apitech
/
loki
mirror of https://github.com/grafana/loki
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Like Prometheus, but for logs.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7709 Commits
850 Branches
311 Tags
661 MiB
 
 
 
 
 
 
Tag: Branch: Tree: c4ced3fc57
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c4ced3fc57'
${ noResults }
loki/tools/lambda-promtail/template.yaml

149 lines
5.1 KiB
Raw Blame History

AWSTemplateFormatVersion: '2010-09-09'
Description: >
lambda-promtail:
propagate Cloudwatch Logs to Loki/Promtail via Loki Write API.
Parameters:
WriteAddress:
Description: 'Address to write to in the form of: http<s>://<location><:port>/loki/api/v1/push'
Type: String
Default: 'http://localhost:8080/loki/api/v1/push'
ReservedConcurrency:
Description: The maximum of concurrent executions you want to reserve for the function.
Type: Number
Default: 2
MaximumEventAgeInSeconds:
Description: The maximum age of a request that Lambda sends to a function for processing.
Type: Number
Default: 21600
Username:
Description: The basic auth username, necessary if writing directly to Grafana Cloud Loki.
Type: String
Default: ""
Password:
Description: The basic auth password, necessary if writing directly to Grafana Cloud Loki.
Type: String
Default: ""
NoEcho: true
BearerToken:
Description: The bearer token, necessary if target endpoint requires it.
Type: String
Default: ""
NoEcho: true
LambdaPromtailImage:
Description: The ECR image URI to pull and use for lambda-promtail.
Type: String
Default: ""
KeepStream:
Description: Determines whether to keep the CloudWatch Log Stream value as a Loki label when writing logs from lambda-promtail.
Type: String
Default: "false"
ExtraLabels:
Description: Comma separated list of extra labels, in the format 'name1,value1,name2,value2,...,nameN,valueN' to add to entries forwarded by lambda-promtail.
Type: String
Default: ""
OmitExtraLabelsPrefix:
Description: Whether or not to omit the prefix `__extra_` from extra labels defined in `ExtraLabels`.
Type: String
Default: "false"
TenantID:
Description: Tenant ID to be added when writing logs from lambda-promtail.
Type: String
Default: ""
SkipTlsVerify:
Description: Determines whether to verify the TLS certificate
Type: String
Default: "false"
LogGroupName:
Description: Name of the CloudWatch Log Group to subscribe from.
Type: String
Default: "/aws/lambda/some-lamda-log-group"
IAMRoleName:
Description: Name of the LambdaPromtailRole IAM Role.
Type: String
Default: "iam_for_lambda"
Resources:
LambdaPromtailRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Description: "Lambda Promtail Role"
Policies:
- PolicyName: logs
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
- logs:PutSubscriptionFilter
Resource: arn:aws:logs:*:*:*
RoleName: !Ref IAMRoleName
LambdaPromtailFunction:
Type: AWS::Lambda::Function
Properties:
Code:
ImageUri: !Ref LambdaPromtailImage
MemorySize: 128
PackageType: Image
Timeout: 60
Role: !GetAtt LambdaPromtailRole.Arn
ReservedConcurrentExecutions: !Ref ReservedConcurrency
# # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-vpcconfig.html
# VpcConfig:
Environment: # More info about Env Vars: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#environment-object
Variables:
WRITE_ADDRESS: !Ref WriteAddress
USERNAME: !Ref Username
PASSWORD: !Ref Password
BEARER_TOKEN: !Ref BearerToken
KEEP_STREAM: !Ref KeepStream
EXTRA_LABELS: !Ref ExtraLabels
OMIT_EXTRA_LABELS_PREFIX: !Ref OmitExtraLabelsPrefix
TENANT_ID: !Ref TenantID
SKIP_TLS_VERIFY: !Ref SkipTlsVerify
LambdaPromtailVersion:
Type: AWS::Lambda::Version
Properties:
FunctionName: !Ref LambdaPromtailFunction
LambdaPromtailPermissions:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !GetAtt LambdaPromtailFunction.Arn
Principal: !Sub
- logs.${Region}.amazonaws.com
- { Region: !Ref "AWS::Region" }
LambdaPromtailEventInvokeConfig:
Type: AWS::Lambda::EventInvokeConfig
Properties:
FunctionName: !Ref LambdaPromtailFunction
MaximumRetryAttempts: 2
MaximumEventAgeInSeconds: !Ref MaximumEventAgeInSeconds
Qualifier: !GetAtt LambdaPromtailVersion.Version
# Copy this block and modify as required to create Subscription Filters for
# additional CloudWatch Log Groups.
MainLambdaPromtailSubscriptionFilter:
Type: AWS::Logs::SubscriptionFilter
DependsOn: LambdaPromtailPermissions
Properties:
DestinationArn: !GetAtt LambdaPromtailFunction.Arn
FilterPattern: ""
LogGroupName: !Ref LogGroupName
Outputs:
LambdaPromtailFunction:
Description: "Lambda Promtail Function ARN"
Value: !GetAtt LambdaPromtailFunction.Arn