amazon-web-services aws-lambda amazon-cloudwatch amazon-cloudwatchlogs

Why can't I see CloudWatch Logs for Lambda function?

I wanted to be able to monitor logs in Cloudwatch when my Lambda being executed, currently there is a section on the top of Lambda console:

It's showing me any error I got when the Lambda is being executed, but if I click on logs, it will direct me to CloudWatch and showing me log group does not exist, does anyone know why and how I'll be able to see the logs in Cloudwatch? (I thought it'll be automatical...)

Solution

Your AWS Lambda function needs the following permissions to access CloudWatch Logs:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}

This will give it permission to create a log group and store events in the log group.

The easiest way to assign this permission is by adding the AWSLambdaBasicExecutionRole managed policy to the IAM Role being used by your Lambda function.