Integration with AWS Lambda Extension
This guide explains how to stream AWS Lambda logs directly to OpenObserve using the OpenObserve Lambda Extension.
With this integration, you can bypass CloudWatch, reduce costs, and achieve real-time observability for serverless workloads.
Overview
The OpenObserve Lambda Extension runs alongside your Lambda function and forwards logs directly to OpenObserve.
This eliminates the need to store or process logs in CloudWatch, while still giving you centralized log analysis, dashboards, and alerts in OpenObserve.
Steps to Integrate
Prerequisites
- OpenObserve account (Cloud or Self-Hosted)
- AWS account with:
- A Lambda function
- IAM permissions to update environment variables and layers
- AWS CLI installed and configured
Step 1: Check Your Lambda Architecture
You can check your Lambda architecture using the command:

- For x86_64:
arn:aws:lambda:<aws_region_id>:325553860333:layer:openobserve-extension-x86_64:1
- For arm64:
arn:aws:lambda:<aws_region_id>:325553860333:layer:openobserve-extension-arm64:1
Note: Make sure
matches the region where your Lambda function is deployed, as Lambda layers are regional. Using an ARN from a different region will not work.
Step 2: Add OpenObserve Lambda Extension Layer
- In AWS Lambda console, open your target function
- Go to Layers → Add a Layer
- Choose “Specify an ARN” and Paste the ARN you got from Step 1
- Save the changes
Step 3: Configure Environment Variables
- Go to your Lambda function → Configuration tab → Environment variables
- Add the following environment variables in your Lambda function:
Key | Value Example |
---|---|
O2_ENDPOINT |
https://<your-domain>:5080 |
O2_AUTHORIZATION_HEADER |
Basic <your-api-key> |
O2_ORGANIZATION_ID |
<your-org-id> |
O2_STREAM |
<stream_name> |
Note: You can fetch these credentials from OpenObserve UI, Go to Data Sources -> Logs -> OTEL Collector
Security Note: Use AWS Secrets Manager to store credentials like O2_AUTHORIZATION_HEADER securely.
Step 4: Invoke the Function
Invoke the function to generate some logs
Step 5: Verify Logs in OpenObserve
- Go to Logs in OpenObserve -> Select your log stream.
- Set a recent time range and click Run Query
- Filter out on logs where type= function using SQL query:
Troubleshooting
Not seeing logs in OpenObserve?
-
Stream mismatch
Ensure theO2_STREAM
environment variable matches the stream configured in OpenObserve. -
Missing/incorrect environment variables
Double-checkO2_ENDPOINT
,O2_AUTHORIZATION_HEADER
, andO2_ORGANIZATION_ID
. -
Architecture mismatch
Function runs but extension does not load if the wrong layer architecture is used. Verify withaws lambda get-function-configuration
.
Bypass CloudWatch Logging
To ensure logs only flow to OpenObserve, remove these IAM permissions from the Lambda role:
logs:CreateLogGroup
logs:CreateLogStream
logs:PutLogEvents
Next Steps
Once logs are flowing into OpenObserve, you can:
- Build dashboards around function latency, memory usage, and errors
- Set up alerts on anomalies or failures