Lambda handler for running elastalert serverless.
- Clone this repository and jump into it:
$ git clone https://github.com/beezz/elastalert-lambda.git && cd elastalert-lambda
-
Update configuration in
config.yaml
-
Put your rules into
rules
directory (remove example rules) -
Build deployment package
dist/lambda.zip
using command:
$ make lambda
- Deploy to AWS and schedule
- Deployment package / code
dist/lambda.zip
- Handler name
elastalert_lambda.handler
- Runtime Python 2.7
- Timeout and memory depends on the amount of data in your rules queries as on complexity of the queries
- Schedule and event to trigger the function (as defined in configuration
run_every
)
- Deployment package / code
Lambda handler for elastalert works by executing the main entry point of elastalert with predefined arguments
--config
pointing toconfig.yaml
--end
set to current timestamp (datetime.datetime.utcnow()
)
You can override those defaults and also add additional arguments using
environmental variable ARGS
or as part of sent event, also with ARGS
key.
Automatic creation of indexes and mappings (elastalert-create-index
) add
EA_CREATE_INDEX
environmental variable to the lambda function. You can
control the argument supplied to the index creation using the
EA_CREATE_INDEX_ARGS
environmental variable. If you omit that one, the
elastalert config.yaml
is supplied via the --config
flag.
Example of create index args setting EA_CREATE_INDEX="--host localhost --user user --password pass"
.
Check all supported arguments elastalert --help
Simply by executing:
$ python elastalert_lambda.py
Passing arguments using environment:
$ ARGS="--debug --patience seconds=5 --es_debug" python elastalert_lambda.py
Passing arguments using event:
$ echo '{"ARGS": "--debug --patience seconds=5 --es_debug"}' | python elastalert_lambda.py