I configure Custom Access Logging for Amazon API Gateway and I need to specify CloudWatch Group name, but when I put these just name of log group in format like "API-Gateway-Execution-Logs_3j5w5m7kv9/stage-name" I get such error:
Invalid ARN specified in the request. ARNs must start with 'arn:': API-Gateway-Execution-Logs_3j5w5m7kv9/stage-name
When I open page of this log group in CloudWatch I just see the same name there and don't see ARN value. How can I find it?
For log groups, CloudWatch Logs supports identifying specific resources using the resource ARNs (also referred to as resource-level permissions) for some of the API actions.
Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/ . In the navigation pane, choose Log groups. For Log Groups, choose the name of the log group containing the log stream to search. For Log Streams, choose the name of the log stream to search.
A log group is a group of log streams that share the same retention, monitoring, and access control settings. You can define log groups and specify which streams to put into each group. There is no limit on the number of log streams that can belong to one log group.
Encryption using AWS KMS is enabled at the log group level, by associating a key with a log group, either when you create the log group or after it exists. CloudWatch Logs now supports encryption context, using kms:EncryptionContext:aws:logs:arn as the key and the ARN of the log group as the value for that key.
Go to Cloudwatch logs, find your log group, open it and you'll see a list of log streams. There is settings icon on top right:
Click it and you'll see an option to show stream arn:
Save the settings and you'll see stream arns. The part before semicolon looks like Log Group arn
The CloudWatch Group ARN format is arn:aws:logs:{region}:{account-id}:log-group:API-Gateway-Execution-Logs_{rest-api-id}/{stage-name}
, cf. https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html
arn:aws:logs:region:account-id:log-group:log_group_name
See this documentation
You can also use AWS CLI
aws logs describe-log-groups | grep <log_group_name> | awk '/arn/'
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With