Why can't I see CloudWatch Logs for Lambda function?

Question

I wanted to be able to monitor logs in Cloudwatch when my Lambda being executed, currently there is a section on the top of Lambda console:

It's showing me any error I got when the Lambda is being executed, but if I click on logs, it will direct me to CloudWatch and showing me log group does not exist, does anyone know why and how I'll be able to see the logs in Cloudwatch? (I thought it'll be automatical...)

Answer 1

You have to add action

        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }

to your lambda role policy

Answer 2

Your AWS Lambda function needs the following permissions to access CloudWatch Logs:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}

This will give it permission to create a log group and store events in the log group.

The easiest way to assign this permission is by adding the AWSLambdaBasicExecutionRole managed policy to the IAM Role being used by your Lambda function.

Answer 3

Your log group should be created automatically.

If you click on details arrow you will see the reason it failed, probably it crashed.

I suppose you got a lambda runtime error, before your handler is run.

Answer 4

The most common cause of this problem is that you have not assigned an IAM role to your Lambda function that has permission to create logs in CloudWatch.