Tags

  • AWS (8)
  • Apigee (3)
  • ArchLinux (5)
  • Array (6)
  • Backtracking (6)
  • BinarySearch (6)
  • C++ (19)
  • CI&CD (3)
  • Calculus (2)
  • Database (1)
  • DesignPattern (43)
  • DisasterRecovery (1)
  • Docker (8)
  • DynamicProgramming (20)
  • FileSystem (11)
  • Frontend (2)
  • FunctionalProgramming (1)
  • GCP (1)
  • Gentoo (6)
  • Git (16)
  • Golang (1)
  • Graph (10)
  • GraphQL (1)
  • Hardware (1)
  • Hash (1)
  • Kafka (1)
  • LinkedList (13)
  • Linux (27)
  • Lodash (2)
  • MacOS (3)
  • Makefile (1)
  • Map (5)
  • Miscellaneous (1)
  • MySQL (21)
  • Neovim (11)
  • Network (72)
  • Nginx (6)
  • Node.js (33)
  • OpenGL (6)
  • PriorityQueue (1)
  • ProgrammingLanguage (9)
  • Python (10)
  • RealAnalysis (20)
  • Recursion (3)
  • Redis (1)
  • RegularExpression (1)
  • Ruby (19)
  • SQLite (1)
  • Sentry (3)
  • Set (4)
  • Shell (4)
  • SoftwareEngineering (12)
  • Sorting (2)
  • Stack (4)
  • String (2)
  • SystemDesign (13)
  • Terraform (2)
  • Tree (24)
  • Trie (2)
  • TwoPointers (16)
  • TypeScript (3)
  • Ubuntu (4)

    • Home

    CloudWatch Subscription Filter

    Published Jun 19, 2025 [  AWS  ]

    A CloudWatch Logs subscription filter allows you to stream log data in real time from CloudWatch Logs to other services like:

    • Amazon Kinesis Data Streams
    • Amazon Kinesis Data Firehose
    • AWS Lambda
    • Amazon OpenSearch Service (via Firehose)

    βœ… Use Cases

    • Real-time processing (e.g., alerting or anomaly detection)
    • Indexing logs in OpenSearch
    • Storing logs in S3 via Firehose
    • Streaming logs to Lambda for custom logic

    πŸ”§ How It Works

    1. Log Group: The source of the logs (e.g., /aws/lambda/my-function).
    2. Destination: The target (Lambda, Firehose, etc.).
    3. Filter Pattern (optional): A pattern to extract or match specific log entries.

    πŸ“˜ Example: Send logs to Lambda

    aws logs put-subscription-filter \
  --log-group-name "/aws/lambda/my-function" \
  --filter-name "MySubscription" \
  --filter-pattern "" \
  --destination-arn "arn:aws:lambda:region:account-id:function:my-function" \
  --role-arn "arn:aws:iam::account-id:role/CloudWatchLogsToLambdaRole"
    • filter-pattern "" means forward all logs.
    • The role must grant logs:PutSubscriptionFilter and invoke permissions on the Lambda.

    πŸ“ Notes

    • Only one subscription filter per log group is allowed.
    • You can use CloudWatch Logs Insights for querying, but it’s separate from subscription filters.
    • Delivery is near real-time, usually within a few seconds.