Creating an AWS CloudWatch subscription filter with a Lambda function

AWS CloudWatch subscription filters allow you to limit log event notifications to certain log groups, so that only the subscribers to a specific log group receive CloudWatch notifications. For this purpose, you can use an AWS Lambda function.

Before you begin

Make sure you have the appropriate IAM roles for the execution of Lambda functions. When in doubt, see: Using Lambda with the AWS CLI

About this task

The AWS article

Example 2: Subscription filters with AWS Lambda

served as the basis for the following procedure.

Procedure

  1. In a web browser, open the CloudWatch console at:
    https://eu-north-1.console.aws.amazon.com/lambda/home?region=eu-north-1#/functions
  2. Click Create function.
  3. Select Author from scratch.
  4. From the Runtime drop-down list, select Python 3.11.
  5. In the Function name field, enter a name for the function.
  6. Under Permissions, select the proper execution role. You might have to expand the Change default execution role section first.
  7. Click Create function.
    You see a page with the selected function name as the title. On the lower half of page, you find a tabbed notebook labeled Source code. The Code tab is visible. On that tab, you find two editor windows.
  8. In the window with the title /lambda_function.py, write or paste your function code. You can use and modify the sample code provided in Lambda sample code for subscription filter.
  9. Click the Configuration tab.
  10. Under General configuration on the left, select Triggers.
  11. Click Add trigger
  12. From the Trigger configuration drop-down list, select CloudWatch Logs.
  13. From the Log groups drop-down list, select the log group that you want to associate with your filter.
  14. In the Filter name field, enter a name for your filter.
  15. Click Add.