Set up CloudWatch logging, but nothing’s coming through? I’ve been there.
I put together a quick guide to help you troubleshoot the issue, from checking log groups and IAM permissions to testing with the AWS CLI.
Step 1: Check if the Log Group and Log Stream Exist
- Go to CloudWatch → Logs → Log groups.
- Find your log group, click in, and see if there’s a log stream inside.
- If you don’t see one, your application probably hasn’t created it yet.
No log group or stream? Time to check permissions or your app’s config (more on that next).
Step 2: Make Sure the App Has the Right Permissions
- Whatever’s supposed to be writing logs, Lambda, EC2, a container, you name it, needs the right IAM permissions.
- Go to IAM → Roles, find the role your service is using, and make sure it has these permissions:
-
logs:CreateLogGroup -
logs:CreateLogStream -
logs:PutLogEvents
-
- Without these, CloudWatch can’t do much—so double-check that they’re there.
Step 3: Check the Retention Settings
- Sometimes the logs are getting created but getting cleaned up really quickly.
- In CloudWatch → Logs, click on your log group, then check the Retention settings.
- If it’s set to just a few hours or days, consider bumping it up so you don’t miss anything.
Step 4: Try Restarting Your App or Lambda
- Try all, but nothing is working? It’s time to try turning it off and on again.
- Restarting your Lambda function or app often kicks off a new log stream and gets things moving again.
Step 5: Test with AWS CLI
- Still no luck? Let’s rule out CloudWatch as the issue.
- Try sending a log manually using the AWS CLI:
- If that test log shows up, then CloudWatch is fine, it’s your app that’s holding out on you.
Bonus Tip: Use CloudWatch Log Insights
Once you do get logs showing up, don’t forget to use Log Insights. It’s a super helpful way to search, filter, and analyze logs without digging through raw output line by line.
Thanks for reading. Want more AWS tips and troubleshooting guides? Subscribe to my newsletter below.
Leave a Reply