search

cloudtools / troposphere

troposphere - Python library to create AWS CloudFormation descriptions
BSD 2-Clause "Simplified" License
4.93k stars 1.45k forks source link

how to create cloudwatch log messages to the streams using troposphere #2054

Open kalavathiy opened 2 years ago

JohnPreston commented 2 years ago

The only 2 AWS resources are log group and log stream. To publish messages to cloudwatch you will need to publish these yourself / via a service publishing to a log stream.

kalavathiy commented 2 years ago

Ok thank you.We don’t have any option in troposphere to publish them?

Thanks, Kala

On Fri, Jun 10, 2022 at 5:01 PM John Preston @.***> wrote:

The only 2 AWS resources are log group and log stream. To publish messages to cloudwatch you will need to publish these yourself / via a service publishing to a log stream.

— Reply to this email directly, view it on GitHub https://github.com/cloudtools/troposphere/issues/2054#issuecomment-1152766641, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMYSXCRPJTDREOVHVXV4C53VOO3NLANCNFSM5YO5MUXQ . You are receiving this because you authored the thread.Message ID: @.***>

kalavathiy commented 2 years ago

Can we use boto3 inside troposphere to generate messages in log group

Need suggestion and sample how to use boto code in troposphere.

Thanks, Kala

On Sat, Jun 11, 2022 at 8:30 AM KALAVATHI YALAMANCHALI < @.***> wrote:

Ok thank you.We don’t have any option in troposphere to publish them?

Thanks, Kala

On Fri, Jun 10, 2022 at 5:01 PM John Preston @.***> wrote:

The only 2 AWS resources are log group and log stream. To publish messages to cloudwatch you will need to publish these yourself / via a service publishing to a log stream.

— Reply to this email directly, view it on GitHub https://github.com/cloudtools/troposphere/issues/2054#issuecomment-1152766641, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMYSXCRPJTDREOVHVXV4C53VOO3NLANCNFSM5YO5MUXQ . You are receiving this because you authored the thread.Message ID: @.***>

tnielsen2 commented 1 year ago

Can we use boto3 inside troposphere to generate messages in log group Need suggestion and sample how to use boto code in troposphere.

By a Custom Cloudformation object, and using an IAM role, you can create CloudFormation resources that execute any kind of supported Lambda function code to do what CloudFormation cannot do natively. For example, if you wanted to populate an S3 bucket with folders in CloudFormation, you would need to use a Custom CloudFormation object for this, because this action is not supported natively.

The lambda will ingest the attributes from the custom object as variables, and you will write the code in the lambda to use it.

I cannot share the code we use in my org, but below is a rough outline of what you need to do. You will need to tailor the IAM permissions and Lambda code to do what you need to do (note: there are placeholder vars in the below snippets).

iam.Role resource - needs permissions to be assumed by Lambda and any other permissions to make your boto3 call. For example, if you are using boto3 to create a VPC, the Role that the lambda assumes need to be allowed to make that api call. I would recommend using CloudTools awacs library to generate your IAM statements. 

t.add_resource(Role(
        'LambdaRole',
        Path='/',
        RoleName='CustomObjRole',
        ManagedPolicyArns=[
            'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
        ],
        AssumeRolePolicyDocument=assume_policy_from_lambda_document,
        Policies=[
            Policy(
                PolicyName='RolePolicyExample',
                PolicyDocument={
                    'Statement': permissions_statement
                },
            ),
        ],
        Tags=your_tags,
    ))

awslambda.Function - Function resource that you code in python (any language can be used here, but since you are using Troposphere I assume you want to keep this consistent). If you declare this inline code within your python template, there are character limits here, so be careful not to make it larger than 4096 characters. 

t.add_resource(Function(
        'Function',
        FunctionName='examplefunctionthatexecutesyourcode',
        Description='This code is executed as a custom CF object',
        Handler='index.handler',
        Runtime='python3.9',
        Timeout=300,
        Code=Code(
            ZipFile=your_python_handler_code_here
        ),
        Role=GetAtt('LambdaRole', 'Arn'),
        Tags=your_tags,
    ))

cloudformation.AWSCustomObject = this requires you to declare a new Custom Object in your class, this repo has an example. You then use the ServiceToken GetAtt from the awslambda.Function to link the custom object to pass the attributes. You will need to look up how to write your Python handler in the Function to pass these into the function as vars.

    class CustomObject(AWSCustomObject):
        """ Custom CF object used to do stuff with variables passed """
        resource_type = 'Custom::CustomBoto3Object'
        props = {
            'ServiceToken': (str, True),
            'Variable1': (str, True),
            'Variable2': (str, True),
        }

    boto3CustomObject = t.add_resource(CustomObject(
        'boto3CustomObject',
        ServiceToken=GetAtt(CustomObject, 'Arn'),
        Variable1='value1',
        Variable2='value2',
        Tags=your_tags,
    ))