The fees for sending AWS Lambda function logs to Amazon CloudWatch can add up quickly after you’ve exceeded the limits of their free tier, especially for frequently invoked functions that produce even relatively moderate quantities of log data. You could use New Relic for log analysis, but until recently our solution relied on Amazon CloudWatch to ingest Lambda logs and then forward them to New Relic.

With the AWS Lambda Extensions Logs API, Lambda Extensions now have direct access to the log stream, independent from CloudWatch. And you can take advantage of the newest version of the New Relic Lambda extension to send function logs, in addition to telemetry data, directly to New Relic One to gain unified visibility into your Lambda functions. (Lambda extensions are a new way for observability and other tools to easily integrate with AWS Lambda.)

How does an engineer benefit? You can manage and optimize your cloud spend without compromising observability by sending Lambda function logs directly to New Relic One’s Telemetry Data Platform. In this post, I’ll explain how to configure this, and in my next post we’ll dig deeper into what you can do with New Relic’s Lambda extension, and how it helps you use New Relic One to better understand the behavior and performance of serverless applications hosted in AWS Lambda.

How to configure ingest of Lambda function logs

Configuring this for your functions that already use the extension to send telemetry data is straightforward. You simply change one environment variable and remove the CloudWatch subscription filter. Here’s an example of what that looks like in AWS CloudFormation, using our Go example function:

Resources:
  NewRelicExample:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri:
        Bucket: !Sub newrelic-example-${AWS::Region}-${NRAccountId}
        Key: go-example.zip
      Description: A simple Lambda, with New Relic telemetry
      FunctionName: newrelic-example-go
      Handler: handler
      Runtime: provided
      Environment:
        Variables:
          NEW_RELIC_ACCOUNT_ID: !Sub ${NRAccountId}
          NEW_RELIC_TRUSTED_ACCOUNT_KEY: !Sub ${NRAccountId}
          # Enable the new logging functionality
          NEW_RELIC_EXTENSION_SEND_FUNCTION_LOGS: true
      Layers:
        # This layer includes the New Relic Lambda Extension, a sidecar process that sends telemetry
        - !Sub 
arn:${AWS::Partition}:lambda:${AWS::Region}:451483290750:layer:NewRelicLambdaExtension:5
      # The section below disables CloudWatch entirely, and is optional.
      Role: !GetAtt FunctionRole.Arn
  FunctionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: "lambda.amazonaws.com"
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - !ImportValue 
NewRelicLicenseKeySecret-NewRelic-ViewLicenseKeyPolicyARN

In the above example, we set the value to true for using the NEW_RELIC_EXTENSION_SEND_FUNCTION_LOGS environment variable to send function logs. This is all that is necessary to turn on the functionality. Be sure, however, to turn off the subscription filter for your function as well using our CLI tool. If you forget this step, your logs will be sent to New Relic twice, which could be confusing.

newrelic-lambda subscriptions uninstall --function <name> --aws-region <region>

The section at the bottom of the above template regarding the function’s execution role removes the default CloudWatch permissions. This prevents the function from logging to CloudWatch, which eliminates CloudWatch ingest fees for that Lambda function. It’s best to test that your New Relic logging integration is working correctly before disabling CloudWatch, so you don’t lose visibility into your function’s execution.

Because sending Lambda function logs directly to New Relic is configured on a per-function basis, you can easily transition from the old mechanism for log ingestion to the new one at your own pace, and reduce your cloud spend as you go.

Get full visibility into your Amazon Web Services environments with a free observability plan from New Relic on AWS Marketplace.

 

Matt Whelan is a senior software engineer on the New Relic Serverless team. When he’s not building machines out of words, he wanders his native Pacific Northwest on foot or by bicycle. View posts by .

Interested in writing for New Relic Blog? Send us a pitch!