How to enable cloud watch logs for API Gateway using Serverless

Hello All, I recently started looking in to severless. So far its very helpful. I was able to deploy API + LAMBDA which works great using cloud formation template. However, now i am trying to enable “Cloud Watch Logs” with “INFO” level logging for API Gateway i deployed. I am using nodeJS. But i am stuck. Please see my serverless.yml. I recently added “resources” section to get the logs enabled but struggling with it to get working. Can anybody please help me.

service: serverless-middleware-getnews
provider:
  name: aws
  runtime: nodejs4.3
  role: arn:aws:iam::2914332239557:role/serverless-lambda-role
  deploymentBucket: serverless-bucket
  stage: ${opt:stage, self:custom.defaultStage}
  profile: ${self:custom.profiles.${self:provider.stage}}
  region: us-east-1
  environment: ${file(env-vars/${self:custom.stage}.yml)}
  memorySize: 1024
  timeout: 300
custom:
  stage: "${opt:stage, self:provider.stage}"
  defaultStage: stage
  profiles:
    dev: serverless-middleware-news-dev
    stage: serverless-middleware-news-stage
    prod: serverless-middleware-news-prod

package:
   individually: true
exclude:
  - .gitignore
  - .jshintrc
  - .npmignore
  - .env
  - env-vars/**
  - context.json
  - event-data/**
  - data/**
  - deploy.env
  - Gruntfile.js
  - policy-document.txt
  - README.md

functions:
  feed:
    handler: functions/news.handler
    name: serverless-news-${self:provider.stage}
    events:
      - http:
          path: news
          method: get
          cors: true
resources:
  Resources:
     Deployment:
        DependsOn: "ApiGatewayMethodNewsGet, ApiGatewayMethodNewsOptions"
        Type: "AWS::ApiGateway::Deployment"
        Properties:
          RestApiId:
            Ref: "ApiGatewayRestApi"
          DeploymentId: 
            Ref: "NewsDeployment"
          StageName: ${self:provider.stage}
          MethodSettings:
              DataTraceEnabled: true
              HttpMethod: "*"
              LoggingLevel: INFO
              ResourcePath: "/*"
              MetricsEnabled: true
1 Like

Hello, anybody any ideas on what i am doing wrong here.

Found the answer. Basically i added a plugin and modified the resource as shown below to do the trick.

service: serverless-middleware-getnews
provider:
  name: aws
  runtime: nodejs4.3
  role: arn:aws:iam::2914332239557:role/serverless-lambda-role
  deploymentBucket: serverless-bucket
  stage: ${opt:stage, self:custom.defaultStage}
  profile: ${self:custom.profiles.${self:provider.stage}}
  region: us-east-1
  environment: ${file(env-vars/${self:custom.stage}.yml)}
  memorySize: 1024
  timeout: 300
custom:
  stage: "${opt:stage, self:provider.stage}"
  defaultStage: stage
  profiles:
    dev: serverless-middleware-news-dev
    stage: serverless-middleware-news-stage
    prod: serverless-middleware-news-prod
plugins:
  - serverless-plugin-stage-variables

package:
   individually: true
exclude:
  - .gitignore
  - .jshintrc
  - .npmignore
  - .env
  - env-vars/**
  - context.json
  - event-data/**
  - data/**
  - deploy.env
  - Gruntfile.js
  - policy-document.txt
  - README.md

functions:
  feed:
    handler: functions/news.handler
    name: serverless-news-${self:provider.stage}
    events:
      - http:
          path: news
          method: get
          cors: true

resources:
  Resources:
     ApiGatewayStage:
      Type: AWS::ApiGateway::Stage
      Properties:
        MethodSettings:
          - DataTraceEnabled: true
            HttpMethod: "*"
            LoggingLevel: INFO
            ResourcePath: "/*"
            MetricsEnabled: true
2 Likes

When I followed the setting and add the new resource ApiGatewayStage, I got this error.

 An error occurred: ApiGatewayStage - dev already exists.

Do you know how to fix it?

I didn’t set stage in provider, so it uses the default stage, dev, do I have to set other name to avoid the error?

update #1

After I remove and deploy again, this issue is gone, now have another:

An error occurred: ApiGatewayStage - CloudWatch Logs role ARN must be set in account settings to enable logging.

But I have set the iamRoleStatements:

  iamRoleStatements:
    - Effect: Allow
      Action:
        - cloudwatch:*
        - logs:*
      Resource:
        - "*"

update #2

I have added the role in provider part, but still get same error

 role: arn:aws:iam::xxxx:role/serverless-lambda-role
1 Like

Follow the steps here to enable cloudwatch logging on the api-gateway:
https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-cloudwatch-logs/

2 Likes

I wrote a detail document on how to enable access logs for api gateway:

@VivekMuddasani

The big problem in your solution is, the role you defined in provider -> role is used by lambda, not for api gateway.

1 Like

Solution mentioned by “VivekMuddasani” no longer works in version greater than 1.41.0 of the framework. This will be overwritten by the new capability of the framework but unfortunately it will try to create a role for the cw logging which isn’t a good practice in production without having a way to use an existing role…