prerendercloud-lambda-edge icon indicating copy to clipboard operation
prerendercloud-lambda-edge copied to clipboard

Published 20 hours ago verified publisher icon sanfrancesco

how to enable AWS Cloudwatch Lambda Insights?

Open romk1n opened this issue 1 year ago • 6 comments
trafficstars

Hi, When we deployed the the lambda edge we can't see any monitoring, trying to change configuration in place we getting an error: Role trusts too many services, expected only 1.

I guess there must be some configuration in deploy which would switch on?

maybe envrionment is required, but we not sure how to correctly set it up using this project.

environment:
      AWS_LAMBDA_EXEC_WRAPPER

Thanks.

romk1n avatar Jun 26 '24 15:06 romk1n

I don't think the environment section is needed, but I wonder if the "edgelambda.amazonaws.com" in the role is no longer needed: https://github.com/sanfrancesco/prerendercloud-lambda-edge/blob/e6ce2a65b78b7c90d84dd34ad364494f137eaaf3/serverless.yml#L63

can you try recreating (or modifying the trust policy) so it only has access to 1 service "lambda.amazonaws.com" instead of both "edgelambda.amazonaws.com" and "lambda.amazonaws.com"?

jotto avatar Jun 26 '24 17:06 jotto

will try thanks, it's interesting that's it is off by default, so i was wondering if there was specific reason.

romk1n avatar Jun 26 '24 17:06 romk1n

  • My previous comment may be wrong, the official docs still show edgelambda.amazonaws.com: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-permissions.html#lambda-edge-permissions-function-execution but it may be worth examining your existing roles and/or creating this one just in case
  • there is no environment section because it's not needed. secrets are hardcoded into handler.js, but you can use serverless with their encrypted functionality to convert encrypted .env files into environment variables that get decrypted at deploy-time
  • if you have a need for environment variables, feel free to edit

let me know what you find or if you have any more info about the "Role trusts too many services, expected only 1." error

jotto avatar Jun 26 '24 17:06 jotto

@jotto the issue is that we cannot see any monitoring because when we deploy the function Insights are disabled, we can see logs though and we can see it's working. So that's the main question if you know how to enable monitoring?

Screenshot 2024-06-26 at 18 51 12

and without monitoring we don't get any cloudwatch stats all dashboard are empty and traces as well

Screenshot 2024-06-26 at 18 52 44 Screenshot 2024-06-26 at 18 52 03

romk1n avatar Jun 26 '24 17:06 romk1n

those basic cloudwatch metrics should be working by default... can you try changing the date range from 1w to 1hr to ensure it's not hiding the most recent data?

also email me [email protected] with your account email so i can double check that the requests are being made

jotto avatar Jun 26 '24 17:06 jotto

We will send en email, as we trying to debug blocklist functionality. What's really weird if we do test manually we can see invocations and logs. but when it's executed from cloudfront no invocations are shown in lambda monitoring, however cloudfront does show stats that function is called, it's a bit all bizzare, we also know 100% that it's working.

romk1n avatar Jul 09 '24 09:07 romk1n