---
title: Lambda functions should have logging enabled
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Lambda functions should have logging
  enabled
---

# Lambda functions should have logging enabled
 
## Description{% #description %}

Lambda functions should have proper logging permissions to send logs to CloudWatch Logs for monitoring, debugging, and security auditing purposes. This check validates that the execution role has either the AWS managed logging policy or inline permissions for required CloudWatch Logs actions.

## Remediation{% #remediation %}

Attach the AWS managed policy `AWSLambdaBasicExecutionRole` to the Lambda execution role, or add inline permissions for `logs:CreateLogGroup`, `logs:CreateLogStream`, and `logs:PutLogEvents`. Refer to [Sending Lambda function logs to CloudWatch Logs](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-cloudwatchlogs.html).