Introduction

AWS API Gateway has facility to enable logging to send logs to Cloudwatch. This document describes the steps to do so.

Steps

  1. Create a role with the policy AmazonAPIGatewayPushToCloudwatchLogs or attach this policy to an existing role.

  2. Create a Cloudwatch Log group /aws/apigw/$your-api-gw-name where $your_api_gw_name is replaced by your AWS API Gateway name. Select retention setting to be at least 5 days or set it to Never if you want to retain the logs in Cloudwatch. Click Create.

  3. Go to AWS API Gateway → Settings → CloudWatch log role ARN and add the above role ARN

  4. Got to AWS API Gateway → Select API GW → Stages → Select Stage → Click on Logs/Tracing. Ensure that you turn off the default verbose API Gateway logging. Click on "Save Changes"

  5. Got to AWS API Gateway → Select API GW → Stages → Select Stage → Click on Logs/Tracing and update the following fields. Click on "Save Changes"

    1. Enable Access Logging - turn on.
    2. Access Log destination ARN - ARN of cloudwatch log group from Step-2.
    3. Log Format
  6. Enable logging by going to - AWS API Gateway → Stages → Select stage → Logs and tracing → "Enable CloudWatch Logs" and "Log full requests/responses data" with "Log level" = INFO

  7. Send requests to API GW and view them on Cloudwatch logs. Go to Cloudwatch → Log Groups → Search for /aws/apigw/$your-api-gw-name - click on corresponding log group. You should see logs like the following: