Requirement Summary:
EKS containers send logs to CloudWatch Logs
Need to process logs in real time
Trigger logic based on a specific error in logs
Evaluate Options:
Option A: SNS topic with filter policy
SNS filter policies work on message attributes, not on CloudWatch Logs subscription filters
Option B: Subscription filter on log group
This enables real-time log processing
You can create a subscription filter with a pattern matching specific error strings
Sends matched logs to a Lambda function or Kinesis
Option C: CloudWatch agent operator for trace collection
Irrelevant for log processing
Used for monitoring and tracing, not real-time log filtering
Option D: Lambda function to process logs
Once logs match the pattern, Lambda can process and act (e.g., alert, store, analyze)
Option E: EventBridge rule on a schedule
Not real-time
Scheduled EventBridge rules are for cron-like tasks, not log stream processing
Subscription filters: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html
Real-time log processing with Lambda: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html#LambdaExample
Logs in EKS to CloudWatch: https://docs.aws.amazon.com/eks/latest/userguide/fargate-logging.html
