Can't get AWS Lambda function to log (text output) to CloudWatch
After you update your policy, it seems that you have to update your function's settings to refresh all job instances to read new policies.
So if you just click 'test' button from Lambda console after you update your role policy in IAM, the cached Lambda instances will still have old role permissions, so you will still see no logs being written to Cloudwatch logs.
Just change your timeout by a second and click on 'save and test' button, and you will start to see logs in Cloudwatch.
For the lambda function to create log stream and publish logs to cloudwatch, the lambda execution role needs to have the following permissions.
{
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:*"
}
]
}
Please refer to the following AWS documentation for more details http://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html#lambda-intro-execution-role
For the lambda function to create log stream and publish logs to cloudwatch, the lambda execution role needs to have the following permissions
I already had these permissions yet it did not work.
Just change your timeout by a second and click on 'save and test' button, and you will start to see logs in Cloudwatch.
I changed the timeout, saved and logs still did not work.
I assigned another role and logs still did not work.
What ended up working for me was clicking "Create a custom role", then "Allow". This was it and logs started being generated but since I did not want to use a new role but my existing role, I simply assigned my existing role afterwards and it worked. So technically I should have returned back to original configuration that did not work but now it works. Go figure.