I can't enable write access to CloudWatch logs in AWS API Gateway by providing a new IAM Role.
I checked several tutorials, checked everything. Even attached AdministratorAccess policy to my IAM Role and checked that The identity provider(s) apigateway.amazonaws.com
is a Trusted entity.
But if still fails when I try to enable logs in API Gateway:
The role ARN does not have required permissions set to API Gateway
I was having this issue today as I was trying to set up a user that I had given those permissions to. Resolved it by going through the "create role" wizard and selecting the API Gateway service which created an IAM arn with the correct permissions.
Select your use case
API Gateway
Allows API Gateway to push logs to CloudWatch Logs.
For me the following AWS
configuration fixed this issue.
Edited the "Trust Relationship" in the Role with the following configuration:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": ["apigateway.amazonaws.com","lambda.amazonaws.com"]
},
"Action": "sts:AssumeRole"
}
]
}
Edited the policies with the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
Here is a more detailed description for the policy configuration: policy description
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With