AWS Lambda@Edge debugging

Question

I'm currently working on a lambda@edge function. I cannot find any logs on CloudWatch or other debugging options.

When running the lambda using the "Test" button, the logs are written to CloudWatch.

When the lambda function is triggered by a CloudFront event the logs are not written.

I'm 100% positive that the event trigger works, as I can see its result.

Any idea how to proceed?

Thanks ahead,
Yossi

Answer 1

1) Ensure you have provided permission for lambda to send logs to cloudwatch. Below is the AWSLambdaBasicExecutionRole policy which you need to attach to the exection role which you are using for your lambda function.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}

2) Lambda creates CloudWatch Logs log streams in the CloudWatch Logs regions closest to the locations where the function is executed. The format of the name for each log stream is /aws/lambda/us-east-1.function-name where function-name is the name that you gave to the function when you created it. So ensure you are checking the cloudwatch logs in the correct REGION.

Answer 2

In case anyone finds it useful. The fact that AWS prefixes your function name, which breaks the built-in "CloudWatch at a glance" Dashboard, and that Lambda@Edge runs across multiple regions inspired me to create this CloudWatch Dashboard template that gives you similar standard monitoring for all regions in one dashboard.