From 96e5110156f39d5eb43f778d39a704f675b45bb3 Mon Sep 17 00:00:00 2001 From: Ray Miller Date: Sat, 10 Aug 2024 14:56:01 +0100 Subject: [PATCH] Add lambda function and stack implementation. --- cloudwatch-log-alerts.go | 100 ++++++++++++--- go.mod | 14 +- go.sum | 17 +++ lambda-fn/go.mod | 17 +++ lambda-fn/go.sum | 98 ++++++++++++++ lambda-fn/main.go | 267 +++++++++++++++++++++++++++++++++++++++ properties.json | 8 ++ 7 files changed, 500 insertions(+), 21 deletions(-) create mode 100644 go.sum create mode 100644 lambda-fn/go.mod create mode 100644 lambda-fn/go.sum create mode 100644 lambda-fn/main.go create mode 100644 properties.json diff --git a/cloudwatch-log-alerts.go b/cloudwatch-log-alerts.go index e91ee93..3245ddc 100644 --- a/cloudwatch-log-alerts.go +++ b/cloudwatch-log-alerts.go @@ -1,14 +1,25 @@ package main import ( + "encoding/json" + "fmt" + "log" + "os" + "github.com/aws/aws-cdk-go/awscdk/v2" - // "github.com/aws/aws-cdk-go/awscdk/v2/awssqs" + + "github.com/aws/aws-cdk-go/awscdk/v2/awsdynamodb" + "github.com/aws/aws-cdk-go/awscdk/v2/awslogs" + "github.com/aws/aws-cdk-go/awscdk/v2/awslogsdestinations" + "github.com/aws/aws-cdk-go/awscdklambdagoalpha/v2" "github.com/aws/constructs-go/constructs/v10" "github.com/aws/jsii-runtime-go" ) type CloudwatchLogAlertsStackProps struct { awscdk.StackProps + SlackWebhook string + LambdaFunctionNames []string } func NewCloudwatchLogAlertsStack(scope constructs.Construct, id string, props *CloudwatchLogAlertsStackProps) awscdk.Stack { @@ -18,12 +29,56 @@ func NewCloudwatchLogAlertsStack(scope constructs.Construct, id string, props *C } stack := awscdk.NewStack(scope, &id, &sprops) - // The code that defines your stack goes here + table := awsdynamodb.NewTableV2(stack, jsii.String("CloudwatchLogAlertsTable"), &awsdynamodb.TablePropsV2{ + PartitionKey: &awsdynamodb.Attribute{ + Name: jsii.String("fingerprint"), + Type: awsdynamodb.AttributeType_STRING, + }, + TableClass: awsdynamodb.TableClass_STANDARD, + Billing: awsdynamodb.Billing_OnDemand(), + Encryption: awsdynamodb.TableEncryptionV2_DynamoOwnedKey(), + PointInTimeRecovery: jsii.Bool(true), + TimeToLiveAttribute: jsii.String("expires"), + }) - // example resource - // queue := awssqs.NewQueue(stack, jsii.String("CloudwatchLogAlertsQueue"), &awssqs.QueueProps{ - // VisibilityTimeout: awscdk.Duration_Seconds(jsii.Number(300)), - // }) + lambda_fn := awscdklambdagoalpha.NewGoFunction(stack, jsii.String("CloudwatchLogAlertsLambda"), + &awscdklambdagoalpha.GoFunctionProps{ + Description: jsii.String("CloudWatch Log Alerts"), + Environment: &map[string]*string{ + "SLACK_WEBHOOK": jsii.String(props.SlackWebhook), + "DDB_TABLE": table.TableName(), + }, + LogRetention: awslogs.RetentionDays_ONE_MONTH, + MemorySize: jsii.Number(512), + Timeout: awscdk.Duration_Seconds(jsii.Number(5)), + Entry: jsii.String("./lambda-fn/main.go"), + }, + ) + + table.GrantWriteData(lambda_fn) + + for _, functionName := range props.LambdaFunctionNames { + awslogs.NewSubscriptionFilter( + stack, + jsii.String(fmt.Sprintf("SubscriptionFilter_%s", functionName)), + &awslogs.SubscriptionFilterProps{ + LogGroup: awslogs.LogGroup_FromLogGroupName( + stack, + jsii.String(fmt.Sprintf("LogGroup_%s", functionName)), + jsii.String(fmt.Sprintf("/aws/lambda/%s", functionName)), + ), + Destination: awslogsdestinations.NewLambdaDestination( + lambda_fn, + nil, + ), + FilterPattern: awslogs.FilterPattern_StringValue( + jsii.String("$.level"), + jsii.String("="), + jsii.String("error"), + ), + }, + ) + } return stack } @@ -31,13 +86,22 @@ func NewCloudwatchLogAlertsStack(scope constructs.Construct, id string, props *C func main() { defer jsii.Close() + var props CloudwatchLogAlertsStackProps + f, err := os.Open("properties.json") + if err != nil { + log.Fatalf("Error opening properties.json: %v", err) + } + defer f.Close() + if err := json.NewDecoder(f).Decode(&props); err != nil { + log.Fatalf("Error parsing properties.json: %v", err) + } + props.StackProps = awscdk.StackProps{ + Env: env(), + } + app := awscdk.NewApp(nil) - NewCloudwatchLogAlertsStack(app, "CloudwatchLogAlertsStack", &CloudwatchLogAlertsStackProps{ - awscdk.StackProps{ - Env: env(), - }, - }) + NewCloudwatchLogAlertsStack(app, "CloudwatchLogAlertsStack", &props) app.Synth(nil) } @@ -49,22 +113,22 @@ func env() *awscdk.Environment { // Account/Region-dependent features and context lookups will not work, but a // single synthesized template can be deployed anywhere. //--------------------------------------------------------------------------- - return nil + //return nil // Uncomment if you know exactly what account and region you want to deploy // the stack to. This is the recommendation for production stacks. //--------------------------------------------------------------------------- // return &awscdk.Environment{ - // Account: jsii.String("123456789012"), - // Region: jsii.String("us-east-1"), + // Account: jsii.String("111111111111"), + // Region: jsii.String("eu-west-1"), // } // Uncomment to specialize this stack for the AWS Account and Region that are // implied by the current CLI configuration. This is recommended for dev // stacks. //--------------------------------------------------------------------------- - // return &awscdk.Environment{ - // Account: jsii.String(os.Getenv("CDK_DEFAULT_ACCOUNT")), - // Region: jsii.String(os.Getenv("CDK_DEFAULT_REGION")), - // } + return &awscdk.Environment{ + Account: jsii.String(os.Getenv("CDK_DEFAULT_ACCOUNT")), + Region: jsii.String(os.Getenv("CDK_DEFAULT_REGION")), + } } diff --git a/go.mod b/go.mod index c237748..d8a4bd9 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,15 @@ module cloudwatch-log-alerts go 1.18 require ( - github.com/aws/aws-cdk-go/awscdk/v2 v2.126.0 - github.com/aws/constructs-go/constructs/v10 v10.0.5 - github.com/aws/jsii-runtime-go v1.29.0 + github.com/aws/aws-cdk-go/awscdk/v2 v2.151.0 + github.com/aws/constructs-go/constructs/v10 v10.3.0 + github.com/aws/jsii-runtime-go v1.101.0 +) + +require ( + github.com/Masterminds/semver/v3 v3.2.1 // indirect + github.com/aws/aws-cdk-go/awscdklambdagoalpha/v2 v2.151.0-alpha.0 // indirect + github.com/cdklabs/awscdk-asset-awscli-go/awscliv1/v2 v2.2.202 // indirect + github.com/cdklabs/awscdk-asset-kubectl-go/kubectlv20/v2 v2.1.2 // indirect + github.com/cdklabs/awscdk-asset-node-proxy-agent-go/nodeproxyagentv6/v2 v2.0.3 // indirect ) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..50fd183 --- /dev/null +++ b/go.sum @@ -0,0 +1,17 @@ +github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= +github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/aws/aws-cdk-go/awscdk/v2 v2.151.0 h1:VvUQxNej+CQRWJ4cNBRD74iM7h2zg2gz0bsrm+cSD+g= +github.com/aws/aws-cdk-go/awscdk/v2 v2.151.0/go.mod h1:lpJq6B2AsZbjSvlJbLmCwjKwuT7voQc3xmFjEbJOTdA= +github.com/aws/aws-cdk-go/awscdklambdagoalpha/v2 v2.151.0-alpha.0 h1:6kB4oEFPWViaPrMqRv1jDgR+A90+T7QB5NNcN70n/hM= +github.com/aws/aws-cdk-go/awscdklambdagoalpha/v2 v2.151.0-alpha.0/go.mod h1:jllGu2D8wxgelYh32KcgeYD3Qh7FlOWgx9TQLOHVi14= +github.com/aws/constructs-go/constructs/v10 v10.3.0 h1:LsjBIMiaDX/vqrXWhzTquBJ9pPdi02/H+z1DCwg0PEM= +github.com/aws/constructs-go/constructs/v10 v10.3.0/go.mod h1:GgzwIwoRJ2UYsr3SU+JhAl+gq5j39bEMYf8ev3J+s9s= +github.com/aws/jsii-runtime-go v1.101.0 h1:x4rWNWRz7uDhVN0qSO7T6cG0VAhQ9300s5DjWUrXmWY= +github.com/aws/jsii-runtime-go v1.101.0/go.mod h1:4L4Qmve/HSwM5hXV5ZowR2gBNb9zqkUtycaaN6aZ3mg= +github.com/cdklabs/awscdk-asset-awscli-go/awscliv1/v2 v2.2.202 h1:VixXB9DnHN8oP7pXipq8GVFPjWCOdeNxIaS/ZyUwTkI= +github.com/cdklabs/awscdk-asset-awscli-go/awscliv1/v2 v2.2.202/go.mod h1:iPUti/SWjA3XAS3CpnLciFjS8TN9Y+8mdZgDfSgcyus= +github.com/cdklabs/awscdk-asset-kubectl-go/kubectlv20/v2 v2.1.2 h1:k+WD+6cERd59Mao84v0QtRrcdZuuSMfzlEmuIypKnVs= +github.com/cdklabs/awscdk-asset-kubectl-go/kubectlv20/v2 v2.1.2/go.mod h1:CvFHBo0qcg8LUkJqIxQtP1rD/sNGv9bX3L2vHT2FUAo= +github.com/cdklabs/awscdk-asset-node-proxy-agent-go/nodeproxyagentv6/v2 v2.0.3 h1:8NLWOIVaxAtpUXv5reojlAeDP7R8yswm9mDONf7F/3o= +github.com/cdklabs/awscdk-asset-node-proxy-agent-go/nodeproxyagentv6/v2 v2.0.3/go.mod h1:ZjFqfhYpCLzh4z7ChcHCrkXfqCuEiRlNApDfJd6plts= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= diff --git a/lambda-fn/go.mod b/lambda-fn/go.mod new file mode 100644 index 0000000..80d120b --- /dev/null +++ b/lambda-fn/go.mod @@ -0,0 +1,17 @@ +module cloudwatch-log-alerts-lambda + +go 1.22.2 + +require ( + github.com/aws/aws-lambda-go v1.47.0 + github.com/aws/aws-sdk-go v1.55.5 + github.com/go-resty/resty/v2 v2.14.0 + github.com/kelseyhightower/envconfig v1.4.0 + go.uber.org/zap v1.27.0 +) + +require ( + github.com/jmespath/go-jmespath v0.4.0 // indirect + go.uber.org/multierr v1.10.0 // indirect + golang.org/x/net v0.27.0 // indirect +) diff --git a/lambda-fn/go.sum b/lambda-fn/go.sum new file mode 100644 index 0000000..dac6723 --- /dev/null +++ b/lambda-fn/go.sum @@ -0,0 +1,98 @@ +github.com/aws/aws-lambda-go v1.47.0 h1:0H8s0vumYx/YKs4sE7YM0ktwL2eWse+kfopsRI1sXVI= +github.com/aws/aws-lambda-go v1.47.0/go.mod h1:dpMpZgvWx5vuQJfBt0zqBha60q7Dd7RfgJv23DymV8A= +github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= +github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/go-resty/resty/v2 v2.14.0 h1:/rhkzsAqGQkozwfKS5aFAbb6TyKd3zyFRWcdRXLPCAU= +github.com/go-resty/resty/v2 v2.14.0/go.mod h1:IW6mekUOsElt9C7oWr0XRt9BNSD6D5rr9mhk6NjmNHg= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8= +github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ= +go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/lambda-fn/main.go b/lambda-fn/main.go new file mode 100644 index 0000000..24c3578 --- /dev/null +++ b/lambda-fn/main.go @@ -0,0 +1,267 @@ +package main + +import ( + "context" + "crypto/sha1" + "encoding/hex" + "encoding/json" + "fmt" + "net/url" + "strings" + "time" + + "github.com/aws/aws-lambda-go/events" + "github.com/aws/aws-lambda-go/lambda" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/dynamodb" + "github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute" + "github.com/aws/aws-sdk-go/service/dynamodb/expression" + "github.com/go-resty/resty/v2" + "github.com/kelseyhightower/envconfig" + "go.uber.org/zap" +) + +// AppConfig is the application configuration read from the environment +type AppConfig struct { + SlackWebhook string `envconfig:"SLACK_WEBHOOK" required:"true"` + Region string `envconfig:"AWS_REGION" required:"true"` + DynamoDBTable string `envconfig:"DDB_TABLE" required:"true"` +} + +// App encapsulates the application's runtime dependencies +type App struct { + config AppConfig + restCli *resty.Client + logger *zap.Logger + ddb *dynamodb.DynamoDB +} + +var app App + +func init() { + err := envconfig.Process("", &app.config) + if err != nil { + panic(err) + } + app.logger, err = zap.NewProduction() + if err != nil { + panic(err) + } + app.restCli = resty.New() + session := session.Must(session.NewSession()) + app.ddb = dynamodb.New(session) +} + +// Suppress duplicate messages appearing within this duration +const duplicateMessageTTL = 5 * time.Minute + +func main() { + lambda.Start(handler) +} + +func handler(ctx context.Context, event events.CloudwatchLogsEvent) error { + data, err := event.AWSLogs.Parse() + if err != nil { + app.logger.Error("error parsing logs event", zap.Error(err)) + return nil + } + message := buildSlackMessage(data) + fpr, err := fingerprint(data.LogGroup, message) + if err != nil { + app.logger.Warn("Error calculating message fingerprint", zap.Error(err)) + } else { + dup, err := isDuplicate(fpr) + if err != nil { + app.logger.Warn("Error determining duplicate message status", zap.Error(err)) + } + if dup { + app.logger.Info("Ignoring duplicate message", zap.String("Fingerprint", fpr)) + return nil + } + } + resp, err := app.restCli.R(). + SetHeader("Content-Type", "application/json"). + SetBody(message). + Post(app.config.SlackWebhook) + if err != nil { + app.logger.Error("Error sending slack message", zap.Error(err)) + } + app.logger.Info("Slack response", zap.String("Response", resp.String())) + return nil +} + +// isDuplicate makes a conditional put request to DynamoDB. If an unexpired record with +// the same fingerprint already exists, the PutItem request will fail with a +// ConditionalCheckFailedException. When we encouter this error we return true: this message +// fingerprint has been seen recently. If the PutItem request succeeds, there was no matching +// unexpired fingerprint in the table and we return false. We also return false if any other +// error occurs, allowing the alert to proceed. +func isDuplicate(fpr string) (bool, error) { + record := struct { + Fingerprint string `dynamodbav:"fingerprint"` + Expires int64 `dynamodbav:"expires"` + }{ + fpr, + time.Now().Add(duplicateMessageTTL).Unix(), + } + item, err := dynamodbattribute.MarshalMap(record) + if err != nil { + return false, fmt.Errorf("error marshaling DynamoDB record: %v", err) + } + cond := expression.Or( + expression.AttributeNotExists(expression.Name("fingerprint")), + expression.Name("expires").LessThan(expression.Value(time.Now().Unix())), + ) + expr, err := expression.NewBuilder().WithCondition(cond).Build() + if err != nil { + return false, fmt.Errorf("error creating DynamoDB conditional expression: %v", err) + } + _, err = app.ddb.PutItem(&dynamodb.PutItemInput{ + ConditionExpression: expr.Condition(), + ExpressionAttributeNames: expr.Names(), + ExpressionAttributeValues: expr.Values(), + Item: item, + TableName: aws.String(app.config.DynamoDBTable), + }) + if err != nil { + if _, ok := err.(*dynamodb.ConditionalCheckFailedException); ok { + return true, nil + } + return false, fmt.Errorf("error from DynamoDB PutItem: %v", err) + } + return false, nil +} + +// fingerprint returns a hash of a log group and message attachments that is used to +// suppress duplicate messages. Note that the messageText function returns a string +// with the log stream name embedded, so we exclude this from the fingerprint +// calculation. Otherwise, we would alert multiple times for the same message logged +// to different streams (e.g. if it was logged by two different instances of a lambda +// function). +func fingerprint(logGroup string, message *slackMessage) (string, error) { + var fields []struct { + Text string `json:"text"` + Type string `json:"type"` + } + if len(message.Blocks) > 0 { + fields = message.Blocks[0].Fields + } + data := struct { + LogGroup string + Fields []struct { + Text string `json:"text"` + Type string `json:"type"` + } + }{ + logGroup, + fields, + } + b, err := json.Marshal(data) + if err != nil { + return "", fmt.Errorf("JSON encode error: %v", err) + } + h := sha1.New() + h.Write(b) + return hex.EncodeToString(h.Sum(nil)), nil +} + +func messageText(data events.CloudwatchLogsData) string { + return fmt.Sprintf("Error logged to Cloudwatch stream <%s|%s>", + cloudwatchConsoleURL(app.config.Region, data.LogGroup, data.LogStream), + data.LogGroup, + ) +} + +type slackBlock struct { + Fields []struct { + Text string `json:"text"` + Type string `json:"type"` + } `json:"fields,omitempty"` + Text struct { + Text string `json:"text"` + Type string `json:"type"` + } `json:"text"` + Type string `json:"type"` +} + +type slackMessage struct { + Blocks []slackBlock `json:"blocks"` + Text string `json:"text"` +} + +func (b *slackBlock) AddText(s string) { + b.Text = struct { + Text string `json:"text"` + Type string `json:"type"` + }{ + Type: "mrkdwn", + Text: s, + } +} + +func (b *slackBlock) AddField(k, v string) { + field := struct { + Text string `json:"text"` + Type string `json:"type"` + }{ + Type: "mrkdwn", + Text: fmt.Sprintf("*%s*:\n%s", k, v), + } + b.Fields = append(b.Fields, field) +} + +func buildSlackMessage(data events.CloudwatchLogsData) *slackMessage { + message := new(slackMessage) + text := messageText(data) + message.Text = text + block := slackBlock{Type: "section"} + block.AddText(text) + for _, e := range data.LogEvents { + var m map[string]interface{} + err := json.Unmarshal([]byte(e.Message), &m) + if err != nil { + // Catch-all for non-JSON messages + block.AddField("Message", e.Message) + } else { + for k, v := range m { + if excludeField(k) { + continue + } + if s, ok := v.(string); ok { + block.AddField(k, s) + continue + } + if f, ok := v.(float64); ok { + block.AddField(k, fmt.Sprintf("%f", f)) + continue + } + } + } + } + message.Blocks = append(message.Blocks, block) + return message +} + +// excludeField returns true if the field should be excluded from the Slack message +func excludeField(k string) bool { + k = strings.ToLower(k) + for _, excluded := range []string{"ts", "level", "stacktrace", "payload"} { + if k == excluded { + return true + } + } + return false +} + +// consoleURLEscape escapes a URL parameter for building a Cloudwatch URL. It query escapes +// the parameter twice then replaces "%" with "$". Don't ask me why. +func consoleURLEscape(s string) string { + return strings.Replace(url.QueryEscape(url.QueryEscape(s)), "%", "$", -1) +} + +// cloudwatchConsoleURL constructs a URL to a log stream in the Cloudwatch console. +func cloudwatchConsoleURL(region string, logGroup string, logStream string) string { + return fmt.Sprintf("https://console.aws.amazon.com/cloudwatch/home?region=%s#logsV2:log-groups/log-group/%s/log-events/%s", + region, consoleURLEscape(logGroup), consoleURLEscape(logStream)) +} diff --git a/properties.json b/properties.json new file mode 100644 index 0000000..17c22eb --- /dev/null +++ b/properties.json @@ -0,0 +1,8 @@ +{ + "SlackWebhook": "https://slack.com/XXXX/YYYY", + "LambdaFunctionNames": [ + "foo", + "bar", + "baz" + ] +}