For API Gateway access logging to work, grant read and write log permissions to CloudWatch for your account.
If the collector's API gateway will be the first in the region you will need to first deploy with logging disabled, execute the steps below and then enable logging by updating the parameter in the CloudFormation stack.
Follow these steps:
- Create a new role with
apigateway.amazonaws.comas its trusted entity.
- Set the
AmazonAPIGatewayPushToCloudWatchLogspolicy to the role.
- Go to the API gateway console in the region where the collector will be deployed, go to "Settings" and set "CloudWatch log role ARN" with the role created in step 1.
- Configure the logging settings for the API stage following the AWS documentation.
The "Settings" menu item is the one at the bottom, not the one in the API menu.
Updated almost 2 years ago