ray/cloudwatch-log-alerts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add lambda function and stack implementation.

Browse source
This commit is contained in:
Ray Miller 2024-08-10 14:56:01 +01:00
parent 3c223565e3
commit 96e5110156
7 changed files with 500 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

100
cloudwatch-log-alerts.go
View file

@ -1,14 +1,25 @@
package main
import (
"encoding/json"
"fmt"
"log"
"os"
"github.com/aws/aws-cdk-go/awscdk/v2"
// "github.com/aws/aws-cdk-go/awscdk/v2/awssqs"
"github.com/aws/aws-cdk-go/awscdk/v2/awsdynamodb"
"github.com/aws/aws-cdk-go/awscdk/v2/awslogs"
"github.com/aws/aws-cdk-go/awscdk/v2/awslogsdestinations"
"github.com/aws/aws-cdk-go/awscdklambdagoalpha/v2"
"github.com/aws/constructs-go/constructs/v10"
"github.com/aws/jsii-runtime-go"
)
type CloudwatchLogAlertsStackProps struct {
awscdk.StackProps
SlackWebhook string
LambdaFunctionNames []string
}
func NewCloudwatchLogAlertsStack(scope constructs.Construct, id string, props *CloudwatchLogAlertsStackProps) awscdk.Stack {
@ -18,12 +29,56 @@ func NewCloudwatchLogAlertsStack(scope constructs.Construct, id string, props *C
}
stack := awscdk.NewStack(scope, &id, &sprops)
// The code that defines your stack goes here
table := awsdynamodb.NewTableV2(stack, jsii.String("CloudwatchLogAlertsTable"), &awsdynamodb.TablePropsV2{
PartitionKey: &awsdynamodb.Attribute{
Name: jsii.String("fingerprint"),
Type: awsdynamodb.AttributeType_STRING,
},
TableClass: awsdynamodb.TableClass_STANDARD,
Billing: awsdynamodb.Billing_OnDemand(),
Encryption: awsdynamodb.TableEncryptionV2_DynamoOwnedKey(),
PointInTimeRecovery: jsii.Bool(true),
TimeToLiveAttribute: jsii.String("expires"),
})
// example resource
// queue := awssqs.NewQueue(stack, jsii.String("CloudwatchLogAlertsQueue"), &awssqs.QueueProps{
// VisibilityTimeout: awscdk.Duration_Seconds(jsii.Number(300)),
// })
lambda_fn := awscdklambdagoalpha.NewGoFunction(stack, jsii.String("CloudwatchLogAlertsLambda"),
&awscdklambdagoalpha.GoFunctionProps{
Description: jsii.String("CloudWatch Log Alerts"),
Environment: &map[string]*string{
"SLACK_WEBHOOK": jsii.String(props.SlackWebhook),
"DDB_TABLE": table.TableName(),
},
LogRetention: awslogs.RetentionDays_ONE_MONTH,
MemorySize: jsii.Number(512),
Timeout: awscdk.Duration_Seconds(jsii.Number(5)),
Entry: jsii.String("./lambda-fn/main.go"),
},
)
table.GrantWriteData(lambda_fn)
for _, functionName := range props.LambdaFunctionNames {
awslogs.NewSubscriptionFilter(
stack,
jsii.String(fmt.Sprintf("SubscriptionFilter_%s", functionName)),
&awslogs.SubscriptionFilterProps{
LogGroup: awslogs.LogGroup_FromLogGroupName(
stack,
jsii.String(fmt.Sprintf("LogGroup_%s", functionName)),
jsii.String(fmt.Sprintf("/aws/lambda/%s", functionName)),
),
Destination: awslogsdestinations.NewLambdaDestination(
lambda_fn,
nil,
),
FilterPattern: awslogs.FilterPattern_StringValue(
jsii.String("$.level"),
jsii.String("="),
jsii.String("error"),
),
},
)
}
return stack
}
@ -31,13 +86,22 @@ func NewCloudwatchLogAlertsStack(scope constructs.Construct, id string, props *C
func main() {
defer jsii.Close()
var props CloudwatchLogAlertsStackProps
f, err := os.Open("properties.json")
if err != nil {
log.Fatalf("Error opening properties.json: %v", err)
}
defer f.Close()
if err := json.NewDecoder(f).Decode(&props); err != nil {
log.Fatalf("Error parsing properties.json: %v", err)
}
props.StackProps = awscdk.StackProps{
Env: env(),
}
app := awscdk.NewApp(nil)
NewCloudwatchLogAlertsStack(app, "CloudwatchLogAlertsStack", &CloudwatchLogAlertsStackProps{
awscdk.StackProps{
Env: env(),
},
})
NewCloudwatchLogAlertsStack(app, "CloudwatchLogAlertsStack", &props)
app.Synth(nil)
}
@ -49,22 +113,22 @@ func env() *awscdk.Environment {
// Account/Region-dependent features and context lookups will not work, but a
// single synthesized template can be deployed anywhere.
//---------------------------------------------------------------------------
return nil
//return nil
// Uncomment if you know exactly what account and region you want to deploy
// the stack to. This is the recommendation for production stacks.
//---------------------------------------------------------------------------
// return &awscdk.Environment{
// Account: jsii.String("123456789012"),
// Region: jsii.String("us-east-1"),
// Account: jsii.String("111111111111"),
// Region: jsii.String("eu-west-1"),
// }
// Uncomment to specialize this stack for the AWS Account and Region that are
// implied by the current CLI configuration. This is recommended for dev
// stacks.
//---------------------------------------------------------------------------
// return &awscdk.Environment{
// Account: jsii.String(os.Getenv("CDK_DEFAULT_ACCOUNT")),
// Region: jsii.String(os.Getenv("CDK_DEFAULT_REGION")),
// }
return &awscdk.Environment{
Account: jsii.String(os.Getenv("CDK_DEFAULT_ACCOUNT")),
Region: jsii.String(os.Getenv("CDK_DEFAULT_REGION")),
}
}

14
go.mod
View file

@ -3,7 +3,15 @@ module cloudwatch-log-alerts
go 1.18
require (
github.com/aws/aws-cdk-go/awscdk/v2 v2.126.0
github.com/aws/constructs-go/constructs/v10 v10.0.5
github.com/aws/jsii-runtime-go v1.29.0
github.com/aws/aws-cdk-go/awscdk/v2 v2.151.0
github.com/aws/constructs-go/constructs/v10 v10.3.0
github.com/aws/jsii-runtime-go v1.101.0
)
require (
github.com/Masterminds/semver/v3 v3.2.1 // indirect
github.com/aws/aws-cdk-go/awscdklambdagoalpha/v2 v2.151.0-alpha.0 // indirect
github.com/cdklabs/awscdk-asset-awscli-go/awscliv1/v2 v2.2.202 // indirect
github.com/cdklabs/awscdk-asset-kubectl-go/kubectlv20/v2 v2.1.2 // indirect
github.com/cdklabs/awscdk-asset-node-proxy-agent-go/nodeproxyagentv6/v2 v2.0.3 // indirect
)

17
go.sum Normal file
View file

@ -0,0 +1,17 @@
github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
github.com/aws/aws-cdk-go/awscdk/v2 v2.151.0 h1:VvUQxNej+CQRWJ4cNBRD74iM7h2zg2gz0bsrm+cSD+g=
github.com/aws/aws-cdk-go/awscdk/v2 v2.151.0/go.mod h1:lpJq6B2AsZbjSvlJbLmCwjKwuT7voQc3xmFjEbJOTdA=
github.com/aws/aws-cdk-go/awscdklambdagoalpha/v2 v2.151.0-alpha.0 h1:6kB4oEFPWViaPrMqRv1jDgR+A90+T7QB5NNcN70n/hM=
github.com/aws/aws-cdk-go/awscdklambdagoalpha/v2 v2.151.0-alpha.0/go.mod h1:jllGu2D8wxgelYh32KcgeYD3Qh7FlOWgx9TQLOHVi14=
github.com/aws/constructs-go/constructs/v10 v10.3.0 h1:LsjBIMiaDX/vqrXWhzTquBJ9pPdi02/H+z1DCwg0PEM=
github.com/aws/constructs-go/constructs/v10 v10.3.0/go.mod h1:GgzwIwoRJ2UYsr3SU+JhAl+gq5j39bEMYf8ev3J+s9s=
github.com/aws/jsii-runtime-go v1.101.0 h1:x4rWNWRz7uDhVN0qSO7T6cG0VAhQ9300s5DjWUrXmWY=
github.com/aws/jsii-runtime-go v1.101.0/go.mod h1:4L4Qmve/HSwM5hXV5ZowR2gBNb9zqkUtycaaN6aZ3mg=
github.com/cdklabs/awscdk-asset-awscli-go/awscliv1/v2 v2.2.202 h1:VixXB9DnHN8oP7pXipq8GVFPjWCOdeNxIaS/ZyUwTkI=
github.com/cdklabs/awscdk-asset-awscli-go/awscliv1/v2 v2.2.202/go.mod h1:iPUti/SWjA3XAS3CpnLciFjS8TN9Y+8mdZgDfSgcyus=
github.com/cdklabs/awscdk-asset-kubectl-go/kubectlv20/v2 v2.1.2 h1:k+WD+6cERd59Mao84v0QtRrcdZuuSMfzlEmuIypKnVs=
github.com/cdklabs/awscdk-asset-kubectl-go/kubectlv20/v2 v2.1.2/go.mod h1:CvFHBo0qcg8LUkJqIxQtP1rD/sNGv9bX3L2vHT2FUAo=
github.com/cdklabs/awscdk-asset-node-proxy-agent-go/nodeproxyagentv6/v2 v2.0.3 h1:8NLWOIVaxAtpUXv5reojlAeDP7R8yswm9mDONf7F/3o=
github.com/cdklabs/awscdk-asset-node-proxy-agent-go/nodeproxyagentv6/v2 v2.0.3/go.mod h1:ZjFqfhYpCLzh4z7ChcHCrkXfqCuEiRlNApDfJd6plts=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=

17
lambda-fn/go.mod Normal file
View file

@ -0,0 +1,17 @@
module cloudwatch-log-alerts-lambda
go 1.22.2
require (
github.com/aws/aws-lambda-go v1.47.0
github.com/aws/aws-sdk-go v1.55.5
github.com/go-resty/resty/v2 v2.14.0
github.com/kelseyhightower/envconfig v1.4.0
go.uber.org/zap v1.27.0
)
require (
github.com/jmespath/go-jmespath v0.4.0 // indirect
go.uber.org/multierr v1.10.0 // indirect
golang.org/x/net v0.27.0 // indirect
)

98
lambda-fn/go.sum Normal file
View file

@ -0,0 +1,98 @@
github.com/aws/aws-lambda-go v1.47.0 h1:0H8s0vumYx/YKs4sE7YM0ktwL2eWse+kfopsRI1sXVI=
github.com/aws/aws-lambda-go v1.47.0/go.mod h1:dpMpZgvWx5vuQJfBt0zqBha60q7Dd7RfgJv23DymV8A=
github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU=
github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/go-resty/resty/v2 v2.14.0 h1:/rhkzsAqGQkozwfKS5aFAbb6TyKd3zyFRWcdRXLPCAU=
github.com/go-resty/resty/v2 v2.14.0/go.mod h1:IW6mekUOsElt9C7oWr0XRt9BNSD6D5rr9mhk6NjmNHg=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ=
go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

267
lambda-fn/main.go Normal file
View file

@ -0,0 +1,267 @@
package main
import (
"context"
"crypto/sha1"
"encoding/hex"
"encoding/json"
"fmt"
"net/url"
"strings"
"time"
"github.com/aws/aws-lambda-go/events"
"github.com/aws/aws-lambda-go/lambda"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/dynamodb"
"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute"
"github.com/aws/aws-sdk-go/service/dynamodb/expression"
"github.com/go-resty/resty/v2"
"github.com/kelseyhightower/envconfig"
"go.uber.org/zap"
)
// AppConfig is the application configuration read from the environment
type AppConfig struct {
SlackWebhook string `envconfig:"SLACK_WEBHOOK" required:"true"`
Region string `envconfig:"AWS_REGION" required:"true"`
DynamoDBTable string `envconfig:"DDB_TABLE" required:"true"`
}
// App encapsulates the application's runtime dependencies
type App struct {
config AppConfig
restCli *resty.Client
logger *zap.Logger
ddb *dynamodb.DynamoDB
}
var app App
func init() {
err := envconfig.Process("", &app.config)
if err != nil {
panic(err)
}
app.logger, err = zap.NewProduction()
if err != nil {
panic(err)
}
app.restCli = resty.New()
session := session.Must(session.NewSession())
app.ddb = dynamodb.New(session)
}
// Suppress duplicate messages appearing within this duration
const duplicateMessageTTL = 5 * time.Minute
func main() {
lambda.Start(handler)
}
func handler(ctx context.Context, event events.CloudwatchLogsEvent) error {
data, err := event.AWSLogs.Parse()
if err != nil {
app.logger.Error("error parsing logs event", zap.Error(err))
return nil
}
message := buildSlackMessage(data)
fpr, err := fingerprint(data.LogGroup, message)
if err != nil {
app.logger.Warn("Error calculating message fingerprint", zap.Error(err))
} else {
dup, err := isDuplicate(fpr)
if err != nil {
app.logger.Warn("Error determining duplicate message status", zap.Error(err))
}
if dup {
app.logger.Info("Ignoring duplicate message", zap.String("Fingerprint", fpr))
return nil
}
}
resp, err := app.restCli.R().
SetHeader("Content-Type", "application/json").
SetBody(message).
Post(app.config.SlackWebhook)
if err != nil {
app.logger.Error("Error sending slack message", zap.Error(err))
}
app.logger.Info("Slack response", zap.String("Response", resp.String()))
return nil
}
// isDuplicate makes a conditional put request to DynamoDB. If an unexpired record with
// the same fingerprint already exists, the PutItem request will fail with a
// ConditionalCheckFailedException. When we encouter this error we return true: this message
// fingerprint has been seen recently. If the PutItem request succeeds, there was no matching
// unexpired fingerprint in the table and we return false. We also return false if any other
// error occurs, allowing the alert to proceed.
func isDuplicate(fpr string) (bool, error) {
record := struct {
Fingerprint string `dynamodbav:"fingerprint"`
Expires int64 `dynamodbav:"expires"`
}{
fpr,
time.Now().Add(duplicateMessageTTL).Unix(),
}
item, err := dynamodbattribute.MarshalMap(record)
if err != nil {
return false, fmt.Errorf("error marshaling DynamoDB record: %v", err)
}
cond := expression.Or(
expression.AttributeNotExists(expression.Name("fingerprint")),
expression.Name("expires").LessThan(expression.Value(time.Now().Unix())),
)
expr, err := expression.NewBuilder().WithCondition(cond).Build()
if err != nil {
return false, fmt.Errorf("error creating DynamoDB conditional expression: %v", err)
}
_, err = app.ddb.PutItem(&dynamodb.PutItemInput{
ConditionExpression: expr.Condition(),
ExpressionAttributeNames: expr.Names(),
ExpressionAttributeValues: expr.Values(),
Item: item,
TableName: aws.String(app.config.DynamoDBTable),
})
if err != nil {
if _, ok := err.(*dynamodb.ConditionalCheckFailedException); ok {
return true, nil
}
return false, fmt.Errorf("error from DynamoDB PutItem: %v", err)
}
return false, nil
}
// fingerprint returns a hash of a log group and message attachments that is used to
// suppress duplicate messages. Note that the messageText function returns a string
// with the log stream name embedded, so we exclude this from the fingerprint
// calculation. Otherwise, we would alert multiple times for the same message logged
// to different streams (e.g. if it was logged by two different instances of a lambda
// function).
func fingerprint(logGroup string, message *slackMessage) (string, error) {
var fields []struct {
Text string `json:"text"`
Type string `json:"type"`
}
if len(message.Blocks) > 0 {
fields = message.Blocks[0].Fields
}
data := struct {
LogGroup string
Fields []struct {
Text string `json:"text"`
Type string `json:"type"`
}
}{
logGroup,
fields,
}
b, err := json.Marshal(data)
if err != nil {
return "", fmt.Errorf("JSON encode error: %v", err)
}
h := sha1.New()
h.Write(b)
return hex.EncodeToString(h.Sum(nil)), nil
}
func messageText(data events.CloudwatchLogsData) string {
return fmt.Sprintf("Error logged to Cloudwatch stream <%s|%s>",
cloudwatchConsoleURL(app.config.Region, data.LogGroup, data.LogStream),
data.LogGroup,
)
}
type slackBlock struct {
Fields []struct {
Text string `json:"text"`
Type string `json:"type"`
} `json:"fields,omitempty"`
Text struct {
Text string `json:"text"`
Type string `json:"type"`
} `json:"text"`
Type string `json:"type"`
}
type slackMessage struct {
Blocks []slackBlock `json:"blocks"`
Text string `json:"text"`
}
func (b *slackBlock) AddText(s string) {
b.Text = struct {
Text string `json:"text"`
Type string `json:"type"`
}{
Type: "mrkdwn",
Text: s,
}
}
func (b *slackBlock) AddField(k, v string) {
field := struct {
Text string `json:"text"`
Type string `json:"type"`
}{
Type: "mrkdwn",
Text: fmt.Sprintf("*%s*:\n%s", k, v),
}
b.Fields = append(b.Fields, field)
}
func buildSlackMessage(data events.CloudwatchLogsData) *slackMessage {
message := new(slackMessage)
text := messageText(data)
message.Text = text
block := slackBlock{Type: "section"}
block.AddText(text)
for _, e := range data.LogEvents {
var m map[string]interface{}
err := json.Unmarshal([]byte(e.Message), &m)
if err != nil {
// Catch-all for non-JSON messages
block.AddField("Message", e.Message)
} else {
for k, v := range m {
if excludeField(k) {
continue
}
if s, ok := v.(string); ok {
block.AddField(k, s)
continue
}
if f, ok := v.(float64); ok {
block.AddField(k, fmt.Sprintf("%f", f))
continue
}
}
}
}
message.Blocks = append(message.Blocks, block)
return message
}
// excludeField returns true if the field should be excluded from the Slack message
func excludeField(k string) bool {
k = strings.ToLower(k)
for _, excluded := range []string{"ts", "level", "stacktrace", "payload"} {
if k == excluded {
return true
}
}
return false
}
// consoleURLEscape escapes a URL parameter for building a Cloudwatch URL. It query escapes
// the parameter twice then replaces "%" with "$". Don't ask me why.
func consoleURLEscape(s string) string {
return strings.Replace(url.QueryEscape(url.QueryEscape(s)), "%", "$", -1)
}
// cloudwatchConsoleURL constructs a URL to a log stream in the Cloudwatch console.
func cloudwatchConsoleURL(region string, logGroup string, logStream string) string {
return fmt.Sprintf("https://console.aws.amazon.com/cloudwatch/home?region=%s#logsV2:log-groups/log-group/%s/log-events/%s",
region, consoleURLEscape(logGroup), consoleURLEscape(logStream))
}

8
properties.json Normal file
View file

@ -0,0 +1,8 @@
{
"SlackWebhook": "https://slack.com/XXXX/YYYY",
"LambdaFunctionNames": [
"foo",
"bar",
"baz"
]
}