Access to CloudWatch Logs
Lambda roles must have access to CloudWatch Logs. If you are building a policy manually, ensure that it includes:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "logs:CreateLogGroup", "Resource": "arn:aws:logs:region:accountID:*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ "arn:aws:logs:region:accountID:log-group:/aws/lambda/functionname:*" ] } ] }
If the role is missing these permissions, the function still runs but it is unable to log any output to the CloudWatch service.