Can't get AWS Lambda function to log (text output) to CloudWatch
I'm trying to set up a Lambda function that will process a file when it's uploaded to an S3 bucket. I need a way to see the output of console.log
when I upload a file, but I can't figure out how to link my Lambda function to CloudWatch.
I figured about by looking at the context
object that my log group is /aws/lambda/wavToMp3
and the log stream is 2016/05/23/[$LATEST]hex_code_redacted
. So I created that group and stream in CloudWatch, yet nothing is being logged to it.
After you update your policy, it seems that you have to update your function's settings to refresh all job instances to read new policies.
So if you just click 'test' button from Lambda console after you update your role policy in IAM, the cached Lambda instances will still have old role permissions, so you will still see no logs being written to Cloudwatch logs.
Just change your timeout by a second and click on 'save and test' button, and you will start to see logs in Cloudwatch.
For the lambda function to create log stream and publish logs to cloudwatch, the lambda execution role needs to have the following permissions.
{
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:*"
}
]
}
Please refer to the following AWS documentation for more details http://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html#lambda-intro-execution-role
For the lambda function to create log stream and publish logs to cloudwatch, the lambda execution role needs to have the following permissions
I already had these permissions yet it did not work.
Just change your timeout by a second and click on 'save and test' button, and you will start to see logs in Cloudwatch.
I changed the timeout, saved and logs still did not work.
I assigned another role and logs still did not work.
What ended up working for me was clicking "Create a custom role", then "Allow". This was it and logs started being generated but since I did not want to use a new role but my existing role, I simply assigned my existing role afterwards and it worked. So technically I should have returned back to original configuration that did not work but now it works. Go figure.
Apparently another necessity for logging to happen is the Lambda function must indicate completion; for instance in the Python context, the handler must return something other than None
.