Wednesday, January 27, 2021

vRA Cloud Template to deploy AWS Lambda to forward S3 Logs to vRealize Log Insight Cloud

Recently vRealize Log Insight Cloud announced Multi-Cloud support which allows you to forward logs from AWS and Azure. For more details, you can refer to the blog post


In this blog, I would demonstrate how to use vRA Blueprint a.k.a Cloud Templates, to deploy AWS Lambda to forward the S3 Buckets logs / Events to vRealize Log Insight Cloud.


Once you provision, it will create AWS Lambda which will forward the logs to vRealize Log Insight Cloud, when new S3 object is created in the bucket.

 






















Pre-requisites 


Following are the pre-requisites 
  • Access to VMware vRealize Log Insight Cloud 
  • API Key for VMware vRealize Log Insight Cloud 
  • AWS Account added as vRA Cloud Account 
    • PowerUser role should be enough for creating the required resources. 
  • AWS IAM role which has access to Lambda Service 
    • It needs to exist and provided as Deployment Input. 
  • Source S3 Bucket 
    • You will need to download the Lambda.zip from Github to S3 Bucket. 
  • Target S3 Bucket(s) for which you want to forward logs & events.
    • It needs to exist and provided as Deployment Input.

Download vRA Cloud Templates aka Blueprints


Clone repo which has the vRA Cloud Template aka Blueprints

git clone https://github.com/munishpalmakhija/cas.git

Import following 2 blueprints 

Navigate to the "vRLICloud-AWSLambda Blueprint" folder and import the following blueprints 
  • Deploy-vRLICloud-AWS-Lambda-S3BucketLogs
  • Deploy-vRLICloud-AWS-Lambda-S3Events













































Provision Blueprints


Deployment Inputs 


You will need to provide the following inputs for both blueprints 



















It creates the following 3 resources 

Cloud.Service.AWS.Lambda.Function
Cloud.Service.AWS.Lambda.Permission
Cloud.Service.AWS.S3.Bucket.Notification





































Once the deployment is successful you will see 2 AWS Lambda functions created.




Try uploading a new file that has logs into the S3 Bucket(s) and validate logs are showing in vRealize Log Insight Cloud. 

You should be able to view logs by using the following filter.

log_type starts with aws






3 comments: