Amazon API Gateway logs¶
Observe supports ingesting Amazon API Gateway logs through CloudWatch and the Observe Lambda forwarder.
For access logs, create a CloudWatch log group¶
API Gateway access logs use a CloudWatch log group. To create one, use the following steps:
Follow the directions at Create a log group in CloudWatch Logs in the AWS documentation.
Note the ARN for this log group, as you need it in a later step.
Configure API Gateway for logging¶
Following the steps in Setting up CloudWatch logging for a REST API in API Gateway in the AWS documentation, configure logging and grant API Gateway permission to send logs to CloudWatch.
Enable API Gateway logging
Figure 1 - API Gateway settings with CloudWatch ARN
In the IAM console, create an API Gateway role with the
AmazonAPIGatewayPushToCloudWatchLogspolicy.In the API Gateway console settings, configure the CloudWatch log role ARN with the ARN of this role.
Configuring logging for your API¶
Figure 2 - API Gateway console with the Logs/Tracing tab
In the API Gateway console, navigate to the desired stage of your API and choose Logs/Tracing.
In CloudWatch Settings:
Enable the desired CloudWatch logs (execution logs).
In Custom Access Logging:
Enable access logging by providing the log group ARN and the desired log format.
Click Save Changes.
See the AWS documentation for further details.
Installing the Observe Lambda forwarder¶
If necessary, install the Observe Lambda forwarder. If you currently use the Lambda forwarder for another source, you do not need to install it again.
Following the instructions at AWS CloudWatch Logs, create a Lambda subscription filter.
As your API handles requests, the API Gateway sends execution and access logs to Amazon CloudWatch, and then the Observe Lambda forwarder sends them to Observe.