Page updated Nov 11, 2023

Set up Logging

The Amplify Logger enables you to troubleshoot and debug issues with your apps, to help you provide the best experience for your customers. You can log messages for errors by the Amplify library and add custom logs as well and send them to Amazon CloudWatch. With the Amplify Logger, you also can remotely change your logging configuration to adjust your logging levels, or add an allow list of customer IDs to help you detect issues more granularly for your apps in production.


An application with Amplify libraries integrated and a minimum target of any of the following:

  • iOS 13.0, using Xcode 14.1 or later.
  • macOS 10.15, using Xcode 14.1 or later.
  • tvOS 13.0, using Xcode 14.3 or later.
  • watchOS 7.0, using Xcode 14.3 or later.
  • visionOS 1.0, using Xcode 15 beta 2 or later. (Preview support - see below for more details.)

For a full example, please follow the project setup walkthrough.

visionOS support is currently in preview and can be used by targeting the visionos-preview branch. As new Xcode 15 beta versions are released, the branch will be updated with any necessary fixes on a best effort basis.

For more information on how to use the visionos-preview branch, see Platform Support.

  • The Amplify Logger is available for versions 2.15.0 and beyond of the Amplify Swift SDK

Provision backend resources

You can use the Amplify CLI to add custom CDK resources.

You will need to create a log group in Amazon CloudWatch to send logs to. You can create and provision a log group by going through the AWS Console and creating your log group manually or using Amplify CLI and AWS CDK to provision and deploy the AWS resources.

Below is a sample CDK construct to create the Amazon CloudWatch log group as well as creating and assigning the permission policies to Amplify roles.

The <log-group-name> and <region> configured in the CDK construct will be used later to initialize the Amplify Logger plugin.

Replace the placeholder values with your own values:

  • <log-group-name> is the log group that logs will be sent to. Note that this CDK construct sample includes logic to create the CloudWatch log group that you may have already created in previous steps.
  • <amplify-authenticated-role-name> and <amplify-unauthenticated-role-name> are Amplify roles created as part of Amplify Auth configuration via Amplify CLI.
import * as cdk from "aws-cdk-lib" import { Construct } from "constructs" import * as logs from "aws-cdk-lib/aws-logs" import * as path from "path" import * as iam from "aws-cdk-lib/aws-iam" export class RemoteLoggingConstraintsConstruct extends Construct { constructor(scope: Construct, id: string, props: RemoteLoggingConstraintProps) { super(scope, id) const region = cdk.Stack.of(this).region const account = cdk.Stack.of(this).account const logGroupName = <log-group-name> const authRoleName = <amplify-authenticated-role-name> const unAuthRoleName = <amplify-unauthenticated-role-name> new logs.LogGroup(this, 'Log Group', { logGroupName: logGroupName, retention: logs.RetentionDays.INFINITE }) const authRole = iam.Role.fromRoleName(this, "Auth-Role", authRoleName) const unAuthRole = iam.Role.fromRoleName(this, "UnAuth-Role", unAuthRoleName) const logResource = `arn:aws:logs:${region}:${account}:log-group:${logGroupName}:log-stream:*` const logIAMPolicy = new iam.PolicyStatement({ effect: iam.Effect.ALLOW, resources: [logResource], actions: ["logs:PutLogEvents", "logs:DescribeLogStreams", "logs:CreateLogStream"] }) authRole.addToPrincipalPolicy(logIAMPolicy) unAuthRole.addToPrincipalPolicy(logIAMPolicy) new cdk.CfnOutput(this, 'CloudWatchLogGroupName', { value: logGroupName }); new cdk.CfnOutput(this, 'CloudWatchRegion', { value: region }); } }
1import * as cdk from "aws-cdk-lib"
2import { Construct } from "constructs"
3import * as logs from "aws-cdk-lib/aws-logs"
4import * as path from "path"
5import * as iam from "aws-cdk-lib/aws-iam"
7export class RemoteLoggingConstraintsConstruct extends Construct {
8 constructor(scope: Construct, id: string, props: RemoteLoggingConstraintProps) {
9 super(scope, id)
11 const region = cdk.Stack.of(this).region
12 const account = cdk.Stack.of(this).account
13 const logGroupName = <log-group-name>
14 const authRoleName = <amplify-authenticated-role-name>
15 const unAuthRoleName = <amplify-unauthenticated-role-name>
17 new logs.LogGroup(this, 'Log Group', {
18 logGroupName: logGroupName,
19 retention: logs.RetentionDays.INFINITE
20 })
22 const authRole = iam.Role.fromRoleName(this, "Auth-Role", authRoleName)
23 const unAuthRole = iam.Role.fromRoleName(this, "UnAuth-Role", unAuthRoleName)
24 const logResource = `arn:aws:logs:${region}:${account}:log-group:${logGroupName}:log-stream:*`
25 const logIAMPolicy = new iam.PolicyStatement({
26 effect: iam.Effect.ALLOW,
27 resources: [logResource],
28 actions: ["logs:PutLogEvents", "logs:DescribeLogStreams", "logs:CreateLogStream"]
29 })
31 authRole.addToPrincipalPolicy(logIAMPolicy)
32 unAuthRole.addToPrincipalPolicy(logIAMPolicy)
34 new cdk.CfnOutput(this, 'CloudWatchLogGroupName', { value: logGroupName });
35 new cdk.CfnOutput(this, 'CloudWatchRegion', { value: region });
36 }

The <log-group-name> and <region> will be printed out in the in the terminal. You can use this information to setup the Amplify library in the next section.

Initialize Amplify Logging

In this section, we will initialize and setup the Amplify library. The Logger can be configured via a configuration file or in code when your app is initializing.

In your mobile app, create and add a amplifyconfiguration_logging.json to the same location as the amplifyconfiguration.json file. Ensure that the file is included in the Copy Bundle Resources build phase.

The <log-group-name> and <region> is the value you specified in the CDK construct as part of provisioning your backend resources. These values can also be found at the end of the output logs when deploying the sample CDK construct. The configuration file is the data source for the logging plugin to know where, when and what logs to sends. The example below configures the logging plugin to automatically send all logs at log level ERROR at 60 seconds interval and store logs locally up to 1MB.

{ "awsCloudWatchLoggingPlugin": { "enable": true, "logGroupName": "<log-group-name>", "region": "<region>", "localStoreMaxSizeInMB": 1, "flushIntervalInSeconds": 60, "loggingConstraints": { "defaultLogLevel": "ERROR" } } }
2 "awsCloudWatchLoggingPlugin": {
3 "enable": true,
4 "logGroupName": "<log-group-name>",
5 "region": "<region>",
6 "localStoreMaxSizeInMB": 1,
7 "flushIntervalInSeconds": 60,
8 "loggingConstraints": {
9 "defaultLogLevel": "ERROR"
10 }
11 }

To use the Amplify Logger and Amplify Auth categories in your app, you need to create and configure their corresponding plugins by calling the Amplify.add(plugin:) and Amplify.configure() methods.

Add the following imports to the top of your main App file:

import Amplify import AWSCognitoAuthPlugin import AWSCloudWatchLoggingPlugin
1import Amplify
2import AWSCognitoAuthPlugin
3import AWSCloudWatchLoggingPlugin

Add the following code to its initializer. If there is none, you can create a default init. When Amplify initializes the logging plugin, it will automatically find and load the configuration in the amplifyconfiguration_logging.json that is bundled with your app.

init() { do { try Amplify.add(plugin: AWSCognitoAuthPlugin()) try Amplify.add(plugin: AWSCloudWatchLoggingPlugin()) try Amplify.configure() } catch { assert(false, "Error initializing Amplify: \(error)") } }
1init() {
2 do {
3 try Amplify.add(plugin: AWSCognitoAuthPlugin())
4 try Amplify.add(plugin: AWSCloudWatchLoggingPlugin())
5 try Amplify.configure()
6 } catch {
7 assert(false, "Error initializing Amplify: \(error)")
8 }