By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AppSync auto-created log group fails to create log group in CloudWatch

0

The log group I created for my amplify sandbox appsync is erroring when accessing logs on CloudWatch via the auto-created log group from appsync. I've run the query via appsync and it returns without error, I have other instances where I am able to get this functionality to work, but it's been erroring for me as shown on all new deployments.

First image is the AppSync page showing the logging enabled and log group Enter image description here

Second image is when you click on the log-group link from the first image Enter image description here

Any help would be appreciated, thank you.

Topics
ServerlessFront-End Web & MobileApplication IntegrationManagement & Governance
Tags
AWS AppSyncAWS AmplifyAmazon CloudWatch Logs
Language
English
BuilderNow
asked a month ago20 views
1 Answer
0

It sounds like the issue you're encountering is related to permissions or the configuration between AppSync and CloudWatch Logs. Here are a few steps you can take to resolve the issue:

  1. Check IAM Permissions: AppSync needs the correct IAM permissions to create log groups and write logs to CloudWatch. Verify that the IAM role associated with AppSync has permissions to write logs to CloudWatch. You can check and ensure that the IAM role has the following permissions:

logs:CreateLogGroup

logs:CreateLogStream

logs:PutLogEvents

If the IAM role doesn't have these permissions, you can add them by attaching the appropriate policy to the AppSync role.

  1. Ensure Log Group Exists: Check if the log group that AppSync is trying to write to exists. In some cases, the log group might not be created automatically due to a delay in provisioning or permission issues. Try manually creating the log group in CloudWatch and see if it resolves the issue.

You can create a log group manually via the AWS Console:

Go to CloudWatch.

Under Logs, click on Log groups.

Click Create log group and provide the same name that AppSync is attempting to use.

  1. Review the Error Message: Check the specific error message returned by AppSync when trying to access the log group. This might provide more context, such as permission issues, invalid configuration, or network connectivity issues.

  2. Check CloudWatch Logs for Errors: Sometimes AppSync writes errors or messages to CloudWatch logs itself. Look for any error messages related to logging in the CloudWatch logs, particularly under the log group AppSync tries to write to.

  3. Check AppSync Settings: Make sure the AppSync settings for logging are configured correctly:

In the AWS AppSync Console, go to your API settings and ensure that logging is enabled and the correct log group is selected.

Make sure the log level (e.g., ALL, ERRORS) is set appropriately.

  1. Check for Existing Log Stream: If the log group exists, but the issue is with the log stream, make sure that AppSync can create a new log stream under the log group. This might be a permission issue if the stream creation permissions are not granted.

  2. Ensure Correct Region: Ensure that both your AppSync API and CloudWatch Logs are in the same AWS region. Cross-region communication might sometimes result in issues with log creation.

  3. Enable Detailed Logging in AppSync: If you're not seeing enough detail in the AppSync logs, you might want to increase the log level or enable additional logging in the AWS Console for troubleshooting.

  4. Review Network and Service Limits: Sometimes there could be issues with VPC configuration (if AppSync is deployed in a VPC) or AWS service limits that prevent proper log creation.

regards, M Zubair https://zeonedge.com

M Zubair Bin Ramzan
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content