By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Lambda function not displaying logs to CloudWatch unless the function is modified and re-deployed

0

I'm working with three lambdas: the first one has an API Gateway for a trigger, the second one has an SQS FIFO queue (let's name it queue1) as a trigger, and the third one has also an SQS FIFO queue (let's name it queue2) as a trigger. I also have one DLQ FIFO queues for each of those FIFO queues (2 DLQs in total).

So, whenever I trigger the first lambda through the API Gateway, I can see the message being processed in the queues (appears in flight for queue1, and if the retries are exceeded or the visibility timeout expires, that message goes to the DLQ for queue1). Nevertheless, I cannot see any logs on CloudWatch.

At first, one may think that this is a problem regarding permissions. I have this IAM role with these permissions. This same role is used by the three lambdas.

The roles used by my lambdas

Now, in the image, you can see that I have two customer inline policies. These are for allowing sending and receiving messages from the SQS FIFO queues that I have. I have one policy per queue, and this is what I have inside of them:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "sqs:ReceiveMessage",
                "sqs:SendMessage",
                "sqs:GetQueueAttributes"
            ],
            "Resource": "arn:aws:sqs:<rest-of-the-arn>.fifo"
        }
    ]
}

I have read this StackOverflow thread and tried what they suggest (checking for the AWSLambdaBasicExecutionRole to be present, changing the function timeout by a second, etc.), and it works for the first execution after the change. But then, If i trigger again my workflow through the API Gateway, no log is printed, but everything else works fine.

The only thing that I have not tried yet is to have one role per lambda, and specify explicitly the arn for the CloudWatch log groups. Nevertheless, I don't think that this is the problem, since re-deploying the functions each time that I want to get a log makes everything work fine, but just one time.

What do you think could be causing this?

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content DeliveryApplication IntegrationManagement & Governance
Tags
AWS LambdaAmazon API GatewayAmazon Simple Queue ServiceAmazon CloudWatchLog Groups
Language
English
Arturo Avila
asked 7 months ago300 views
1 Answer
0

Where are you verifying the logs? Directly in Lambda? CloudWatch Log Stream? Cloudwatch Log Insights?

AWS
vtjean
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content