Python lambda to ship logs from Cloudwatch to Logstash

cloudwatch_to_logstash.py

#!/usr/bin/env python3
import socket
import sys
import json
import zlib
import copy
import base64
import re
import ssl
import logging


logger = logging.getLogger()
logger.setLevel(logging.INFO)


host = os.getenv('LOGSTASH_HOST')
port = os.getenv('LOGSTASH_PORT')


def transform(data):
    new_data = copy.deepcopy(data)
    if "timestamp" in data:
        del new_data["timestamp"]
        new_data["lambda_timestamp"] = data["timestamp"]
    return new_data


def send_log(data):
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
    s = context.wrap_socket(s)

    s.connect((host, int(port)))
    s.sendall(str(json.dumps(data)).encode("utf-8"))
    s.send("\n".encode("utf-8"))
    s.close()


def lambda_handler(event, context):
    decompressed = zlib.decompress(base64.b64decode(event["awslogs"]["data"]), 16 + zlib.MAX_WBITS)
    try:
        data = json.loads(decompressed)
    except Exception as e:
        return
    for str_event in data["logEvents"]:
        send_log(transform(str_event))


if __name__ == "__main__":
    lambda_handler(None, None)