Hi,
I'm having a very hard time getting my Blazor project to output server logs when it's hosted on Amplify. I am rather new to AWS, so perhaps I missed something important, but I looked everywhere and can't find the right solutions.
- My project is a blazor web assembly app with a server.
- Recently the server started returning 404 errors with every API call, so I wanted to check my server logs. I would have expected it to be as easy as locating the log file and reading it, but I came to understand all logs go to CloudWatch instead, and that it's far from being automatic.
- Further investigation suggests CloudWatch won't receive logs from the .Net ILogger without using the aws-logging-dotnet package. I followed the steps, and managed to get my application to correctly output to CloudWatch - but this only works when running the app locally, not when it's hosted on Amplify.
- There could be a permissions issue with Amplify in order for it to output logs to CloudWatch. I wasn't able to identify which role Amplify is supposed to be using to access AWS services, other than perhaps it's automatic and doesn't require setting up a role. Some documentation suggested giving Amplify a service role with the required CloudWatch log permissions (create stream, create group, push logs, describe groups), but that hasn't helped.
- When my local app server starts, CloudTrail shows when my app creates a log stream. But this never happens with the Amplify-hosted app server. It doesn't show anything. Would it show if my app attempted to create a log stream, but was denied access?
What else could I try to identify the problem?
Thank you for this answer. I've done 1 and 2, and I believe this configuration is correct since I am able to view logs in CloudWatch when I run locally.
But I don't get any logs when my app is hosted on Amplify. It's unclear whether Amplify automatically has all permissions to write logs by default, or if there's a role I should modify. Perhaps I should ask another question more targeted at Amplify.
CloudTrail doesn't show any attempt to write the logs.