Why Won't My Lambda Functions Write To Cloud Watch Logs TLDR;
If you would like to see the full version of this article please click Here
What Is The Cause?
When the Lambda function executes, one item it relies on for permissions is the role it is configured to assume. The Lambda function can only perform actions against the AWS API that the role allows. The problem lies in this execution role does not have the permissions to write the data to CloudWatch.
How Do I Resolve It?
AWS provides a policy that contains the necessary permissions to write to the CloudWatch logs named “AWSLambdaBasicExecutionRole”.
To add the this policy to the IAM Role, follow these steps.
- Start by navigating to the IAM portion of the AWS Web Console.
- From the left hand menu, choose the roles tab.
- Click the role used by your lambda function.
- With the permissions tab open, choose “Attach Policies”.
- In the search box, search for AWSLambdaBasicExecutionRole
- Place a check next to the policy named “AWSLambdaBasicExecutionRole”. Ensure the type is an “AWS Managed Policy”
- Click Attach Policy
Now that this policy has been added, the Lambda function is able to write to the cloud watch logs.