),
+	// 	Region:  jsii.String("eu-west-1"),
 	// }
 
 	// Uncomment to specialize this stack for the AWS Account and Region that are
 	// implied by the current CLI configuration. This is recommended for dev
 	// stacks.
 	//---------------------------------------------------------------------------
-	// return &awscdk.Environment{
-	//  Account: jsii.String(os.Getenv("CDK_DEFAULT_ACCOUNT")),
-	//  Region:  jsii.String(os.Getenv("CDK_DEFAULT_REGION")),
-	// }
+	return &awscdk.Environment{
+		Account: jsii.String(os.Getenv("CDK_DEFAULT_ACCOUNT")),
+		Region:  jsii.String(os.Getenv("CDK_DEFAULT_REGION")),
+	}
 }
diff --git a/go.mod b/go.mod
index c237748..d8a4bd9 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,15 @@ module cloudwatch-log-alerts
 go 1.18
 
 require (
-  github.com/aws/aws-cdk-go/awscdk/v2 v2.126.0
-  github.com/aws/constructs-go/constructs/v10 v10.0.5
-  github.com/aws/jsii-runtime-go v1.29.0
+	github.com/aws/aws-cdk-go/awscdk/v2 v2.151.0
+	github.com/aws/constructs-go/constructs/v10 v10.3.0
+	github.com/aws/jsii-runtime-go v1.101.0
+)
+
+require (
+	github.com/Masterminds/semver/v3 v3.2.1 // indirect
+	github.com/aws/aws-cdk-go/awscdklambdagoalpha/v2 v2.151.0-alpha.0 // indirect
+	github.com/cdklabs/awscdk-asset-awscli-go/awscliv1/v2 v2.2.202 // indirect
+	github.com/cdklabs/awscdk-asset-kubectl-go/kubectlv20/v2 v2.1.2 // indirect
+	github.com/cdklabs/awscdk-asset-node-proxy-agent-go/nodeproxyagentv6/v2 v2.0.3 // indirect
 )
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..50fd183
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,17 @@
+github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
+github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
+github.com/aws/aws-cdk-go/awscdk/v2 v2.151.0 h1:VvUQxNej+CQRWJ4cNBRD74iM7h2zg2gz0bsrm+cSD+g=
+github.com/aws/aws-cdk-go/awscdk/v2 v2.151.0/go.mod h1:lpJq6B2AsZbjSvlJbLmCwjKwuT7voQc3xmFjEbJOTdA=
+github.com/aws/aws-cdk-go/awscdklambdagoalpha/v2 v2.151.0-alpha.0 h1:6kB4oEFPWViaPrMqRv1jDgR+A90+T7QB5NNcN70n/hM=
+github.com/aws/aws-cdk-go/awscdklambdagoalpha/v2 v2.151.0-alpha.0/go.mod h1:jllGu2D8wxgelYh32KcgeYD3Qh7FlOWgx9TQLOHVi14=
+github.com/aws/constructs-go/constructs/v10 v10.3.0 h1:LsjBIMiaDX/vqrXWhzTquBJ9pPdi02/H+z1DCwg0PEM=
+github.com/aws/constructs-go/constructs/v10 v10.3.0/go.mod h1:GgzwIwoRJ2UYsr3SU+JhAl+gq5j39bEMYf8ev3J+s9s=
+github.com/aws/jsii-runtime-go v1.101.0 h1:x4rWNWRz7uDhVN0qSO7T6cG0VAhQ9300s5DjWUrXmWY=
+github.com/aws/jsii-runtime-go v1.101.0/go.mod h1:4L4Qmve/HSwM5hXV5ZowR2gBNb9zqkUtycaaN6aZ3mg=
+github.com/cdklabs/awscdk-asset-awscli-go/awscliv1/v2 v2.2.202 h1:VixXB9DnHN8oP7pXipq8GVFPjWCOdeNxIaS/ZyUwTkI=
+github.com/cdklabs/awscdk-asset-awscli-go/awscliv1/v2 v2.2.202/go.mod h1:iPUti/SWjA3XAS3CpnLciFjS8TN9Y+8mdZgDfSgcyus=
+github.com/cdklabs/awscdk-asset-kubectl-go/kubectlv20/v2 v2.1.2 h1:k+WD+6cERd59Mao84v0QtRrcdZuuSMfzlEmuIypKnVs=
+github.com/cdklabs/awscdk-asset-kubectl-go/kubectlv20/v2 v2.1.2/go.mod h1:CvFHBo0qcg8LUkJqIxQtP1rD/sNGv9bX3L2vHT2FUAo=
+github.com/cdklabs/awscdk-asset-node-proxy-agent-go/nodeproxyagentv6/v2 v2.0.3 h1:8NLWOIVaxAtpUXv5reojlAeDP7R8yswm9mDONf7F/3o=
+github.com/cdklabs/awscdk-asset-node-proxy-agent-go/nodeproxyagentv6/v2 v2.0.3/go.mod h1:ZjFqfhYpCLzh4z7ChcHCrkXfqCuEiRlNApDfJd6plts=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
diff --git a/lambda-fn/go.mod b/lambda-fn/go.mod
new file mode 100644
index 0000000..80d120b
--- /dev/null
+++ b/lambda-fn/go.mod
@@ -0,0 +1,17 @@
+module cloudwatch-log-alerts-lambda
+
+go 1.22.2
+
+require (
+	github.com/aws/aws-lambda-go v1.47.0
+	github.com/aws/aws-sdk-go v1.55.5
+	github.com/go-resty/resty/v2 v2.14.0
+	github.com/kelseyhightower/envconfig v1.4.0
+	go.uber.org/zap v1.27.0
+)
+
+require (
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	go.uber.org/multierr v1.10.0 // indirect
+	golang.org/x/net v0.27.0 // indirect
+)
diff --git a/lambda-fn/go.sum b/lambda-fn/go.sum
new file mode 100644
index 0000000..dac6723
--- /dev/null
+++ b/lambda-fn/go.sum
@@ -0,0 +1,98 @@
+github.com/aws/aws-lambda-go v1.47.0 h1:0H8s0vumYx/YKs4sE7YM0ktwL2eWse+kfopsRI1sXVI=
+github.com/aws/aws-lambda-go v1.47.0/go.mod h1:dpMpZgvWx5vuQJfBt0zqBha60q7Dd7RfgJv23DymV8A=
+github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU=
+github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-resty/resty/v2 v2.14.0 h1:/rhkzsAqGQkozwfKS5aFAbb6TyKd3zyFRWcdRXLPCAU=
+github.com/go-resty/resty/v2 v2.14.0/go.mod h1:IW6mekUOsElt9C7oWr0XRt9BNSD6D5rr9mhk6NjmNHg=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
+github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ=
+go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
+golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
+golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/lambda-fn/main.go b/lambda-fn/main.go
new file mode 100644
index 0000000..24c3578
--- /dev/null
+++ b/lambda-fn/main.go
@@ -0,0 +1,267 @@
+package main
+
+import (
+	"context"
+	"crypto/sha1"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-lambda-go/events"
+	"github.com/aws/aws-lambda-go/lambda"
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/dynamodb"
+	"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute"
+	"github.com/aws/aws-sdk-go/service/dynamodb/expression"
+	"github.com/go-resty/resty/v2"
+	"github.com/kelseyhightower/envconfig"
+	"go.uber.org/zap"
+)
+
+// AppConfig is the application configuration read from the environment
+type AppConfig struct {
+	SlackWebhook  string `envconfig:"SLACK_WEBHOOK" required:"true"`
+	Region        string `envconfig:"AWS_REGION" required:"true"`
+	DynamoDBTable string `envconfig:"DDB_TABLE" required:"true"`
+}
+
+// App encapsulates the application's runtime dependencies
+type App struct {
+	config  AppConfig
+	restCli *resty.Client
+	logger  *zap.Logger
+	ddb     *dynamodb.DynamoDB
+}
+
+var app App
+
+func init() {
+	err := envconfig.Process("", &app.config)
+	if err != nil {
+		panic(err)
+	}
+	app.logger, err = zap.NewProduction()
+	if err != nil {
+		panic(err)
+	}
+	app.restCli = resty.New()
+	session := session.Must(session.NewSession())
+	app.ddb = dynamodb.New(session)
+}
+
+// Suppress duplicate messages appearing within this duration
+const duplicateMessageTTL = 5 * time.Minute
+
+func main() {
+	lambda.Start(handler)
+}
+
+func handler(ctx context.Context, event events.CloudwatchLogsEvent) error {
+	data, err := event.AWSLogs.Parse()
+	if err != nil {
+		app.logger.Error("error parsing logs event", zap.Error(err))
+		return nil
+	}
+	message := buildSlackMessage(data)
+	fpr, err := fingerprint(data.LogGroup, message)
+	if err != nil {
+		app.logger.Warn("Error calculating message fingerprint", zap.Error(err))
+	} else {
+		dup, err := isDuplicate(fpr)
+		if err != nil {
+			app.logger.Warn("Error determining duplicate message status", zap.Error(err))
+		}
+		if dup {
+			app.logger.Info("Ignoring duplicate message", zap.String("Fingerprint", fpr))
+			return nil
+		}
+	}
+	resp, err := app.restCli.R().
+		SetHeader("Content-Type", "application/json").
+		SetBody(message).
+		Post(app.config.SlackWebhook)
+	if err != nil {
+		app.logger.Error("Error sending slack message", zap.Error(err))
+	}
+	app.logger.Info("Slack response", zap.String("Response", resp.String()))
+	return nil
+}
+
+// isDuplicate makes a conditional put request to DynamoDB. If an unexpired record with
+// the same fingerprint already exists, the PutItem request will fail with a
+// ConditionalCheckFailedException. When we encouter this error we return true: this message
+// fingerprint has been seen recently. If the PutItem request succeeds, there was no matching
+// unexpired fingerprint in the table and we return false. We also return false if any other
+// error occurs, allowing the alert to proceed.
+func isDuplicate(fpr string) (bool, error) {
+	record := struct {
+		Fingerprint string `dynamodbav:"fingerprint"`
+		Expires     int64  `dynamodbav:"expires"`
+	}{
+		fpr,
+		time.Now().Add(duplicateMessageTTL).Unix(),
+	}
+	item, err := dynamodbattribute.MarshalMap(record)
+	if err != nil {
+		return false, fmt.Errorf("error marshaling DynamoDB record: %v", err)
+	}
+	cond := expression.Or(
+		expression.AttributeNotExists(expression.Name("fingerprint")),
+		expression.Name("expires").LessThan(expression.Value(time.Now().Unix())),
+	)
+	expr, err := expression.NewBuilder().WithCondition(cond).Build()
+	if err != nil {
+		return false, fmt.Errorf("error creating DynamoDB conditional expression: %v", err)
+	}
+	_, err = app.ddb.PutItem(&dynamodb.PutItemInput{
+		ConditionExpression:       expr.Condition(),
+		ExpressionAttributeNames:  expr.Names(),
+		ExpressionAttributeValues: expr.Values(),
+		Item:                      item,
+		TableName:                 aws.String(app.config.DynamoDBTable),
+	})
+	if err != nil {
+		if _, ok := err.(*dynamodb.ConditionalCheckFailedException); ok {
+			return true, nil
+		}
+		return false, fmt.Errorf("error from DynamoDB PutItem: %v", err)
+	}
+	return false, nil
+}
+
+// fingerprint returns a hash of a log group and message attachments that is used to
+// suppress duplicate messages. Note that the messageText function returns a string
+// with the log stream name embedded, so we exclude this from the fingerprint
+// calculation. Otherwise, we would alert multiple times for the same message logged
+// to different streams (e.g. if it was logged by two different instances of a lambda
+// function).
+func fingerprint(logGroup string, message *slackMessage) (string, error) {
+	var fields []struct {
+		Text string `json:"text"`
+		Type string `json:"type"`
+	}
+	if len(message.Blocks) > 0 {
+		fields = message.Blocks[0].Fields
+	}
+	data := struct {
+		LogGroup string
+		Fields   []struct {
+			Text string `json:"text"`
+			Type string `json:"type"`
+		}
+	}{
+		logGroup,
+		fields,
+	}
+	b, err := json.Marshal(data)
+	if err != nil {
+		return "", fmt.Errorf("JSON encode error: %v", err)
+	}
+	h := sha1.New()
+	h.Write(b)
+	return hex.EncodeToString(h.Sum(nil)), nil
+}
+
+func messageText(data events.CloudwatchLogsData) string {
+	return fmt.Sprintf("Error logged to Cloudwatch stream <%s|%s>",
+		cloudwatchConsoleURL(app.config.Region, data.LogGroup, data.LogStream),
+		data.LogGroup,
+	)
+}
+
+type slackBlock struct {
+	Fields []struct {
+		Text string `json:"text"`
+		Type string `json:"type"`
+	} `json:"fields,omitempty"`
+	Text struct {
+		Text string `json:"text"`
+		Type string `json:"type"`
+	} `json:"text"`
+	Type string `json:"type"`
+}
+
+type slackMessage struct {
+	Blocks []slackBlock `json:"blocks"`
+	Text   string       `json:"text"`
+}
+
+func (b *slackBlock) AddText(s string) {
+	b.Text = struct {
+		Text string `json:"text"`
+		Type string `json:"type"`
+	}{
+		Type: "mrkdwn",
+		Text: s,
+	}
+}
+
+func (b *slackBlock) AddField(k, v string) {
+	field := struct {
+		Text string `json:"text"`
+		Type string `json:"type"`
+	}{
+		Type: "mrkdwn",
+		Text: fmt.Sprintf("*%s*:\n%s", k, v),
+	}
+	b.Fields = append(b.Fields, field)
+}
+
+func buildSlackMessage(data events.CloudwatchLogsData) *slackMessage {
+	message := new(slackMessage)
+	text := messageText(data)
+	message.Text = text
+	block := slackBlock{Type: "section"}
+	block.AddText(text)
+	for _, e := range data.LogEvents {
+		var m map[string]interface{}
+		err := json.Unmarshal([]byte(e.Message), &m)
+		if err != nil {
+			// Catch-all for non-JSON messages
+			block.AddField("Message", e.Message)
+		} else {
+			for k, v := range m {
+				if excludeField(k) {
+					continue
+				}
+				if s, ok := v.(string); ok {
+					block.AddField(k, s)
+					continue
+				}
+				if f, ok := v.(float64); ok {
+					block.AddField(k, fmt.Sprintf("%f", f))
+					continue
+				}
+			}
+		}
+	}
+	message.Blocks = append(message.Blocks, block)
+	return message
+}
+
+// excludeField returns true if the field should be excluded from the Slack message
+func excludeField(k string) bool {
+	k = strings.ToLower(k)
+	for _, excluded := range []string{"ts", "level", "stacktrace", "payload"} {
+		if k == excluded {
+			return true
+		}
+	}
+	return false
+}
+
+// consoleURLEscape escapes a URL parameter for building a Cloudwatch URL. It query escapes
+// the parameter twice then replaces "%" with "$". Don't ask me why.
+func consoleURLEscape(s string) string {
+	return strings.Replace(url.QueryEscape(url.QueryEscape(s)), "%", "$", -1)
+}
+
+// cloudwatchConsoleURL constructs a URL to a log stream in the Cloudwatch console.
+func cloudwatchConsoleURL(region string, logGroup string, logStream string) string {
+	return fmt.Sprintf("https://console.aws.amazon.com/cloudwatch/home?region=%s#logsV2:log-groups/log-group/%s/log-events/%s",
+		region, consoleURLEscape(logGroup), consoleURLEscape(logStream))
+}
diff --git a/properties.json b/properties.json
new file mode 100644
index 0000000..17c22eb
--- /dev/null
+++ b/properties.json
@@ -0,0 +1,8 @@
+{
+    "SlackWebhook": "https://slack.com/XXXX/YYYY",
+    "LambdaFunctionNames": [
+        "foo",
+        "bar",
+        "baz"
+    ]
+}