Logs are always an important source of information especially to find the cause of errors or to comprehend what’s going on in a service. To permit the IoT service to write to Amazon CloudWatch in your account a service role is needed. This role has been already created through CloudFormation.
You can find the role name in the AWS CloudFormation console in the outputs section as IoTServiceRoleName. The role name will look similar to DeviceManagementWorkshop-IoTWSIoTServiceRole-UNIQUE_STRING.
Go to the AWS IoT Core console
Info) -> EditInfoDeviceManagementWorkshop-IoTWSIoTServiceRole-UNIQUE_STRINGConfigure now the newer version 2 logging for AWS IoT. The v2 logging format uses JSON instead of plain text and in general the logging latency is lower.
You will use the cli to set the v2 logging options. To set the logging options you need to have the arn of the IAM role that you used above. Look up the role arn in the outputs section of your CloudFormation stack under IoTServiceRoleArn. The role arn looks similar to arn:aws:iam::AWS_ACCOUNT_ID:role/DeviceManagementWorkshopTest-IoTWSIoTServiceRole-UNIQUE_STRING
In a Cloud9 terminal:
aws iot set-v2-logging-options --default-log-level INFO --role-arn YOUR_ROLE_ARN
aws iot get-v2-logging-options
The output of the command should look similar to:
{
"roleArn": "YOUR_ROLE_ARN",
"defaultLogLevel": "INFO",
"disableAllLogs": false
}
The log files from AWS IoT are send to Amazon CloudWatch. The AWS CloudWatch console can be used to examine these logs.