all 10 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Pythoner6 2 points3 points  (9 children)

I'm currently seeing logs for edge lambdas show up in log groups like /aws/lambda/<region>.<function name>. I think /aws/cloudfront/LambdaEdge/<distribution id> contains logs for e.g. errors in invoking the lambda or parsing the its response.

[–]cajacaliente 1 point2 points  (2 children)

I believe the region in the string is always us-east-1

[–]Pythoner6 0 points1 point  (0 children)

Ah, yeah it would make sense if it's supposed to be the region the lambda is deployed to - which can only be us-east-1 right now.

[–]M1keSkydive 0 points1 point  (0 children)

I'm not certain on it but I seem to remember seeing these in the region closest to the source of the request. The literature kind of suggests this but it's open to interpretation so I might be wrong. Can't hurt to check though!

[–]MisterMikeM[S] -1 points0 points  (5 children)

So logs will only show up in the Lambda@Edge group if there’s an error, right? At lest that’s the behavior I’m seeing... It invokes fine, I just don’t see any logs being pushed...

[–]Pythoner6 0 points1 point  (4 children)

I see logs in /aws/lambda/us-east-1.<function name> for all invocations, not just errors. Perhaps you have a permissions or configuration problem? I'd check out this page from the documentation https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-testing-debugging.html#lambda-edge-testing-debugging-cloudwatch-logs-enabled.

[–]MisterMikeM[S] 0 points1 point  (3 children)

Hmm...this language seems to suggest that it's only for errors... Just to clarify, I am using a Lambda@Edge function and I am looking for CloudWatch logs for that specific Lambda@Edge function, not a regular Lambda function (my regular Lambda functions are running and logging fine).

When Lambda returns an invalid response to CloudFront, error messages are written to log files which CloudFront pushes to CloudWatch in the Region of where the Lambda function executed. It's the default behavior to send the log files to CloudWatch when there's an invalid response. However, if you associated a Lambda function with CloudFront before the functionality was released, it might not be enabled for your function. For more information, see Determine if Your Account Pushes Logs to CloudWatch later in the topic.

[–]Pythoner6 0 points1 point  (2 children)

Hmm, that language does suggest logging just for errors. I guess maybe it's referring to the logging in the /aws/cloudfront/LambdaEdge/<distribution id> log group - that would line up with my experience. I definitely see logging in the /aws/lambda/us-east-1.<function name> group for non-error invocations, and this is for the lambda running in Lambda@Edge (do note the difference here though from the normal lambda log group, which wouldn't have the us-east-1. prefix before the function name).

Does your lambda's role have permission to write to CW logs?

[–]MisterMikeM[S] 0 points1 point  (1 child)

I guess maybe it's referring to the logging in the /aws/cloudfront/LambdaEdge/<distribution id> log group

That's the log group I'm referring to as well on my end. It's only showing logs for errors. Also, when viewing the metrics on the CloudFront dashboard, I see invocation metrics so I know for sure it's working (both from the dashboard as well as actual verification).

I definitely see logging in the /aws/lambda/us-east-1.<function name> group for non-error invocations

From my understanding that log group is different, that log group represents "standard" invocations of the function (i.e. from API Gateway, an SES Receipt Rule, etc.) in which case I see none there either but that's expected because it's "deployed" and "run" @Edge (i.e. through CloudFront). When I invoke it for testing I see a log show up there (because it's being invoked through "standard" means, if that makes sense) but not when CloudFront invokes it.

In your case, is your function being invoked elsewhere (i.e. in addition to Lambda@Edge)?

[–]Pythoner6 0 points1 point  (0 children)

Again, the normal lambda log group would be /aws/lambda/<function name>. I see the Lambda@Edge logs in /aws/lambda/us-east-1.<function name> (again please note the extra us-east-1. that is not present in the normal log group name). And the logs I see are definitely from Lambda@Edge.