diff --git a/terraform/modules/kitten-science-website/README.md b/terraform/modules/kitten-science-website/README.md
index 8cebd0d..4e29657 100644
--- a/terraform/modules/kitten-science-website/README.md
+++ b/terraform/modules/kitten-science-website/README.md
@@ -28,6 +28,7 @@ No modules.
 | [aws_acm_certificate.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate) | resource |
 | [aws_acm_certificate_validation.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate_validation) | resource |
 | [aws_cloudfront_distribution.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |
+| [aws_cloudwatch_log_group.redirect](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_iam_policy.lambda_logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_role.redirect](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role_policy_attachment.aws_xray_write_only_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
diff --git a/terraform/modules/kitten-science-website/lambda-edge.tf b/terraform/modules/kitten-science-website/lambda-edge.tf
index 2638b98..e42817c 100644
--- a/terraform/modules/kitten-science-website/lambda-edge.tf
+++ b/terraform/modules/kitten-science-website/lambda-edge.tf
@@ -40,15 +40,21 @@ resource "aws_iam_policy" "lambda_logging" {
   path        = "/"
   description = "IAM policy for logging from a Lambda"
   policy      = data.aws_iam_policy_document.lambda_logging.json
+
+  provider = aws.global
 }
 
 resource "aws_iam_role_policy_attachment" "lambda_logs" {
   role       = aws_iam_role.redirect.name
   policy_arn = aws_iam_policy.lambda_logging.arn
+
+  provider = aws.global
 }
 resource "aws_iam_role_policy_attachment" "aws_xray_write_only_access" {
   role       = aws_iam_role.redirect.name
   policy_arn = data.aws_iam_policy.aws_xray_write_only_access.arn
+
+  provider = aws.global
 }
 
 resource "aws_iam_role" "redirect" {
@@ -75,9 +81,17 @@ resource "aws_lambda_permission" "edgelambda" {
   provider = aws.global
 }
 
+resource "aws_cloudwatch_log_group" "redirect" {
+  name              = "/aws/lambda/${var.lambda_function_name}"
+  retention_in_days = 14
+
+  provider = aws.global
+}
+
 resource "aws_lambda_function" "redirect" {
   depends_on = [
-    aws_iam_role_policy_attachment.lambda_logs
+    aws_iam_role_policy_attachment.lambda_logs,
+    aws_cloudwatch_log_group.redirect
   ]
 
   description      = "Redirects requests to release URLs"
@@ -86,9 +100,13 @@ resource "aws_lambda_function" "redirect" {
   handler          = "redirect.handler"
   publish          = true
   role             = aws_iam_role.redirect.arn
-  runtime          = "nodejs20.x"
+  runtime          = "nodejs22.x"
   source_code_hash = data.archive_file.redirect.output_base64sha256
 
+  logging_config {
+    log_format = "Text"
+  }
+
   tracing_config {
     mode = "Active"
   }