API Gateway REST API to AWS CloudWatch

This pattern deploys a REST API that has CloudWatch execution logs enabled with Log level set to INFO, and access logs enabled with common context variables. The API has a Lambda function integration.

Learn more about this pattern at Serverless Land Patterns: https://serverlessland.com/patterns/apigw-execution-access-logs

Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the AWS Pricing page for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.

Requirements

• Create an AWS account if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources.
• AWS CLI installed and configured
• Git Installed
• AWS Serverless Application Model (AWS SAM) installed

Deployment Instructions

1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository:

   git clone https://github.com/aws-samples/serverless-patterns
   

2. Change directory to the pattern directory:

   cd apigw-execution-logs
   

3. From the command line, use AWS SAM to deploy the AWS resources for the pattern as specified in the template.yml file:

   sam deploy --guided
   

4. During the prompts:

   • Enter a stack name
   • Enter the desired AWS Region
   • Enter a CloudWatch AccessLogGroup Name for the API Gateway logs
   • Allow SAM CLI to create IAM roles with the required permissions.

   Once you have run sam deploy --guided mode once and saved arguments to a configuration file (samconfig.toml), you can use sam deploy in future to use these defaults.

5. Note the outputs from the SAM deployment process. These contain the resource names and/or ARNs which are used for testing.

How it works

A REST API is created that has an IAM role with managed policy 'AmazonAPIGatewayPushToCloudWatchLogs' managed policy which allows API Gateway to write CloudWatch logs to your account. In the API stage, CloudWatch execution logs are enabled with INFO Log level selected to generate execution logs for all requests. The API has a Lambda integration.

Testing

1. Once you make requests to the API i.e. curl https://{api-id}.execute-api.{region}.amazonaws.com/prod/, you will receive a 'Hello from Lambda!' in response.
2. Navigate to the CloudWatch console, in the left navigation pane, under Logs, choose Log Groups.
3. The log group's name is in the following format: API-Gateway-Execution-Logs-apiId/stageName. You will see execution log streams generated.
4. You can also view the access logs in a separate log group under the name you provided in parameters.
5. You can also use AWS SAM to view the logs, specifying the log group name, for example:

   sam logs --cw-log-group apigw-execution-logs
   

Cleanup

1. Delete the stack

   sam delete

2. Confirm the stack has been deleted

   aws cloudformation list-stacks --query "StackSummaries[?contains(StackName,'STACK_NAME')].StackStatus"

---

Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.

SPDX-License-Identifier: MIT-0