When using the `Api` construct, do we not get auto...
# sstp
PĂ„l Brattberg
03/29/2021, 10:42 PMWhen using the
Apif
Frank
03/29/2021, 10:43 PM
Has the function/route been invoked? Log Group for Lambda functions are created by Lambda automatically on first invocation? They are not explicitly defined in CloudFormation.
t
thdxr
03/29/2021, 10:43 PMI usually find it from the aws console under the specific function
thdxr
03/29/2021, 10:44 PMin one of the tabs there's a link to the logs in cloudwatch
p
PĂ„l Brattberg
03/29/2021, 10:50 PMAh,
Your function doesn't have permission to write to Amazon CloudWatch Logs.Apif
Frank
03/29/2021, 10:53 PM
oh hmm.. where are you seeing this error msg?
p
PĂ„l Brattberg
03/29/2021, 10:58 PMIn Lambda view, in AWS web console
PĂ„l Brattberg
03/29/2021, 10:58 PM(when I finally tracked it down, it was named
test-peasy-backoffice-api-LambdaGETbackofficeapipi-1HJG7MOENF5TRPĂ„l Brattberg
03/29/2021, 10:58 PMđ
PĂ„l Brattberg
03/29/2021, 10:58 PMWrote some more on this at https://github.com/serverless-stack/serverless-stack/discussions/236
f
Frank
03/29/2021, 11:33 PM
Thanks @PĂ„l Brattberg.
Frank
03/29/2021, 11:34 PM
But itâs really weird that ur Lambda functions donât have permission to write to CW Logs⊠all Lambda functions are supposed to have the AWS managed
AWSLambdaBasicExecutionRoleFrank
03/29/2021, 11:39 PM
If you look at the generated cloudformation template in ur
.build/cdk.outAWS::IAM::Role Copy code
"MySnsLambdaServiceRoleA8A39BC9": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "<http://lambda.amazonaws.com|lambda.amazonaws.com>"
}
}
],
"Version": "2012-10-17"
},
"ManagedPolicyArns": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
]
]
}
]
},
...Frank
03/29/2021, 11:40 PM
Every Lambdaâs execution role should has the
AWSLambdaBasicExecutionRoleManagedPolicyArns