lambda函数LogsToElasticsearch_opensearch的cloudwatch logs trigger添加日志组的的命令

要为Lambda函数LogsToElasticsearch_opensearch添加CloudWatch Logs触发器并指定日志组，您可以使用以下命令：

aws logs put-resource-policy \
    --policy-name "LambdaLogsToElasticsearch_opensearch" \
    --policy-document '{
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "LambdaLogsToElasticsearch_opensearch",
                "Effect": "Allow",
                "Principal": {
                    "Service": "lambda.amazonaws.com"
                },
                "Action": "logs:CreateLogStream",
                "Resource": "arn:aws:logs:REGION:ACCOUNT_ID:log-group:LOG_GROUP_NAME:*"
            },
            {
                "Sid": "LambdaLogsToElasticsearch_opensearch",
                "Effect": "Allow",
                "Principal": {
                    "Service": "lambda.amazonaws.com"
                },
                "Action": "logs:PutLogEvents",
                "Resource": "arn:aws:logs:REGION:ACCOUNT_ID:log-group:LOG_GROUP_NAME:*:*"
            }
        ]
    }'

请将以下内容替换为您的实际值：

• REGION - 日志组所在的AWS区域。
• ACCOUNT_ID - 您的AWS账户ID。
• LOG_GROUP_NAME - 要添加Lambda触发器的日志组名称。

这将创建一个名为"LambdaLogsToElasticsearch_opensearch"的资源策略，允许Lambda函数访问指定的日志组。然后，您可以使用AWS管理控制台或AWS CLI将CloudWatch Logs触发器添加到Lambda函数，以将日志发送到Elasticsearch_opensearch