Hm just a general question, pulumi logs is marked as [PREVIEW] in the CLI docs. Does this mean it's in a testing state/not prod ready? I ask because I launched a simple s3 bucket with magic inline lambda (with console logs) to test pulumi. After pulumi up, the resources are up, and I see the console.log in cloudwatch logs (amazing!). However pulumi logs doesn't appear to be collecting the logs at all (either with -f or pulumi logs).

It's marked "preview" as there's a lot more we want to do to make this a fully support feature of the

pulumi

CLI (support the same configuration as the underrlying providers, add support for Kubernetes, Azure, GCP, etc.). But for Lambda, this should definitely work. It may take 10-30s for logs to show up (CloudWatch itself has some non-trivial delay here). How are you configuring credentials for AWS? You can run

pulumi log --logtostderr -v=8

to see verbose logs, which may include more details on why logs aren't being received - though it would ultimately likely be a bug if you really aren't seeing these logs.

Ah I see. The output of that revealed: I1117 214613.767379 95030 operations_aws.go:205] [getLogs] Error getting logs: /aws/lambda/onlambda-1c7755c NoCredentialProviders: no valid providers in chain. Deprecated. I have been using

pulumi config set aws:profile my-secret-profile

to configure my credentials. I just

cat ~/.aws/credentials

and

cat ~/.aws/config

and see both setup there (

[my-secret-profile] and [profile my-secret-profile]

). It's interesting. But now that I have an idea of where to look, I'll continue looking into it and debugging it (after my main goal is complete) and if I have any issues or findings I'll also raise a PR! It's probably easier to just use the default credential provider or maybe use environment variables I assume, if things don't work. But thank you for your help and direction! 🙂