4

I have lambda function written in golang. I run it through calling HTTP API gateway. It works fine but I would like to see logs written in stderr which are produced by my golang program.

I tried this

aws logs describe-log-groups

but it shows empty array:

{
    "logGroups": []
}

Actually, I can see logs only when I invoke lambda function directly without API gateway like this:

aws lambda invoke --function-name $FUNCTION_NAME $output --log-type Tail --query 'LogResult'

the log is printed right after the invoke, in this case.

But it would be even better to see the logs of the lambda function when I call it by HTTP API gateway.

Update 1

I added a log group with name /aws/lambda/$FUNCTION_NAME:

aws logs create-log-group --log-group-name /aws/lambda/$FUNCTION_NAME

And added log stream to it:

aws logs create-log-stream --log-group-name /aws/lambda/$FUNCTION_NAME --log-stream-name /aws/lambda/$FUNCTION_NAME

Then I invoke my lambda function via API to produce some logs. Now checking the logs:

 aws logs get-log-events --log-group-name /aws/lambda/$FUNCTION_NAME --log-stream-name /aws/lambda/$FUNCTION_NAME

And get the response:

{
    "nextForwardToken": "f/7872383232323",
    "events": [],
    "nextBackwardToken": "b/8080823092093"
}

So I don't have any events... hmmm...

I checked this log group in console. It's empty there as well.

Update 2

I added CloudWatchFullAccess policy to the role attached to this lambda function:

aws iam attach-role-policy --role-name $roleName \
    --policy-arn arn:aws:iam::aws:policy/CloudWatchFullAccess

Called API, rechecked logs, still empty. Interesting that when I list role policies, it shows an empty array. Although, I just set CloudWatchFullAccess above.

aws iam list-role-policies --role-name $roleName

{
    "PolicyNames": []
}
Maxim Yefremov
  • 241
  • 1
  • 3
  • 17

1 Answers1

3

When you create a lambda function it should have a log group associated with it, but it looks like there aren't any in your account. You could try creating a new log group with the name '/aws/lambda/<function_name>' and see if that resolves the issue. I would also try logging in to the web console to verify that you see the same issue there. You can also create the log group through the console in cloud watch.

maschaub
  • 196
  • 2
  • Thanks, I added log group but can't see logs for now. Please see my update above – Maxim Yefremov Jul 26 '19 at 18:57
  • You may have to give the lambda function permission to write to cloud watch. If your lambda function already has an IAM Role assigned then you can add the CloudWatchFullAccess Policy to that Role. Otherwise try creating a new Role with that Policy and assign it to the lambda function. – maschaub Jul 26 '19 at 19:26
  • I added `CloudWatchFullAccess` policy to it, still empty logs. Please see update 2 above :) – Maxim Yefremov Jul 26 '19 at 20:35
  • Releasing bounty to you) Although I don't see logs for now. But you helped to move toward the solution a lot. Thanks) – Maxim Yefremov Jul 28 '19 at 06:18