mdlavin/lambda-function-xray-enablement.tf

Last active March 18, 2024 14:38

Star 16 You must be signed in to star a gist
Fork 1 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/mdlavin/1b8fcc1b05932f6c105fb7c4ad34c204.js"></script>
Save mdlavin/1b8fcc1b05932f6c105fb7c4ad34c204 to your computer and use it in GitHub Desktop.

Download ZIP

Terraform configuration to enable X-Ray for a Lambda function

Raw

lambda-function-xray-enablement.tf

	resource "aws_lambda_function" "service" {
	# Your usual aws_lambda_function configuration settings here

	tracing_config {
	mode = "Active"
	}
	}

sburns commented Jul 26, 2019 •

edited

Note that you might have to add this policy block into the IAM role that this lambda runs with:

        {
            "Effect": "Allow",
            "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords",
                "xray:GetSamplingRules",
                "xray:GetSamplingTargets",
                "xray:GetSamplingStatisticSummaries"
            ],
            "Resource": [
                "*"
            ]
        }

This is coming from this documentation page

tiny-dancer commented Sep 3, 2019

Also an IAM option for the above

data "aws_iam_policy" "aws_xray_write_only_access" {
  arn = "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess"
}

BarakBD-Globality commented Sep 27, 2019

This was super useful, thanks everyone!
Just to add to the party:

data "aws_iam_policy" "aws_xray_write_only_access" {
  arn = "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess"
}
resource "aws_iam_role_policy_attachment" "aws_xray_write_only_access" {
  role       = "${aws_iam_role.lambda.name}"
  policy_arn = "${data.aws_iam_policy.aws_xray_write_only_access.arn}"
}

illia-sh commented Mar 27, 2020

or even shorter way

resource "aws_iam_role_policy_attachment" "aws_xray_write_only_access" {
  role       = aws_iam_role.lambda.name
  policy_arn = "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess"
}

YuanH commented Oct 23, 2021

Hi, not sure if anyone's run into this situation where if you remove that tracing_config block, tracing is still turned on?

j4y commented Sep 8, 2022

This is the newer version of the managed policy:

data "aws_iam_policy" "lambda_xray" {
  name = "AWSXRayDaemonWriteAccess"
}

jzaoueli commented Mar 18, 2024 •

edited

with the suggegsted code:

resource "aws_lambda_function" "service" {
  tracing_config {
    mode = "Active"
  }
}

I got only the last Log containing the X-Ray-data but not all Logs, my wish is that all logs of the lambda contains the xray-trace-id did someone have a solution?

jzaoueli commented Mar 18, 2024 •

edited

Hi, not sure if anyone's run into this situation where if you remove that tracing_config block, tracing is still turned on?

yes me also. I had to change it to "PassThrough" to turn it of. I'm not sure if this is the right workaround.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment