Este contenido no está disponible en el idioma seleccionado

Trabajamos constantemente para que el contenido esté disponible en el idioma seleccionado. Gracias por tu paciencia.

How do I resolve the "Log group does not exist" error for Lambda function logs in the CloudWatch console?

2 minutos de lectura

When I try to view logs for my AWS Lambda function in the Amazon CloudWatch console, I get a "Log group does not exist" error. How do I resolve the error?

Short description

If there's no log group for your Lambda function when you try to view your function's logs, then CloudWatch returns the following error:

"Log group does not exist. The specific log group: <log group name> does not exist in this account or region."

Logs are generated after you run your function for the first time. If there's no log group after invoking the function, it's usually because there's an issue with the function's AWS Identity and Access Management (IAM) permissions.

To troubleshoot a Log group does not exist error from CloudWatch, confirm the following:

Your Lambda function's execution role has sufficient permissions to write logs to CloudWatch.
The log group resource in the IAM policy includes the name of your function.

Note: For information on permissions-related logging issues with Lambda@Edge, see Service-linked roles for Lambda@Edge.

Resolution

In the IAM console, review and edit the IAM policy for the Lambda function's execution role so that the following is true:

The write actions CreateLogGroup and CreateLogStream are allowed.
Note: If you don't need custom permissions for your function, then you can attach the managed policy AWSLambdaBasicExecutionRole. This managed policy allows Lambda to write logs to CloudWatch.
The AWS Region specified in the Amazon Resource Name (ARN) is the same as your Lambda function's Region.
The log-group resource includes the name of your Lambda function. For example, if your function is named myLambdaFunction, the associated log-group is /aws/lambda/myLambdaFunction.

Below is an example policy that includes the required permissions for a Lambda role to access CloudWatch logs:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "logs:CreateLogGroup",
            "Resource": "arn:aws:logs:region:accountId:*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": [
                "arn:aws:logs:region:accountId:log-group:/aws/lambda/functionName:*"
            ]
        }
    ]
}

Related information

AWS Lambda permissions

Temas

Sin servidor Calcular

Etiquetas

AWS Lambda

Idioma

English

Vídeos relacionados

Watch Jeremiah's video to learn more (3:51)

OFICIAL DE AWSActualizada hace 2 años

Sin comentarios

Contenido relevante

¿Cómo puedo solucionar el error “You have exceeded the maximum limit for Lambda HyperPlane ENIs for your VPC” (Ha superado el límite máximo de ENI de Hyperplane de Lambda para la VPC) al configurar una función de Lambda en una Amazon VPC?
OFICIAL DE AWSActualizada hace 3 meses
¿Cómo soluciono el error “ResourceInitializationError: failed to validate logger args” en Amazon ECS?
OFICIAL DE AWSActualizada hace 4 meses
¿Cómo soluciono el error: “The following parameters are not defined for the specified group: xxx, xxx” (Los siguientes parámetros no están definidos para el grupo especificado: xxx, xxx) cuando actualizo la versión del motor de mi clúster de RDS con CloudFormation?
OFICIAL DE AWSActualizada hace un año
¿Cómo puedo resolver un “Access Error” (Error de acceso) después de configurar el registro de flujo de la VPC?
OFICIAL DE AWSActualizada hace un año