Search code examples
aws-cloudformationaws-api-gatewayamazon-cloudwatchlogs

Enable CloudWatch logs in API GatewayV2 Stage with cloud formation

There is a similar question but it does not use AWS::ApiGatewayV2::Stage, and I need the AutoDeploy that only the V2 seems to provide.

How do I enable CloudWatch logs and log full message data (as per the image) using CloudFormation in an AWS API Gateway?

Enable cloudwatch logs in AWS Console

I can't find anything at the documentation for the Stage https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-deploymentid

I am using an autodeployed stage. I am able to create the log groups, the IAM role to write logs in CloudWatch, but I can't enable the logging itself.

wsApiGateway:
  Type: AWS::ApiGatewayV2::Api
  Properties:
    Name: foo-ws-gateway
    Description: Api Gateway for Websockets
    ProtocolType: WEBSOCKET
    RouteSelectionExpression: $request.body.action
    DisableExecuteApiEndpoint: true # I use custom domain

# routes and integrations ommitted.

wsApiStage:
  Type: AWS::ApiGatewayV2::Stage
  DependsOn:
    - wsConnectRoute
    - wsSendRoute
    - wsDisconnectRoute
  Properties:
    StageName: production
    Description: Autodeploy in production
    AutoDeploy: true
    ApiId: !Ref wsApiGateway
    AccessLogSettings:
      DestinationArn: !GetAtt wsApiGatewayLogGroup.Arn
      Format: '{"requestTime":"$context.requestTime","requestId":"$context.requestId","httpMethod":"$context.httpMethod","path":"$context.path","routeKey":"$context.routeKey","status":$context.status,"responseLatency":$context.responseLatency, "responseLength":$context.responseLength, "integrationError":$context.integration.error}'

I also had to go to ApiGateway previous version to define the Account so that I could specify the IAM role ARN that has write access to CloudWatch logs in the account (The section on Settings at,the console's API Gateway). It doesn't seem to have a AWS::ApiGateway2::Account.

apiGatewayAccountConfig:
  Type: "AWS::ApiGateway::Account"
  Properties:
    CloudWatchRoleArn: !GetAtt apiGatewayWatchLogsRole.Arn
Solution

  • How do I enable CloudWatch logs and log full message data (as per the image) using CloudFormation in an AWS API Gateway?

    You can't. Execution logs are not supported by HTTP API (i.e. ApiGatewayV2) as explained by AWS here:

    HTTP APIs currently support access logging only, and logging setup is different for these APIs. For more information, see Configuring logging for an HTTP API.