How to setup "Custom Access Logging" for api gateway using serverless


#1

Updates

This is a too new feature, just announced in last month on Nov 21, 2017. We have to wait CloudFormation to support for this new feature. Only if it is supported, we can use it in serverless.

https://aws.amazon.com/about-aws/whats-new/2017/11/amazon-api-gateway-supports-access-logging/

I will follow up this feature, until we can manage it with Cloudformation and serverless.

My original questions

I share the knowledges on how to enable cloud watch logs for API Gateway using Serverless

But I need to go a further step.

With this document (http://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html), API Gateway supports to enable “Custom Access Logging” for each stage in an API gateway.

For example, I can customize the access logs directly with below json format:

{ "requestId":"$context.requestId", "ip": "$context.identity.sourceIp", "caller":"$context.identity.caller", "user":"$context.identity.user","requestTime":"$context.requestTime", "httpMethod":"$context.httpMethod","resourcePath":"$context.resourcePath", "status":"$context.status","protocol":"$context.protocol", "responseLength":"$context.responseLength" }

I go through the cloudformation document, can’t find out which resource can be used to define above part. Then I don’t know how to set it in serverless.

Any one can give me a hint for this feature?


Is it possible to log whenever certain api's are called
#2

I found its cloudformation setting for custom access logging, the related keyword is

accessLogSettings

which need be set in resource Amazon API Gateway Stage

So I should be fine to manage it with below codes, let me test it.

resources:
  Resources:
     ApiGatewayStage:
      Type: AWS::ApiGateway::Stage
      Properties:
        accessLogSettings:
          format: "String"
          destinationArn: "String"

#3

Hi, are you able to setup the custom access logging in Cloudformation?


#4

No. It is supported in API, but not cloudformation. I can’t find the keyword accessLogSettings in below aws document.

Amazon API Gateway Stage MethodSetting


#5

@cassiesu

I successfully did it via aws cli as work around.

aws cli supports accessLogSettings: https://docs.aws.amazon.com/cli/latest/reference/apigateway/update-stage.html

Wrote simple script to enable this feature.

$ cat custom_access_log.sh

#!/usr/bin/env bash

if [ "$#" -ne 3 ] || ! [ -f "$3" ]; then
  echo "Usage: $0 [rest_api_id] [stage_name] [config_file_name]" >&2
  exit 1
fi

rest_api_id=$1
stage_name=$2
cli_input_json=$3

aws apigateway update-stage \
--rest-api-id "${rest_api_id}" \
--stage-name "${stage_name}" \
--cli-input-json "file://${cli_input_json}"  

$ cat config-dev.json

{
  "patchOperations": [
    {
      "op": "replace",
      "path": "/accessLogSettings/format",
      "value": "{ \"requestId\": \"$context.requestId\", \"ip\": \"$context.identity.sourceIp\", \"caller\": \"$context.identity.caller\", \"requestTime\": \"$context.requestTimeEpoch\", \"httpMethod\": \"$context.httpMethod\", \"resourcePath\": \"$context.resourcePath\", \"status\": \"$context.status\", \"protocol\": \"$context.protocol\", \"responseLength\": \"$context.responseLength\" }"
    },
    {
      "op": "replace",
      "path": "/accessLogSettings/destinationArn",
      "value": "arn:aws:logs:ap-southeast-2:123456789012:log-group:/aws/apigateway/serverless-CustomAccessLogs"
    }
  ]
}

So I can run below command to enable custom access log on nominated APIG

aws apigateway update-stage --rest-api-id xxxdwgi337 --stage-name dev --cli-input-json file://config-dev.json

Reference: https://forums.aws.amazon.com/message.jspa?messageID=715755