Aggregate data from cloudwatch and ship it to Elastic Stack.
This would provide overview of deploying functionbeat as lambda to receive events from Cloudwatch log groups and stream it to ElasticSearch on AWS.
AWS account and elasticsearch setup on AWS. Also, AWS credentials are set in the environment variables.
Functionbeat distribution downloaded from
https://www.elastic.co/downloads/beats/functionbeat
-
Setup the IAM role to be able to deploy functionbeat with required lambda permissions
functionbeat-iam.yamlconsists of required role policies -
Configure functionbeat lambda function with triggers
functionbeat.yamlcontains the lambda function configurations underfunctionbeat.provider.aws.functions
Deploy from the functionbeat install location.
Since there's IAM role dependency for lambda to execute, deploy IAM role before functionbeat lambda.
IAM role would be created by running cloudformation stack
aws cloudformation deploy \
--stack-name functionbeat-log-aggregator \
--capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM \
--template-file functionbeat-iam.yml
Once the role is successfully created, deploy the functionbeat installation. Firstly, validate the configuration of functionbeat using:
./functionbeat test config -e
Deploy the package using command:
./functionbeat -v -e -d "*" deploy fb-cloudwatch
NOTE: If you would anytime want to update the function, use update command instead of deploy