We previously created our Lambda function using the Serverless framework starting from scratch. The Serverless frameworks can also be used to download existing functions from GitHub and other code management repository systems. We will use it to install a function that downloads a CloudTrailgizip file, unzip it, and send the records to ElasticSearch using the following command:

$ serverless install -u https://github.com/EffectiveDevOpsWithAWS/serverless-cloudtrail-to-es -n cloudtrail-aws-es  

We will now navigate to the directory:

$ cd cloudtrail-aws-es  

Previously, the Lambda function we created was written in Node.js. AWS Lambda supports a few more languages, including Python. We will showcase it with this function.

As previously, we need to download all the dependencies locally before uploading our function to AWS. The easiest way to do that is to use Python virtualenv:

$ virtualenv -p $(which python) venv
$ source venv/bin/activate  

To make it easy to package our requirements, we are going to use the npm package serverless-python-requirements. This package is already listed in the package.json file present in the directory, therefore we can use npm to install it:

$ npm install  

Once the command has run, we can deploy our function:

$ serverless deploy  

Once the function is deployed, we need to configure it as shown in the following steps:

1. With your browser, go to the Lambda service at https://console.aws.amazon.com/lambda.
2. Click on the cloudtrail-aws-es-dev-lambda_handler function to access its configuration.

3. In the Code Tab, configure the ES_HOST and ES_REGION variables to point to the ElasticSearch Domain you created previously in Chapter 7, Monitoring and Alerting.
4. Once those two variables are configured, click on Save then go to the Triggers tab and select add a trigger.
5. Select the Service S3 as the source of your trigger.
6. In the Bucket menu, find the bucket containing the CloudTrail logs that was generated in the previous section.
7. In the Event type, select PUT.
8. Make sure the Enable Trigger checkbox is set and click on Submit.

Shortly after the function is enabled, you should be able to see it processing logs.