No Cloudwatch logs for Cognito trigger lambda

I have created a stack with serverless on AWS and have generated a Cognito User Pool and trimmings including 3 lambdas to act as trigger handlers and these have been successfully selected on the User Pool

I am signing in successfully but am unclear as to whether the define auth trigger is being called, but I have a couple of console.logs in there and nothing is showing up in the cloudwatch logs for the lambdas (which have been successfully created but have no streams).

I see serverless is doing the log generating and adding lambda IAM permissions behind the scenes and all looks ticketyboo in the CF json in that respect.

Because no log streams are created I have a feeling that the triggers are not being hit due to a cognito/lambda-execute permission issue.

I’ve tested the lambda through the lambda console and indeed logs entries appear in the stream. However when invoking the cognito api via amplify, no logs are generated.

Any pointers please?

What was missing was the explicit auth workflows on the userpool:

    Type: AWS::Cognito::UserPoolClient
      # Generate an app client name based on the stage
      ClientName: UserPoolClient
        Ref: CognitoUserPoolCognitoUserPool
      GenerateSecret: false