https://serverless-stack.com/ logo
#sst
Title
# sst
p

Pål Brattberg

03/29/2021, 10:42 PM
When using the
Api
construct, do we not get automatic `LogGroup`s for our functions/routes? Only the access logs? I can't find logging output from my functions anywhere, but guessing I'm just too tired? 🤪
f

Frank

03/29/2021, 10:43 PM
Has the function/route been invoked? Log Group for Lambda functions are created by Lambda automatically on first invocation? They are not explicitly defined in CloudFormation.
t

thdxr

03/29/2021, 10:43 PM
I usually find it from the aws console under the specific function
in one of the tabs there's a link to the logs in cloudwatch
p

Pål Brattberg

03/29/2021, 10:50 PM
Ah,
Your function doesn't have permission to write to Amazon CloudWatch Logs.
I used to create my functions explicitly (with more permissions), but now only let
Api
create them for me, that must be why they're missing now, and not earlier.
f

Frank

03/29/2021, 10:53 PM
oh hmm.. where are you seeing this error msg?
p

Pål Brattberg

03/29/2021, 10:58 PM
In Lambda view, in AWS web console
(when I finally tracked it down, it was named
test-peasy-backoffice-api-LambdaGETbackofficeapipi-1HJG7MOENF5TR
)
🙂
f

Frank

03/29/2021, 11:33 PM
Thanks @Pål Brattberg.
But it’s really weird that ur Lambda functions don’t have permission to write to CW Logs… all Lambda functions are supposed to have the AWS managed
AWSLambdaBasicExecutionRole
policy
If you look at the generated cloudformation template in ur
.build/cdk.out
and look for the
AWS::IAM::Role
resources, they should look something like:
Copy code
"MySnsLambdaServiceRoleA8A39BC9": {
 "Type": "AWS::IAM::Role",
 "Properties": {
   "AssumeRolePolicyDocument": {
     "Statement": [
       {
         "Action": "sts:AssumeRole",
         "Effect": "Allow",
         "Principal": {
           "Service": "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
         }
       }
     ],
     "Version": "2012-10-17"
   },
   "ManagedPolicyArns": [
     {
       "Fn::Join": [
         "",
         [
           "arn:",
           {
             "Ref": "AWS::Partition"
           },
           ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
         ]
       ]
     }
   ]
 },
...
Every Lambda’s execution role should has the
AWSLambdaBasicExecutionRole
under
ManagedPolicyArns