lambda-promtail/lambda-promtail.yaml at main · deliveryhero/lambda-promtail · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
AWSTemplateFormatVersion: '2010-09-09'
Description: >
  lambda-promtail: Forward CloudWatch logs to Grafana Cloud Loki.

Parameters:
  WriteAddress:
    Description: The Grafana Cloud Loki URL that logs will be forwarded to.
    Type: String
    Default: ""
  ReservedConcurrency:
    Description: The maximum of concurrent executions you want to reserve for the function.
    Type: Number
    Default: 2
  Username:
    Description: The basic auth username for Grafana Cloud Loki.
    Type: String
    Default: ""
  Password:
    Description: The basic auth password for Grafana Cloud Loki (your Grafana.com API Key).
    Type: String
    Default: ""
    NoEcho: true
  KeepStream:
    Description: Determines whether to keep the CloudWatch Log Stream value as a Loki label when writing logs from lambda-promtail.
    Type: String
    Default: "false"
  ExtraLabels:
    Description: Comma separated list of extra labels, in the format 'name1,value1,name2,value2,...,nameN,valueN' to add to entries forwarded by lambda-promtail.
    Type: String
    Default: ""
  S3BucketName:
    Description: The name of the bucket containing the 'lambda-promtail.zip' file.
    Type: String
    Default: ""
  S3KeyName:
    Description: The path to the 'lambda-promtail.zip' file.
    Type: String
    Default: "lambda-promtail.zip"
  LogGroupToSubscribe:
    Description: Name of the CloudWatch Log Group to subscribe the lambda to. The logs written to it, will be forwarded to Grafana Cloud Loki (ex. /aws/lambda/my-log-group).
    Type: String
    Default: ""

Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
    - Label:
        default: "Grafana Cloud Loki configuration"
      Parameters:
      - WriteAddress
      - Username
      - Password
    - Label:
        default: "Lambda function configuration"
      Parameters:
      - S3BucketName
      - S3KeyName
      - SubscriptionFilter
      - ReservedConcurrency
    - Label:
        default: "Additional configuration"
      Parameters:
      - KeepStream
      - ExtraLabels

Resources:

  LambdaPromtailRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - lambda.amazonaws.com
          Action:
          - sts:AssumeRole
      Description: "Grafana Cloud Lambda Promtail Role"
      Policies:
      - PolicyName: logs
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
            - logs:CreateLogGroup
            - logs:CreateLogStream
            - logs:PutLogEvents
            Resource: arn:aws:logs:*:*:*
      RoleName: GrafanaLabsCloudWatchLogsIntegration

  LambdaPromtailFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: GrafanaCloudLambdaPromtail
      Code:
        S3Bucket: !Ref S3BucketName
        S3Key: !Ref S3KeyName
      Runtime: provided.al2023
      Handler: main
      MemorySize: 128
      Timeout: 60
      Role: !GetAtt LambdaPromtailRole.Arn
      ReservedConcurrentExecutions: !Ref ReservedConcurrency
      Environment:
        Variables:
          WRITE_ADDRESS: !Ref WriteAddress
          USERNAME: !Ref Username
          PASSWORD: !Ref Password
          KEEP_STREAM: !Ref KeepStream
          EXTRA_LABELS: !Ref ExtraLabels

  LambdaPromtailVersion:
    Type: AWS::Lambda::Version
    Properties:
      FunctionName: !Ref LambdaPromtailFunction

  LambdaPromtailPermissions:
    Type: AWS::Lambda::Permission
    Properties:
      Action: lambda:InvokeFunction
      FunctionName: !GetAtt LambdaPromtailFunction.Arn
      Principal: !Sub
        - logs.${Region}.amazonaws.com
        - { Region: !Ref "AWS::Region" }

  LambdaPromtailEventInvokeConfig:
    Type: AWS::Lambda::EventInvokeConfig
    Properties:
      FunctionName: !Ref LambdaPromtailFunction
      MaximumRetryAttempts: 2
      Qualifier: !GetAtt LambdaPromtailVersion.Version

  # Copy this block and modify as required to create Subscription Filters for
  # additional CloudWatch Log Groups.
  MainLambdaPromtailSubscriptionFilter:
    Type: AWS::Logs::SubscriptionFilter
    DependsOn: LambdaPromtailPermissions
    Properties:
      DestinationArn: !GetAtt LambdaPromtailFunction.Arn
      FilterPattern: ""
      LogGroupName: !Ref LogGroupToSubscribe

Outputs:
  LambdaPromtailFunction:
    Description: "Lambda Promtail Function ARN"
    Value: !GetAtt LambdaPromtailFunction.Arn