Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how to create cloudwatch log messages to the streams using troposphere #2054

Open
kalavathiy opened this issue Jun 10, 2022 · 4 comments
Open

how to create cloudwatch log messages to the streams using troposphere #2054

kalavathiy opened this issue Jun 10, 2022 · 4 comments
Labels
examples

Comments

@kalavathiy
Copy link

No description provided.

@JohnPreston
Copy link
Contributor

The only 2 AWS resources are log group and log stream.
To publish messages to cloudwatch you will need to publish these yourself / via a service publishing to a log stream.

@kalavathiy
Copy link
Author

kalavathiy commented Jun 11, 2022 via email

@kalavathiy
Copy link
Author

kalavathiy commented Jun 11, 2022 via email

@tnielsen2
Copy link
Contributor

Can we use boto3 inside troposphere to generate messages in log group Need suggestion and sample how to use boto code in troposphere.

By a Custom Cloudformation object, and using an IAM role, you can create CloudFormation resources that execute any kind of supported Lambda function code to do what CloudFormation cannot do natively. For example, if you wanted to populate an S3 bucket with folders in CloudFormation, you would need to use a Custom CloudFormation object for this, because this action is not supported natively.

The lambda will ingest the attributes from the custom object as variables, and you will write the code in the lambda to use it.

I cannot share the code we use in my org, but below is a rough outline of what you need to do. You will need to tailor the IAM permissions and Lambda code to do what you need to do (note: there are placeholder vars in the below snippets).

iam.Role resource - needs permissions to be assumed by Lambda and any other permissions to make your boto3 call. For example, if you are using boto3 to create a VPC, the Role that the lambda assumes need to be allowed to make that api call. I would recommend using CloudTools awacs library to generate your IAM statements.

t.add_resource(Role(
        'LambdaRole',
        Path='/',
        RoleName='CustomObjRole',
        ManagedPolicyArns=[
            'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
        ],
        AssumeRolePolicyDocument=assume_policy_from_lambda_document,
        Policies=[
            Policy(
                PolicyName='RolePolicyExample',
                PolicyDocument={
                    'Statement': permissions_statement
                },
            ),
        ],
        Tags=your_tags,
    ))

awslambda.Function - Function resource that you code in python (any language can be used here, but since you are using Troposphere I assume you want to keep this consistent). If you declare this inline code within your python template, there are character limits here, so be careful not to make it larger than 4096 characters.

t.add_resource(Function(
        'Function',
        FunctionName='examplefunctionthatexecutesyourcode',
        Description='This code is executed as a custom CF object',
        Handler='index.handler',
        Runtime='python3.9',
        Timeout=300,
        Code=Code(
            ZipFile=your_python_handler_code_here
        ),
        Role=GetAtt('LambdaRole', 'Arn'),
        Tags=your_tags,
    ))

cloudformation.AWSCustomObject = this requires you to declare a new Custom Object in your class, this repo has an example. You then use the ServiceToken GetAtt from the awslambda.Function to link the custom object to pass the attributes. You will need to look up how to write your Python handler in the Function to pass these into the function as vars.

    class CustomObject(AWSCustomObject):
        """ Custom CF object used to do stuff with variables passed """
        resource_type = 'Custom::CustomBoto3Object'
        props = {
            'ServiceToken': (str, True),
            'Variable1': (str, True),
            'Variable2': (str, True),
        }

    boto3CustomObject = t.add_resource(CustomObject(
        'boto3CustomObject',
        ServiceToken=GetAtt(CustomObject, 'Arn'),
        Variable1='value1',
        Variable2='value2',
        Tags=your_tags,
    ))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
examples
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@JohnPreston @PatMyron @tnielsen2 @kalavathiy