How do I resolve the "Log group does not exist" error for Lambda function logs in the CloudWatch console?

Short description

Logs generate after you run your function for the first time. If there's no log group for your Lambda function when you view your function's logs, then CloudWatch returns the following error message:

"Log group does not exist. The specific log group does not exist in this account or region."

Resolution

To resolve this error, create an AWS Identity and Access Management (IAM) custom permissions policy to allow CreateLogGroup and CreateLogStream write actions.

Note: If you don't need custom permissions for your function, then attach the managed policy AWSLambdaBasicExecutionRole to allow Lambda to write logs to CloudWatch.

Complete the following steps:

1. Open the IAM console.

2. In the navigation pane, choose Policies.

3. Choose Create policy, and then choose JSON.

4. In the Policy editor, enter the following policy:

   {  
     "Version": "2012-10-17",  
     "Statement": [  
       {  
         "Effect": "Allow",  
         "Action": "logs:CreateLogGroup",  
         "Resource": "arn:aws:logs:your-region:your-accountID:*"  
       },  
       {  
         "Effect": "Allow",  
         "Action": [  
           "logs:CreateLogStream",  
           "logs:PutLogEvents"  
         ],  
         "Resource": [  
           "arn:aws:logs:your-region:your-accountID:log-group:/aws/lambda/your-function-name:*"  
         ]  
       }  
     ]  
   }

   Note: Replace your-region with your AWS Region, your-accountID with your AWS account ID, and your-function-name with the name of your function.

5. Choose Next and then enter a name for the policy.

6. Choose Create policy.

7. Attach the policy to the Lambda function's role.

Note: To configure Lambda@Edge, see Set up IAM permissions and roles for Lambda@Edge.

Related information

Managing permissions in AWS Lambda