Lambda - Notify On Lambda ErrorsΒΆ

The following example policy will run hourly as a CloudWatch Scheduled Event triggered Lambda function. The policies filters will check each Lambdas CloudWatch Metrics for errors. If there are any errors in an hour period and the Lambda function is not tagged with Custodian_Lambda_Error_Exclude then the policy will take the action of notifying the Lambda function owner and the cloud team. These notifications can help developers by informing them if unexpected errors occur so they can be quickly addressed.

For the notify action in the policy to work you must have setup the c7n_mailer tool:

Mailer Setup Guide:


  - name: lambda-invocation-errors
    resource: lambda
    description: |
       Hourly check that finds any Lambda functions that have any
       errors within the last hour and notifies the customer and Cloud Team.
      type: periodic
      schedule: "rate(1 hour)"
      timeout: 300
            ResourceContact: ""
            ResourcePurpose: "Created by Cloud Custodian Automated Fleet Management"
            Environment: prd
      - type: metrics
        name: Errors
        days: 0.068
        period: 3600
        statistics: Sum
        op: greater-than
        value: 0
      - not:
          - "tag:Custodian_Lambda_Error_Exclude": present
      - type: notify
        template: default.html
        priority_header: 1
        subject: "Lambda Function Errors Occuring! - [custodian {{ account }} - {{ region }}]"
        violation_desc: |
           "There has been one or more code errors occuring on this lambda function in the last hour:"
        action_desc: |
           "Actions Taken:  Please investigate this lambda function as errors reported.
           To exclude the below function from this scan please add a tag with a Key called
           Custodian_Lambda_Error_Exclude with any value to the lambda function.
          - resource-owner
          type: sqs
          region: us-east-1