Which action should a developer take to allow logs for the Lambda function to appear in CloudWatch?

By:
In: DVA-C01
Tagged:
With: 1 Comment
An AWS Lambda function that Is running in a test environment is not working property.However, there is no error associated with the Lambda function in the Amazon CloudWatch logs for the account.The Lambda function’s permissions do not include a resource-based policy.The Lambda function’s execution role has properly configured trust relationships and has no permissions policies attached.

Which action should a developer take to allow logs for the Lambda function to appear in CloudWatch?

Attach the AWSLambda8asicExecutionRole managed policy to the Lambda function’s execution role.

Set the AWSLambdaBasicExecutionRole managed policy as the Lambda function’s resource-based policy.

Attach the CloudWatchLambdaInsightsExecutionRolePolicy managed policy to the Lambda function’s execution role.

Set the CloudWatchLambdaInsightsExecutionRolePolicy managed policy as the Lambda function’s resource-based policy.

Explanations:

The AWSLambdaBasicExecutionRole managed policy provides the necessary permissions for Lambda functions to write logs to CloudWatch Logs. This will allow logs to appear.

Resource-based policies are not used to enable logging to CloudWatch. Instead, permissions for logging must be granted directly to the Lambda execution role.

The CloudWatchLambdaInsightsExecutionRolePolicy policy is specific to CloudWatch Lambda Insights, which is used for additional monitoring and metrics, not basic logging.

Resource-based policies are not applicable here, as permissions to write to CloudWatch Logs must be set in the Lambda execution role itself, not as a resource policy.

2025-10-14

1 Comment

  1. Karen
    Author

    As I see it, the answer is:
    Attach the AWSLambda8asicExecutionRole managed policy to the Lambda function’s execution role.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × three =