13

I need to be able to see the logs for my calls on AWS API Gateway. When I perform the calls from within Gateway's Dashboard I can see them under the Logs section.

How can I see them for external call (e.g.: calls made using curl)?

I tried enabling CloudWatch but I can only see the metric, and not the actual log messages.

BMW
  • 42,880
  • 12
  • 99
  • 116
Tomas Romero
  • 8,418
  • 11
  • 50
  • 72

1 Answers1

20

The most likely reason for not being able to see API Gateway logs in CloudWatch logs is that you haven't specified the ARN of an IAM role that enables API Gateway to write information to CloudWatch Logs.

log role arn

You then need to explicitly enable logging on each Stage. You don't need to (re)Deploy the API, just Save.

Detailed instructions here: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html#set-up-access-logging-using-console

Once enabled you will get a log group named "/aws/apigateway/welcome" with a log line confirming logs are enabled.

enabled

Jason
  • 9,408
  • 5
  • 36
  • 36
Mike76
  • 914
  • 7
  • 8
  • 6
    I think that did the trick, although it was confusing as the welcome log appeared almost instantly but the log group with the actual logs appeared a while later. At least 20 minutes later, maybe hours later (I discovered it the day after I did it). – Tomas Romero Oct 16 '15 at 12:47
  • @canotto90 Could someone please clarify what I should enable in the stage ? I need to monitor every call for billing my service as SAAS. I thought metrics would be enough, but it seems I was wrong, and need logs. Are the metrics of any use for what I need (just count the number and type of calls for each user, id'ed by IAM), or may I disable logging metrics and only keep track of logs ? Also, I guess I should log at INFO level, but do I have to keep track of full requests/response data ? I only need to know which URLs are called, and the ID of the caller, nothing more. – Balmipour May 16 '16 at 23:05
  • @Balmipour I know this is a lot later than your question now, but you might want to look at using API Keys, as you can attach them to usage plans and limit the number of calls which can be made. – Tim Malone May 04 '18 at 04:57
  • @Tim malone Thanks for the suggestion. I used to consider that, but from what I remember, it didn't suit my customer's need. Probably because he didn't want to have to generate specific keys for every customer, or maybe because the key did allow a limit, but not to get the precise count, which was what he needed to bill the way he wanted to. Anyway, thanks for your input. Later 's better than never :) – Balmipour May 05 '18 at 12:00
  • @Tim malone For the record, we ended-up with the addition of the customer's IAM ID to the requests at API-Gateway's processing level, a logging of the requests's full details, and a log scrapper to retreive the info. A bit dirty imo, but the goal was mainly a POC, and that's the best I could find in the short time we had. We also thought of putting something with Kibana&cie, but how-to set it up isn't very clear when you never used it (i.e. we never understood how it was supposed to work). – Balmipour May 05 '18 at 12:00