Centralized Logging on AWS
Centralized Logging on AWS

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Appendix D: Troubleshooting

The centralized logging solution logs error, warning, informational, and debugging messages for the solution’s AWS Lambda functions. To choose the type of messages to log, find the applicable function in the Lambda console and change the LOG_LEVEL environment variable to the applicable type of message.

Level Description
ERROR Logs will include information on anything that causes an operation to fail.
WARNING Logs will include information on anything that can potentially cause inconsistencies in the function but might not necessarily cause the operation to fail. Logs will also include ERROR messages.
INFO Logs will include high-level information about how the function is operating. Logs will also include ERROR and WARN messages.
DEBUG Logs will include information that might be helpful when debugging a problem with the function. Logs will also include ERROR, WARNING, and INFO messages.

Common Errors

AWS CloudFormation Primary Template Validation Error

If before you deploy the primary stack, you receive a Template validation error, verify that you are deploying the stack in an AWS Region that supports Amazon Cognito.


          Template validation error

Figure 3: Template validation error

Resolution

To deploy the primary stack in a region that supports Amazon Cognito, complete the following task:

  1. In the primary account, navigate to the AWS Management Console.

  2. In the console navigation bar, use the region selector to choose an AWS Region that supports Amazon Cognito.

    Note

    For the most current service availability by region, see AWS service offerings by region.

  3. Launch the stack.

AWS CloudFormation Stack Deletion Error

If you receive a Cannot unsubscribe a subscription that is pending confirmation message when you attempt to delete the solution’s AWS CloudFormation stack, retain the Amazon Simple Notification Service (Amazon SNS) subscription. Amazon SNS subscriptions in a pending state will be automatically deleted after three days.


          Stack deletion error

Figure 4: Stack deletion error

Resolution

After you receive the stack deletion error, complete the following task:

  1. Navigate to the AWS CloudFormation console.

  2. Select the applicable stack.

  3. For Action, choose Delete Stack.

  4. In the Delete Stack window, verify the checkbox next to the Amazon SNS subscription is selected.

    
                Delete stack window

    Figure 5: Delete stack window

  5. Select Yes, Delete.

LogStreamer AWS Lambda Function Permission Error

If the solution’s AWS Lambda function (LogStreamer) generates permission errors, verify that you granted the secondary account the appropriate permissions to index logs on the Amazon ES domain in the primary account by including the account IDs in the Spoke Accounts AWS CloudFormation parameter.


          Permission error

Figure 6: Permission error

Resolution

Complete the following task:

  1. In the primary account, navigate to the AWS CloudFormation console.

  2. Select the applicable stack.

  3. For Action, choose Update Stack.

  4. Select Next.

  5. For Spoke Accounts, enter the applicable secondary account IDs and select Next. Note that the format is comma separated (for more than one value).

  6. Select Next.

  7. On the Review page, review and confirm the settings. Be sure to check the box acknowledging that the template will create AWS Identity and Access Management (IAM) resources.

  8. Choose Update to update the stack.

  9. After the stack is updated, verify that the Lambda function does not show the permission errors.

Amazon ES Bulk Data Error

If you receive a postElasticSearchBulkData error, check to make sure that you provided the correct Amazon ES endpoint in the Elasticsearch Endpoint AWS CloudFormation parameter.


          Bulk data error

Figure 7: postElasticSearchBulkData error

Resolution

Complete the following task:

  1. In the applicable secondary account, navigate to the AWS CloudFormation console.

  2. Select the applicable spoke stack.

  3. For Action, choose Update Stack.

  4. Select Next.

  5. For Elasticsearch Endpoint, verify that you entered the correct endpoint. Make sure that the endpoint does not include https://. Then, select Next.

  6. Select Next.

  7. On the Review page, review and confirm the settings. Be sure to check the box acknowledging that the template will create AWS Identity and Access Management (IAM) resources.

  8. Choose Update to update the stack.

AWS CloudFormation Stack Update Error

If you receive an UPDATE_FAILED message when you try to update the stack to the new version, migrate to the new version instead of updating the stack.

Resolution

Follow the migration steps in Appendix C.

On this page: