Enable logging

Logs are always an important source of information especially to find the cause of errors or to comprehend what’s going on in a service. To permit the IoT service to write to Amazon CloudWatch in your account a service role is needed. This role has been already created through CloudFormation.

You can find the role name in the AWS CloudFormation console in the outputs section as IoTServiceRoleName. The role name will look similar to DeviceManagementWorkshop-IoTWSIoTServiceRole-UNIQUE_STRING.

Go to the AWS IoT Core console

  1. Get started (only if no resources are provisioned)
  2. Settings
  3. Logs (only if Level of verbosity is not set to Info) -> Edit
  4. Level of verbosity: Info
  5. Set role -> Select DeviceManagementWorkshop-MiscResour-IoTServiceRole--UNIQUE_STRING
  6. Update

Configure now the newer version 2 logging for AWS IoT. The v2 logging format uses JSON instead of plain text and in general the logging latency is lower.

You will use the cli to set the v2 logging options. To set the logging options you need to have the arn of the IAM role that you used above. Look up the role arn in the outputs section of your CloudFormation stack under IoTServiceRoleArn. The role arn looks similar to arn:aws:iam::AWS_ACCOUNT_ID:role/DeviceManagementWorkshop-MiscResour-IoTServiceRole--UNIQUE_STRING

In a Cloud9 terminal:

  • Enable v2 logging
aws iot set-v2-logging-options --default-log-level INFO --role-arn YOUR_ROLE_ARN
  • Verify the new logging settings
aws iot get-v2-logging-options

The output of the command should look similar to:

{
    "roleArn": "YOUR_ROLE_ARN",
    "defaultLogLevel": "INFO",
    "disableAllLogs": false
}

The log files from AWS IoT are send to Amazon CloudWatch. The AWS CloudWatch console can be used to examine these logs.