Use AWS CloudFormation to enable Lambda Insights on an existing Lambda function - Amazon CloudWatch

Use AWS CloudFormation to enable Lambda Insights on an existing Lambda function

Follow these steps to use AWS CloudFormation to enable Lambda Insights on an existing Lambda function.

Step 1: Install the layer

Add the Lambda Insights layer to the Layers property within the Lambda Insights layer ARN. The example below uses the layer for the initial release of Lambda Insights. For the latest release version of the Lambda Insights extension layer, see Available versions of the Lambda Insights extension.

Resources: MyFunction: Type: AWS::Lambda::Function Properties: Layers: - !Sub "arn:aws:lambda:${AWS::Region}:580247275435:layer:LambdaInsightsExtension:14"

Step 2: Add the managed policy

Add the CloudWatchLambdaInsightsExecutionRolePolicy IAM policy to your function execution role.

Resources: MyFunctionExecutionRole: Type: 'AWS::IAM::Role' Properties: ManagedPolicyArns: - 'arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy'

Step 3: (Optional) Add VPC endpoint

This step is necessary only for functions running in a private subnet with no internet access, and if you have not already configured a CloudWatch Logs virtual private cloud (VPC) endpoint. For more information, see Using CloudWatch Logs with Interface VPC Endpoints.

Resources: CloudWatchLogsVpcPrivateEndpoint: Type: AWS::EC2::VPCEndpoint Properties: PrivateDnsEnabled: 'true' VpcEndpointType: Interface VpcId: !Ref: VPC ServiceName: !Sub com.amazonaws.${AWS::Region}.logs SecurityGroupIds: - !Ref InterfaceVpcEndpointSecurityGroup SubnetIds: - !Ref PublicSubnet01 - !Ref PublicSubnet02 - !Ref PublicSubnet03