top of page

Your Ultimate Guide to SAM Logs: Comprehensive Overview and Best Practices


In the world of serverless applications, monitoring and debugging can be challenging due to the distributed nature of the architecture. Amazon Web Services (AWS) provides various tools to manage and monitor these applications, and SAM (Serverless Application Model) logs play a crucial role in this process. Understanding SAM logs is essential for effective troubleshooting, performance tuning, and maintaining the health of your serverless applications. This guide will dive deep into the concept of SAM logs, exploring their importance, how to access and interpret them, and best practices for their use.

What are SAM Logs?


SAM logs refer to the logs generated by serverless applications deployed using AWS SAM. These logs capture various events, errors, and performance metrics that occur within your serverless application, providing insights into its behavior and performance.

SAM logs image

Importance of SAM Logs

SAM logs are vital for:

  • Debugging: Identifying and resolving issues within your serverless application.

  • Performance Monitoring: Tracking performance metrics to ensure optimal operation.

  • Security Auditing: Monitoring for any security-related events or breaches.

  • Operational Insights: Understanding the application's behavior in different environments.

Setting Up SAM Logging


Before setting up SAM logging, ensure you have:

  • An AWS account.

  • AWS CLI configured on your local machine.

  • SAM CLI installed.

Configuring Logging in SAM Template

In your SAM template, you can configure logging by specifying the appropriate resources and log groups.





    Type: AWS::Serverless::Function


      Handler: index.handler

      Runtime: nodejs14.x



          Type: Api


            Path: /myapi

            Method: get



          LOG_LEVEL: INFO


        - AWSLambdaBasicExecutionRole

      Tracing: Active


        LogGroupName: /aws/lambda/my-function

        RetentionInDays: 14

Deploying the SAM Application

Deploy your SAM application using the SAM CLI:


sam deploy --guided

This command will guide you through the deployment process, including setting up the necessary IAM roles and permissions.

Accessing SAM Logs

Using AWS Management Console

You can access SAM logs via the AWS Management Console:

  1. Navigate to the CloudWatch service.

  2. Select "Log groups" from the left-hand menu.

  3. Find the log group associated with your Lambda function (e.g., /aws/lambda/my-function).

  4. Select the log group to view individual log streams and their entries.


You can also access logs using the AWS CLI:


aws logs describe-log-streams --log-group-name /aws/lambda/my-function

aws logs get-log-events --log-group-name /aws/lambda/my-function --log-stream-name <log-stream-name>


The SAM CLI provides a convenient way to fetch logs for your SAM application:


sam logs -n MyFunction --stack-name my-stack --tail

This command streams logs in real-time for the specified function.

Interpreting SAM Logs

Log Structure

SAM logs typically include the following components:

  • Timestamp: The time when the log entry was created.

  • Request ID: A unique identifier for the request.

  • Log Level: The severity of the log entry (e.g., INFO, WARN, ERROR).

  • Message: The actual log message.



START RequestId: e1234567-89ab-cdef-0123-456789abcdef Version: $LATEST

2023-07-10T12:34:56.789Z e1234567-89ab-cdef-0123-456789abcdef INFO Message: Function started

2023-07-10T12:34:57.123Z e1234567-89ab-cdef-0123-456789abcdef ERROR Message: An error occurred

END RequestId: e1234567-89ab-cdef-0123-456789abcdef

Common Log Entries

  • START: Indicates the start of a Lambda function invocation.

  • END: Indicates the end of a Lambda function invocation.

  • REPORT: Provides execution details such as duration, memory used, and billing information.

Analyzing Logs

When analyzing logs, look for patterns or anomalies that could indicate issues. Pay attention to:

  • Error Messages: These often provide clues about what went wrong.

  • Performance Metrics: Track execution time and memory usage to identify performance bottlenecks.

  • Trace IDs: Use trace IDs to correlate logs across different services and components.

Best Practices for Using SAM Logs

Implement Structured Logging

Structured logging involves using a consistent format for log messages, making it easier to parse and analyze logs programmatically.




  level: 'info',

  message: 'Function started',

  requestId: context.awsRequestId,

  timestamp: new Date().toISOString()


Use Log Levels Effectively

Different log levels (DEBUG, INFO, WARN, ERROR) help prioritize and filter log messages based on their severity.

Set Log Retention Policies

Configure log retention policies to manage the lifecycle of your logs and optimize storage costs.





    Type: AWS::Logs::LogGroup


      LogGroupName: /aws/lambda/my-function

      RetentionInDays: 14

Enable Tracing

Enable AWS X-Ray tracing to gain deeper insights into the performance and behavior of your serverless application.



Tracing: Active

Automate Log Analysis

Use tools like AWS CloudWatch Logs Insights to automate log analysis and gain actionable insights.



aws logs start-query --log-group-name /aws/lambda/my-function --start-time 1633046400 --end-time 1633132800 --query-string 'fields @timestamp, @message | sort @timestamp desc | limit 20'

Monitor Logs for Security

Set up alerts and monitoring for any suspicious activities or security breaches.





    Type: AWS::Logs::MetricFilter


      LogGroupName: /aws/lambda/my-function

      FilterPattern: "[ERROR, ...]"


        - MetricValue: 1

          MetricNamespace: MyNamespace

          MetricName: ErrorCount

Common Issues and Troubleshooting

Missing Logs

If logs are missing, ensure that:

  • Logging is correctly configured in your SAM template.

  • IAM roles have the necessary permissions to write logs.

  • The log retention policy has not expired.

High Log Volumes

High volumes of logs can lead to increased costs and performance issues. To mitigate this:

  • Filter out unnecessary logs.

  • Implement log aggregation and analysis tools.

Log Parsing Errors

Structured logs can sometimes lead to parsing errors. Ensure that:

  • The log format is consistent.

  • JSON log messages are properly escaped.


SAM logs are an indispensable tool for monitoring, debugging, and optimizing serverless applications. By understanding how to set up, access, and interpret these logs, you can maintain the health and performance of your serverless applications. Implementing best practices, such as structured logging and effective use of log levels, will further enhance your ability to manage and analyze logs efficiently.

Key Takeaway

Definition and Importance: SAM logs are essential for monitoring, debugging, and optimizing serverless applications deployed with AWS SAM, capturing events, errors, and performance metrics.

Setting Up SAM Logging:

  • Use AWS SAM templates to configure logging settings for Lambda functions.

  • Deploy applications with SAM CLI to set up IAM roles and permissions automatically.

Accessing and Interpreting SAM Logs:

  • Access logs via AWS Management Console, AWS CLI, or SAM CLI.

  • Interpret logs with structured components like timestamps, request IDs, log levels, and messages.

Best Practices for Using SAM Logs:

  • Implement structured logging for easier parsing and analysis.

  • Utilize log levels (DEBUG, INFO, WARN, ERROR) effectively.

  • Set log retention policies to manage storage costs.

  • Enable AWS X-Ray tracing for deeper performance insights.

  • Automate log analysis with tools like AWS CloudWatch Logs Insights.

Common Issues and Troubleshooting:

  • Address missing logs by checking SAM template configurations and IAM permissions.

  • Manage high log volumes with filtering and aggregation techniques.

  • Ensure consistent log formats to prevent parsing errors, especially with JSON logs.

Conclusion: Mastering SAM logs enhances the management and optimization of serverless applications on AWS, ensuring robust monitoring and effective debugging capabilities.


What are SAM logs?

SAM logs are logs generated by serverless applications deployed using AWS SAM. They capture various events, errors, and performance metrics.

How do I access SAM logs?

You can access SAM logs using the AWS Management Console, AWS CLI, or SAM CLI.

Why are SAM logs important?

SAM logs are crucial for debugging, performance monitoring, security auditing, and gaining operational insights into your serverless application.

How can I set up logging in my SAM application?

You can configure logging in your SAM template by specifying the appropriate resources and log groups, and deploying the application using the SAM CLI.

What are some best practices for using SAM logs?

Best practices include implementing structured logging, using log levels effectively, setting log retention policies, enabling tracing, automating log analysis, and monitoring logs for security.

Article Sources


bottom of page