Question #562
A developer has created an AWS Lambda function written in Python that processes data from an API Gateway and writes logs to Amazon CloudWatch. The function is successfully triggered by API Gateway, but no logs appear in CloudWatch. What is the MOST likely cause of this issue?
The Lambda function's execution role lacks permissions to write to CloudWatch Logs.
CloudWatch Logs requires a specific retention period setting.
The Lambda function is not configured with the correct environment variables.
The Lambda function's memory setting is too low.
Explanation
The correct answer is A because AWS Lambda needs the appropriate IAM permissions in its execution role to write logs to CloudWatch. Specifically, the role must include permissions for 'logs:CreateLogGroup', 'logs:CreateLogStream', and 'logs:PutLogEvents'. If these permissions are missing, the function will execute but fail to generate logs.
Why other options are incorrect:
- B: CloudWatch Logs retention settings are optional; logs are stored indefinitely by default.
- C: Environment variables configure runtime behavior but do not affect logging permissions.
- D: Low memory might cause runtime errors, but logs would still be generated if permissions are correct.
Key Takeaway: Always verify the Lambda execution role's IAM policies for CloudWatch Logs permissions when troubleshooting missing logs.
Answer
The correct answer is: A