9

How do get logging from custom authorizer lambda function in API Gateway? I do not want to enable logging for API. I need logging from authorizer lambda function. I use a python lambda function and have prints in the code. I want to view the prints in Cloud Watch logs. But logs are not seen in cloud watch. I do not get errors either. What am I missing?
Lambda has execution role role/service-role/MyLambdaRole. This role has the policy to write to cloud watch.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "logs:CreateLogGroup",
            "Resource": "arn:aws:logs:us-east-1:123456:*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": [
                "arn:aws:logs:us-east-1:123456:log-group:MyCustomAuthorizer:*"
            ]
        }
    ]
}

I also tested by adding CloudWatchLogsFullAccess policy to role/service-role/MyLambdaRole role.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
Improve this question

2 Answers 2

Reset to default
3

I deleted the lambda function, IAM role, custom authorizer from API Gateway. Recreated all the above with the same settings and published the API. It started working and logging as expected. I do not know what was preventing earlier to log to cloud watch logs. Weird!!

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I'm getting this too. Recreation didn't help. Have you found the cause by any chance?
Same problem here
Same problem here
1

When I set up my authorizer, I set a Lambda Event payload for a custom header, and I had neglected to set that header in my browser session. According to the documentation at https://docs.aws.amazon.com/apigateway/latest/developerguide/configure-api-gateway-lambda-authorization-with-console.html, section 9b, the API Gateway will throw a 401 Unauthorized error without even executing the Lambda function. So that was the source of the problem.

Improve this answer

1 Comment

How does this relate to the question?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.