Lambda function logs missing from CloudWatch when invoked from activity

Question

Hello.  
  
When using the "arn:aws:states:::lambda:invoke" resource to invoke lambda functions no output is sent to the CloudWatch logs.  
Is there any parameter missing?  
A sample activity has:  
  
"PollQueryResult": {  
      "Type": "Task",  
      "Resource": "arn:aws:states:::lambda:invoke",  
      "Parameters": {  
        "FunctionName": "Function:$LATEST",  
        "Payload": {  
          "Input.$": "$.query.Payload"  
        }  
      },  
      "InputPath": "$",  
      "ResultPath": "$.poll",  
      "OutputPath": "$",  
      "Next": "QueryResultChoice",  
    }  
  
Thanks.

Answer

Found that the problem was with the ARNs provided to the IAM Policy.  
To help others that eventually have this issues, below is the template I'm using for new policies:  
  
          - Effect: Allow  
            Action:  
            - logs:CreateLogGroup  
            Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:*"  
          - Effect: Allow  
            Action:  
            - logs:CreateLogStream  
            - logs:PutLogEvents  
            Resource:  
            - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/:*"  
            - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/:*"

Lambda function logs missing from CloudWatch when invoked from activity

Relevanter Inhalt