Logs are always an important source of information especially to find the cause of errors or the comprehend what’s going on in a service. To permit the IoT service to write to Amazon CloudWatch in your account a service role is required. A role has been already created by CloudFormation.
You can find the role name in the AWS CloudFormation console in the outputs section under IoTServiceRoleName. The role name is autogenerated by CloudFormation. It is composed out of stack names the string IoTServiceRole and unique strings. Take a note of the role name you need it to enable logging for AWS IoT Core.
Role name examples:
Go to the AWS IoT Core console
The log files from AWS IoT are send to Amazon CloudWatch. The AWS console can be used to look at these logs.