Configuring CloudWatch Logs for Amazon API Gateway
Use CloudWatch Logs to centralize logs from all of your applications and AWS services and see them as a single, consistent flow of events ordered by time.
Before you begin
Ensure you have:
About this task
Set up Amazon CloudWatch execution logs to troubleshoot backend API request errors. CloudWatch Logs for Amazon API Gateway offers three levels of detail:
-
Errors only: Only generates logs for requests that result in an error response
-
Errors and info: Generates logs for all requests made to the backend API
-
Request and response: Generates logs that include headers and parts of the request and response bodies
For more information, see Amazon CloudWatch Logs.
Steps
-
In the API Gateway service console, select the API that you want to enable logging for.
-
In the top-level left navigation menu, click Settings.
-
In the CloudWatch log role ARN field, enter the ARN of an IAM role with permissions to publish CloudWatch Logs.
-
Click Save.
No success message is returned upon saving.
-
In the left navigation menu, click Stages.
-
Click the stage that you want to enable logging for.
-
Click the Logs/Tracing tab.
-
In the CloudWatch Logs list, select your desired level of logging detail.
Full request and response logs can be useful in troubleshooting APIs, but they can expose sensitive data. You should not use full request and response logs for production APIs.
-
Optional: Enable custom logging.
-
In the Custom Access Logging section, select the Enable Access Logging check box.
-
In the Access Log Destination ARN field, enter the ARN of a log group.
-
In the Log Format section, click your desired format.
-
Click Save Changes.
No success message is returned upon saving.
-
-
View the log stream for your chosen API.
-
In the CloudWatch service console, expand Logs in the left hand navigation menu, and select Log groups.
-
Search for your log group and select it to view the log stream.
-