How to Enable CloudWatch Logs for APIs in API Gateway in AWS.
You all know that, when you test any lambda function in AWS by default it contains CloudWatch permissions to view logs. By viewing the logs you can know where the error has occurred in the function and you can fix it. But for API Gateway you cannot see logs because you don’t have permissions. If you want to view logs for your APIs in API Gateway, you need to enable for it.
Steps to enable logs for API:
- First create your API in AWS API Gateway according to your requirement, here I have created sample API with name as Sample_Test as shown.
2. To turn on the cloudwatch you need to go into your API and go to Resources, deploy your API first by clicking on Deploy API.
3. You need to specify the Stage name to Deploy, I have taken stage name as PRODUCTION as shown and click on Deploy.
4. After deploying your API, you will get the Invoke URL as shown below and then in the Stage Editor, click on Logs/Tracing and select the “Enable CloudWatch Logs” & “Log full requests/responses data” and save the changes.
5. After saving, we will see error message because you don’t have permission for API.
6. To enable logging you need to add the CloudWatch Logs role ARN in API Gateway setting.
7. Create IAM role by going to the IAM service in the Console and click on Roles→ Create role as shown.
8. Then select AWS Service → API Gateway→ Click Next.
9. Here we can see the name of the policy attached to the role and then click Next.
10. Mention name for the role you have created and also review the role before clicking on the Create role.
11. Role has been created successfully.
12. Go to IAM service, open the Role which you have created earlier and copy the Role ARN from summary section.
13. Now go to API Gateway setting and paste the role ARN which you have copied and save the changes.
14. Repeat step 4 and then go to Cloudwatch service, you can see the logs.
15. Now hit your API using URL you got after deploying your API as shown and you will see your response.
16. Go to Cloudwatch service and click on the can the logs to view.