Serverless team are still working to add this feature in core service directly (https://github.com/serverless/serverless/issues/4461). If you need enable cloud watch logs for API Gateway using Serverless now, please follow this document.
Get most help from this ticket How to enable cloud watch logs for API Gateway using Serverless
But I still can’t make it work, if you follow its codes. So I need to understand how it works, how to enable cloudwatch logs in API Gateway.
- Provide an iam role ARN that has write access to CloudWatch logs in API gateway.
Go through this documents
https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-cloudwatch-logs/
in general, you need to do:
- Create a new IAM role (for example,
apigateway-cloudwatch-logs-role
) with trust policyapigateway.amazonaws.com
- Attach aws exist policy
AmazonAPIGatewayPushToCloudWatchLogs
to this role - Record this IAM role’s ARN
- Add this iam role’s arn to apigatewa-> settings -> CloudWatch log role ARN*
These are manual tasks.
With this setup, all your api gateways are ready for generating access logs in Cloudwatch. This is a global setting for API Gateway, that’s the reason why it can’t be managed by serverless framework (in serverless.yml
)
- Enable access logs
Add below lines into serverless.yml
, that’s all.
plugins:
- serverless-plugin-stage-variables
resources:
Resources:
ApiGatewayStage:
Type: AWS::ApiGateway::Stage
Properties:
MethodSettings:
- DataTraceEnabled: true
HttpMethod: "*"
LoggingLevel: INFO
ResourcePath: "/*"
MetricsEnabled: true
Notes: Don’t define Provider -> role
with the new role you created above, because the Provider:role
used in serverless.yml
is for lambda function, not for api gateway. If you do that, you lost all permissions in lambda functions.
-
Install the plugin
serverless-plugin-stage-variables
and runsls deploy
-
Trigger several api gateway access, you should see the access logs in cloudwatch now.
The log group name is:
API-Gateway-Execution-Logs_{rest-api-id}/{stage_name}
References:
http://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html