在 ECR 事件后触发 AWS lambda 函数
我正在尝试让 AWS Lambda 函数在新映像推送到 AWS 容器注册表时运行.我已经创建并测试了可以正常工作的函数.然后,我使用以下模式创建了一个简单的 CloudWatch 事件规则:
I am trying to get an AWS Lambda function to run whenever a new image is pushed to an AWS container registry. I have created and tested the function which works fine. I have then created a simple CloudWatch event rule with the pattern:
{
"source": [
"aws.ecr"
]
}
我相信这会在来自 ECR 的任何事件上触发.
which I believe will trigger on any event from ECR.
该规则有一个 lambda 函数的目标.问题是将新图像推送到注册表(或删除等)时不会调用该函数.CloudWatch 日志中没有显示该函数的任何内容.事件规则中是否遗漏了某些内容或诊断可能出错的方法?
The rule has a target of the lambda function. The problem is the function is not called when a new image is pushed to the registry (or deleted etc). Nothing appears in the CloudWatch logs for the function. Is there something missing from the event rule or a way to diagnose what could be going wrong?
CloudTrail 记录 PutImage 事件并可将其写入 CloudWatch Logs.只要在 CloudWatch Logs 中写入 PutImage 事件,就可以触发警报,这可以通过 SNS 进一步触发 Lambda 函数.
CloudTrail records PutImage event and can write it to CloudWatch Logs. An Alarm can be triggered whenever a PutImage event is written in CloudWatch Logs which can further trigger a Lambda Function through SNS.
您将创建一个日志指标过滤器,就像这样.
You would create a Logs Metric Filter, Something like this.
{ ($.eventSource = ecr.amazonaws.com) && ($.eventName = PutImage) && ($.requestParameters.repositoryName = "<RepoName>") && ($.errorCode NOT EXISTS) }
或
您需要配置 ECR CloudTrail API 调用事件.
You need to configure the ECR CloudTrail API Calls Events.
{
"source": [
"aws.ecr"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"ecr.amazonaws.com"
]
}
}