How to enable cloud watch logs for API Gateway using Serverless

aws

#1

Hello All, I recently started looking in to severless. So far its very helpful. I was able to deploy API + LAMBDA which works great using cloud formation template. However, now i am trying to enable “Cloud Watch Logs” with “INFO” level logging for API Gateway i deployed. I am using nodeJS. But i am stuck. Please see my serverless.yml. I recently added “resources” section to get the logs enabled but struggling with it to get working. Can anybody please help me.

service: serverless-middleware-getnews
provider:
  name: aws
  runtime: nodejs4.3
  role: arn:aws:iam::2914332239557:role/serverless-lambda-role
  deploymentBucket: serverless-bucket
  stage: ${opt:stage, self:custom.defaultStage}
  profile: ${self:custom.profiles.${self:provider.stage}}
  region: us-east-1
  environment: ${file(env-vars/${self:custom.stage}.yml)}
  memorySize: 1024
  timeout: 300
custom:
  stage: "${opt:stage, self:provider.stage}"
  defaultStage: stage
  profiles:
    dev: serverless-middleware-news-dev
    stage: serverless-middleware-news-stage
    prod: serverless-middleware-news-prod

package:
   individually: true
exclude:
  - .gitignore
  - .jshintrc
  - .npmignore
  - .env
  - env-vars/**
  - context.json
  - event-data/**
  - data/**
  - deploy.env
  - Gruntfile.js
  - policy-document.txt
  - README.md

functions:
  feed:
    handler: functions/news.handler
    name: serverless-news-${self:provider.stage}
    events:
      - http:
          path: news
          method: get
          cors: true
resources:
  Resources:
     Deployment:
        DependsOn: "ApiGatewayMethodNewsGet, ApiGatewayMethodNewsOptions"
        Type: "AWS::ApiGateway::Deployment"
        Properties:
          RestApiId:
            Ref: "ApiGatewayRestApi"
          DeploymentId: 
            Ref: "NewsDeployment"
          StageName: ${self:provider.stage}
          MethodSettings:
              DataTraceEnabled: true
              HttpMethod: "*"
              LoggingLevel: INFO
              ResourcePath: "/*"
              MetricsEnabled: true

#2

Hello, anybody any ideas on what i am doing wrong here.


#3

Found the answer. Basically i added a plugin and modified the resource as shown below to do the trick.

service: serverless-middleware-getnews
provider:
  name: aws
  runtime: nodejs4.3
  role: arn:aws:iam::2914332239557:role/serverless-lambda-role
  deploymentBucket: serverless-bucket
  stage: ${opt:stage, self:custom.defaultStage}
  profile: ${self:custom.profiles.${self:provider.stage}}
  region: us-east-1
  environment: ${file(env-vars/${self:custom.stage}.yml)}
  memorySize: 1024
  timeout: 300
custom:
  stage: "${opt:stage, self:provider.stage}"
  defaultStage: stage
  profiles:
    dev: serverless-middleware-news-dev
    stage: serverless-middleware-news-stage
    prod: serverless-middleware-news-prod
plugins:
  - serverless-plugin-stage-variables

package:
   individually: true
exclude:
  - .gitignore
  - .jshintrc
  - .npmignore
  - .env
  - env-vars/**
  - context.json
  - event-data/**
  - data/**
  - deploy.env
  - Gruntfile.js
  - policy-document.txt
  - README.md

functions:
  feed:
    handler: functions/news.handler
    name: serverless-news-${self:provider.stage}
    events:
      - http:
          path: news
          method: get
          cors: true

resources:
  Resources:
     ApiGatewayStage:
      Type: AWS::ApiGateway::Stage
      Properties:
        MethodSettings:
          - DataTraceEnabled: true
            HttpMethod: "*"
            LoggingLevel: INFO
            ResourcePath: "/*"
            MetricsEnabled: true

Knowledge sharing - Enable cloud watch logs for API Gateway using Serverless
#4

When I followed the setting and add the new resource ApiGatewayStage, I got this error.

 An error occurred: ApiGatewayStage - dev already exists.

Do you know how to fix it?

I didn’t set stage in provider, so it uses the default stage, dev, do I have to set other name to avoid the error?

update #1

After I remove and deploy again, this issue is gone, now have another:

An error occurred: ApiGatewayStage - CloudWatch Logs role ARN must be set in account settings to enable logging.

But I have set the iamRoleStatements:

  iamRoleStatements:
    - Effect: Allow
      Action:
        - cloudwatch:*
        - logs:*
      Resource:
        - "*"

update #2

I have added the role in provider part, but still get same error

 role: arn:aws:iam::xxxx:role/serverless-lambda-role

#5

Follow the steps here to enable cloudwatch logging on the api-gateway:
https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-cloudwatch-logs/


#6

I wrote a detail document on how to enable access logs for api gateway:

@VivekMuddasani

The big problem in your solution is, the role you defined in provider -> role is used by lambda, not for api gateway.