Summary
Following the "Logs for Lambda" Grafana Cloud Connection instructions fails.
The provided lambda-promtail.yaml CloudFormation template is missing an additional permission. After doing some research, it turns out that AWS Console set's the missing permission behind-the-scenes when a user manually creates a subscription filter. I suspect the CF Template author was unaware of this, and things worked in their environment after manually creating a subscription filter.
Error Message in CloudFormation
Resource handler returned message: "Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to execute your function. (Service: CloudWatchLogs, Status Code: 400, Request ID: )" (RequestToken: , HandlerErrorCode: InternalFailure)
Fix
I downloaded lambda-promtail.yaml manually, and added the following section to resolve the issue:
@mjpowersjr Yeah I've never used cloudformation myself other than writing that file as a quick example. PRs to improve the template are welcome! This certainly sounds like a valid change to make.
Summary Following the "Logs for Lambda" Grafana Cloud Connection instructions fails.
The provided
lambda-promtail.yaml
CloudFormation template is missing an additional permission. After doing some research, it turns out that AWS Console set's the missing permission behind-the-scenes when a user manually creates a subscription filter. I suspect the CF Template author was unaware of this, and things worked in their environment after manually creating a subscription filter.Error Message in CloudFormation
Fix I downloaded
lambda-promtail.yaml
manually, and added the following section to resolve the issue:Related Discussions