How do I resolve the "error loading Log Streams" error for Lambda function logs in the CloudWatch console?

Last updated: 2019-07-29

When I try to view logs for my AWS Lambda function in the Amazon CloudWatch console, I get the error "There was an error loading Log Streams. Please try again by refreshing this page." How do I fix this?

Short Description

This error occurs when you try to view Lambda logs in CloudWatch using the AWS Management Console, and the log group doesn't exist. Logs are generated only after you run your function for the first time. If there's no log group, it's usually because of an issue with your function's AWS Identity and Access Management (IAM) permissions.

Note: For permissions-related logging issues for Lambda@Edge, see Service-Linked Roles for Lambda@Edge.

Resolution

Make sure that your Lambda function's execution role has sufficient permissions to write logs to CloudWatch, and that the log group resource in the IAM policy includes your function's name.

In the IAM console, review and edit the IAM policy for the execution role to make sure that:

  • The write actions CreateLogGroup and CreateLogStream are allowed.
    Note: If you don't need custom permissions for your function, you can attach the managed policy AWSLambdaBasicExecutionRole, which allows Lambda to write logs to CloudWatch.
  • The AWS Region specified in the Amazon Resource Name (ARN) is the same as your Lambda function's Region.
  • The log-group resource includes your Lambda function name. For example, if your function is named myLambdaFunction, the log-group is /aws/lambda/myLambdaFunction.

For reference, here's an example JSON policy document with the required permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "logs:CreateLogGroup",
            "Resource": "arn:aws:logs:region:accountId:*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": [
                " arn:aws:logs:region:accountId:log-group:/aws/lambda/functionName:*"
            ]
        }
    ]
}

Did this article help you?

Anything we could improve?


Need more help?