By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Only one user and it has CloudWatchFullAccess but I can't see CW logs

0

When I run my lambda it fails. I want to see the logs but when I click "View logs in Cloudwatch" I get:

```

There was an error loading Log Streams


I only have one user and that user has CloudWatchFullAccess and AWSLambdaFullAccess.   
  
When I try to create a log stream I get: 

    ```
There was an error creating your Log Stream. Please try again.

When I follow these instructions I get the same error: https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html

So what's wrong here?

Edited by: mstracker on Jun 30, 2019 3:57 PM

Edited by: mstracker on Jun 30, 2019 4:11 PM

Topics
Management & Governance
Tags
Amazon CloudWatch
Language
English
mstracker
asked 5 years ago256 views
5 Answers
1

I followed this article and recreated the function from scratch and it worked. Seems like the AWS XRay access might have been the issue.

https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html

mstracker
answered 5 years ago
0

Hello

Just in case, double check that your lambda function has the minimum role to write the logs in cloudwatch. It should have a role that includes the AWSLambdaBasicExecutionRole policy.

on the lambda function page, there is a monitoring tab where you can see if there are any issues. That might give you an idea of what else is needed. You can post the exact error message and maybe we can help more.
https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html
https://docs.aws.amazon.com/lambda/latest/dg/lambda-permissions.html

hope this helps,
RT

rtt
answered 5 years ago
0

In the Execution role I have:

{
  "roleName": "lambda_role",
  "policies": [
    {
      "document": {
        "Version": "2012-10-17",
        "Statement": [
          {
            "Effect": "Allow",
            "Action": "logs:CreateLogGroup",
            "Resource": "arn:aws:logs:us-east-2:696215482432:*"
          },
          {
            "Effect": "Allow",
            "Action": [
              "logs:CreateLogStream",
              "logs:PutLogEvents"
            ],
            "Resource": [
              "arn:aws:logs:us-east-2:696215482432:log-group:/aws/lambda/get-sheet-data:*"
            ]
          }
        ]
      },
      "name": "AWSLambdaBasicExecutionRole-11a867c9-e852-454d-a3f3-4b402295bada",
      "id": "ANPA2EGNNGBACNUXA63TP",
      "type": "managed",
      "arn": "arn:aws:iam::696215482432:policy/service-role/AWSLambdaBasicExecutionRole-11a867c9-e852-454d-a3f3-4b402295bada"
    }
  ],
  "trustedEntities": [
    "lambda.amazonaws.com"
  ]
}
mstracker
answered 5 years ago
0

I tried creating a brand new function. Ran the function then clicked "logs" and got this error:

 There was an error loading Log Streams. Please try again by refreshing this page.

At the top of the cloudwatch page. Can't create a log stream either.

mstracker
answered 5 years ago
0

Hello
To make it simple, try to run your function using the basic lambda role "AWSLambdaBasicExecutionRole"
if that works, then start limiting it.

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html

hope this helps
RT

rtt
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content