Skip to main content

Webhook Connection for AWS Lambda

Thumbnail icon

You can trigger an AWS Lambda function directly from a Monitor or Scheduled Search by configuring a webhook connection. You can use the Webhook Connection as the Connection Type in a Monitor or the Alert Type in a Scheduled Search.

For example, you can create a Monitor that triggers a Lambda function when too many requests are received from a suspicious IP address. The Lambda function can shut down additional requests from that IP address, while simultaneously sending a notification to the security team for review.

How to expose a Lambda function

To expose a Lambda function, you can use the Enable function URL option or build an API in the API Gateway.

Lambda can be called directly using Function URL. See Creating and managing Lambda function URLs for details.

In more demanding use cases, lambda can be accessed via API Gateway. To use this approach, generate an Invoke URL with a POST method for your Lambda function by creating an API in Amazon API Gateway. For information about exposing an HTTP endpoint in API Gateway, see the Amazon API Gateway documentation.

Secure your Lambda Function URL or API Gateway method by selecting AWS_IAM for the authorization type in configuration on AWS side.

tip

Have your webhook URL handy by copying and pasting it to a notepad. You'll need it to configure your webhook connection in the next section.

To authenticate the Sumo Logic backend and allow webhook calls, you'll need to create in your AWS Account an IAM User account with very restricted privileges. Creating Lambda Function URL you need to create your own policy while building an API Gateway you can use AWS managed policy. In the following sections, you'll find detailed steps for both cases.

Lambda Function URL

If you use the Lambda Function URL to expose a Lambda function, you'll need to:

  1. Create Customer managed policy with the lambda:InvokeFunctionUrl action allowed.
note

This is different from the lambda:InvokeFunction action, which is used in the AWS-managed IAM Policy AWSLambdaRole.

IAM Customer Managed Policy template
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeFunctionUrl"
],
"Resource": "arn:aws:lambda:*:*:function:*"
}
]
}
  1. Create an IAM user account and assign Customer managed policy created in step 1.
  2. Create an AWS Access Key for this account. Take note of your Access key and Secret access key, which you'll need in the next section to authenticate your Webhook connection.

Build an API Gateway

If you're building an API Gateway to expose a Lambda function, you'll need to:

  1. Create an IAM user account with basic API gateway invoke access using the AWS managed policy AmazonAPIGatewayInvokeFullAccess.
  2. Create an AWS Access Key for this account. Take note of your Access key and Secret access key, which you'll need in the next section to authenticate your Webhook connection.

Create a Webhook connection

note

You need the Manage connections role capability to create webhook connections.

Configure the webhook connection to trigger the AWS Lambda function.

  1. Classic UI. In the main Sumo Logic menu, select Manage Data > Monitoring > Connections.
    New UI. In the top menu select Configuration, and then under Monitoring select Connections. You can also click the Go To... menu at the top of the screen and select Connections.
  2. On the Connections page, click Add.
  3. Click AWS Lambda.
  4. In the Create Connection dialog, enter:
    • Name. Enter a name for the Connection.
    • Description. Optional: Enter a Description for the Connection.
    • URL. Enter the Invoke URL from the previous section.
    • Access Key ID and Secret Access Key. Enter AWS Access key and Secret access key for the account with required IAM policy assigned created in previous section.
    • Region. Select your region.
    • Service Name.
      • For Lambda Function URL, enter lambda as the service name.
      • For API Gateway, enter execute-api as the service name.
    • (Optional) Custom Headers, enter up to five comma separated key-value pairs.
    • Alert Payload. Under Alert Payload, which allows you to customize the alert notification, enter a JSON object accepted by your Lambda function. For details on variables that can be used as parameters within your JSON object, see Webhook Payload Variables
    • Recovery Payload. Under Recovery Payload, which allows you to customize the recovery notification, enter a JSON object accepted by your Lambda function. 
  5. Click Test Alert or Test Recovery. If the connection is made to your Lambda function successfully, you will see a 200 OK response message.
  6. Click Save.
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.