Solution :
Please ensure that your Lambda's Execution Role has the Policy that allows the writing to CloudWatch Logs from the Lambda.
IAM console -> 'Roles' -> < your Lambda's role > -> 'Permissions' tab -> 'Permissions policies' accordion
Try to ensure that there is the Policy listed that has the parameters set like below :
· 'For Service': "CloudWatch Logs"
· 'For Access level': includes at least the "Write"
· 'For Resource': your Lambda should not be excluded it should not be set to another specific Lambda, or any another directory of Lambdas, or any another resource type.
· 'For Request condition': Should not preclude the context of the given Lambda execution
An example of the "AWS managed policy" that should meet these requirements the out-of-the-box, being that it is AWS-managed is the "AWSLambdaBasicExecutionRole". It has below parameters:
· 'For Service': "CloudWatch Logs"
· 'For Access level': "Limited: Write"
· 'For Resource': "All resources"
· 'For Request condition': "None"
If the Role does not have above policy already, either need to add the new one or need to edit and existing one to have your requirements listed here - then your error must be resolved.
