Serverless computing with AWS Lambda is an increasingly popular business solution, but keeping track of Lambda function activity isn’t always so easy. Sumo Logic’s integration with AWS CloudTrail’s logging of Lambda data events helps you continuously monitor your Lambda functions and gain insight into the AWS Lambda function activity.
The adoption of serverless computing has grown considerably in the past few years. The increase in the number of developers leveraging serverless architectures is driven by the simplified deployment, ease of maintenance, and decrease in time to market for software releases. Consequently, the demand for monitoring of the serverless architectures is expected to increase. Today, Amazon Web Services announced new AWS CloudTrail functionality called AWS Lambda data events. This functionality allows you to continuously monitor the execution activity of your Lambda functions and record details on when and by whom an Invoke API call was made.
AWS CloudTrail Lambda Data Events
- Records details on when and by whom an Invoke API call was made and which Lambda function was executed.
- Can be enabled for a single Lambda function, a group of functions, or all functions in an AWS account.
- Can be configured using the AWS CloudTrail console, the AWS CLI, and the AWS SDKs.
- Provides detailed information, including client context (IDs, app details, platform details, make, model, locale, etc.), user information (type, name, IDs), and invoked function details (name, version, ARN).
Data events are recorded in CloudTrail logs. For greater ease of use and monitoring, consider taking things to the next level with Sumo Logic.
Sumo Logic Integration with CloudTrail and Lambda Data Events
Sumo Logic’s integration makes understanding Lambda data events simple and easy, without parsing through individual log files. It helps you gain insight and visualize your AWS Lambda function activity. It also helps you meet your IT auditing and security compliance needs by providing details on users and services that invoke Lambda functions.
Here’s an example dashboard showing some of the information available to you at a glance:
How It Works
Sumo Logic extended its support for its Lambda App to include AWS CloudTrail Lambda data events. The Sumo Logic Lambda App collects data from two sources:
- Lambda logs from Amazon CloudWatch Logs
- AWS CloudTrail Lambda data events from CloudTrail logs
The Lambda App provides out-of-the-box dashboards and visualizations. It covers multiple use cases, including but not limited to:
- What functions are being invoked over time, including information on function names, versions, and AWS regions, and details on outliers, if any.
- Where the users who invoke functions are located, with geographical location data of users invoking AWS Lambda functions.
- What AWS services are invoking functions, with respective count of each AWS service invoking functions over time.
- Which IAM users are invoking functions.
- Whether there are any threats, including threat details (with Sumo Logic – CrowdStrike Integration)
- What the resource usage is, including memory and duration usage by function versions or aliases.
- What errors have occurred, if any.
- What the billable duration was of each invocation of a Lambda function.
Here’s another look at one of the dashboards, this time looking at the security data for Lambda data events:
Sumo Logic’s integration with AWS CloudTrail Lambda data events enables you to continuously monitor your Lambda functions and gain insight into AWS Lambda function execution activity in an AWS account.
If you already have a Sumo Logic account, then the Lambda App is available to you already and free to use. If you are new to Sumo Logic, start by signing up for a free account here.
Thanks for reading! If you have any questions or comments feel free to reach out via email (firstname.lastname@example.org) or LinkedIn.