I am not sure how you setup a gateway to an s3 folder, could you give details?
For your second question, I got the answer now.
#1
Set a Cloudwatch log group and enable events in a lambda function to steam the logs to dynamodb in serverless framework, such as:
functions:
steamLogs:
handler: logs/steam.steam
environment:
DYNAMODB_TABLE: { "Ref": "LogsDynamoDbTable" }
events:
- cloudwatchLog:
logGroup: ${self:custom.service}-${self:custom.stage}-CustomAccessLogs
resources:
Resources:
CustomAccessLogs:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: ${self:custom.service}-${self:custom.stage}-CustomAccessLogs
Currently there is a bug in serverless that it can’t reference log group name in lambda function as { "Ref": "CustomAccessLogs" }
opened 02:11AM - 29 Dec 17 UTC
closed 01:57PM - 03 Dec 21 UTC
bug
help wanted
cat/aws-event-cloudwatch
# This is a (Bug Report Proposal)
## Description
For bug reports:
* What … went wrong?
Get the error when reference a log group.
TypeError: event.cloudwatchLog.logGroup.replace is not a function
* What did you expect should have happened?
replace the reference log group name with real one.
* What was the config you used?
```
functions:
pushCustomAccesslogs:
handler: logs/logs.handler
events:
- cloudwatchLog:
logGroup: { "Ref": "CustomAccessLogs" }
resources:
Resources:
CustomAccessLogs:
Type: AWS::Logs::LogGroup
```
* What stacktrace or error message from your provider did you see?
```
Serverless: Invoke aws:common:cleanupTempDir
Serverless: Packaging service...
Serverless: Excluding development dependencies...
LogGroupName: { Ref: 'CustomAccessLogs' } # <=== Here is the name
Type Error ---------------------------------------------
event.cloudwatchLog.logGroup.replace is not a function
For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.
Stack Trace --------------------------------------------
TypeError: event.cloudwatchLog.logGroup.replace is not a function
at functionObj.events.forEach.event (/usr/lib/node_modules/serverless/lib/plugins/aws/package/compile/events/cloudWatchLog/index.js:48:59)
```
The error line is:
LogGroupName = event.cloudwatchLog.logGroup.replace(/\r?\n/g, '');
https://github.com/serverless/serverless/blob/c345e9a9bfb5dd49a13788009430e24c400243f2/lib/plugins/aws/package/compile/events/cloudWatchLog/index.js#L48
## Additional Data
Your Environment Information -----------------------------
OS: linux
Node Version: 6.11.3
Serverless Version: 1.25.0
I added a debug line before replace function:
console.log("LogGroupName: " , event.cloudwatchLog.logGroup);
from deploy debug log, seems the logGroup name is not referenced properly:
LogGroupName: { Ref: 'CustomAccessLogs' }
#2
Enable Custom Access logs in the api gateway, I have given details in this ticket: How to setup "Custom Access Logging" for api gateway using serverless
After you enable this feature, you will get both auth denies or allowed access logs in cloudwatch. Here is a sample log:
{
"requestId": "859692fd-fd97-11e7-a6a1-c304549351c6",
"ip": "123.12.123.12",
"caller": "-",
"requestTime": "30/Dec/2017:10:47:29 +0000",
"httpMethod": "GET",
"resourcePath": "/todos/list",
"status": "200",
"protocol": "HTTP/1.1",
"responseLength": "237"
}
So the hander logs/steam.steam will be triggered automatically for every new logs in log group CustomAccessLogs. In that hander, you can add/update codes, read the data body and create records to dynamodb.
You can customise the handler to filter the cloudwatch logs which you are interested.