terraform

Debugging Terraform Cloudwatch Logging

Serverless would create logging for you, but Terraform is more complicated. You have to create the individual pieces yourself.


Things to check:


1.) Go to the AWS Console section for Lambda, is the function being invoked? You can see in the monitor -> metrics tab.

2.) Does the log exist and it's correctly named? In the same tab, click View Logs in Cloudwatch, it will bring you to the log that should exist.

3.) Hit the function manually, either with api gateway or via cli... does it run without error?

4.) Do you have the correct permissions to call the function? E.g. cloudwatch events needs permission to call lambda, lambda needs permission to log to the log group, etc.


An example lambda setup might create the following resources:

provider "aws"
data "archive_file"
resource "aws_lambda_function"
resource "aws_iam_policy"
resource "aws_iam_role_policy_attachment"
resource "aws_iam_role"
resource "aws_apigatewayv2_api"
resource "aws_apigatewayv2_stage"
resource "aws_apigatewayv2_integration"
resource "aws_apigatewayv2_route"
resource "aws_cloudwatch_log_group"
resource "aws_lambda_permission" # Lets API Gateway connect to Lambda
resource "aws_cloudwatch_event_rule"
resource "aws_cloudwatch_event_target"
resource "aws_lambda_permission" # Lets Event Bridge a.k.a. Cloudwatch events connect to Lambda