Serverless team are still working to add this feature in core service directly (https://github.com/serverless/serverless/issues/4461). If you need enable cloud watch logs for API Gateway using Serverless now, please follow this document.
Get most help from this ticket How to enable cloud watch logs for API Gateway using Serverless
But I still can’t make it work, if you follow its codes. So I need to understand how it works, how to enable cloudwatch logs in API Gateway.
- Provide an iam role ARN that has write access to CloudWatch logs in API gateway.
Go through this documents
in general, you need to do:
- Create a new IAM role (for example,
apigateway-cloudwatch-logs-role) with trust policy
- Attach aws exist policy
AmazonAPIGatewayPushToCloudWatchLogsto this role
- Record this IAM role’s ARN
- Add this iam role’s arn to apigatewa-> settings -> CloudWatch log role ARN*
These are manual tasks.
With this setup, all your api gateways are ready for generating access logs in Cloudwatch. This is a global setting for API Gateway, that’s the reason why it can’t be managed by serverless framework (in
- Enable access logs
Add below lines into
serverless.yml, that’s all.
plugins: - serverless-plugin-stage-variables resources: Resources: ApiGatewayStage: Type: AWS::ApiGateway::Stage Properties: MethodSettings: - DataTraceEnabled: true HttpMethod: "*" LoggingLevel: INFO ResourcePath: "/*" MetricsEnabled: true
Notes: Don’t define
Provider -> role with the new role you created above, because the
Provider:role used in
serverless.yml is for lambda function, not for api gateway. If you do that, you lost all permissions in lambda functions.
Install the plugin
Trigger several api gateway access, you should see the access logs in cloudwatch now.
The log group name is: