Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ARN role for API Gateway to enable logs error

I can't enable write access to CloudWatch logs in AWS API Gateway by providing a new IAM Role.

I checked several tutorials, checked everything. Even attached AdministratorAccess policy to my IAM Role and checked that The identity provider(s) apigateway.amazonaws.com is a Trusted entity.

But if still fails when I try to enable logs in API Gateway:

The role ARN does not have required permissions set to API Gateway

like image 619
Ilya Rusin Avatar asked Nov 27 '17 13:11

Ilya Rusin


2 Answers

I was having this issue today as I was trying to set up a user that I had given those permissions to. Resolved it by going through the "create role" wizard and selecting the API Gateway service which created an IAM arn with the correct permissions.

Select your use case
API Gateway
Allows API Gateway to push logs to CloudWatch Logs.
like image 199
Alex Hinton Avatar answered Sep 19 '22 22:09

Alex Hinton


For me the following AWS configuration fixed this issue.

Edited the "Trust Relationship" in the Role with the following configuration:

{
 "Version": "2012-10-17",
 "Statement": [
 {
    "Effect": "Allow",
    "Principal": {
    "Service": ["apigateway.amazonaws.com","lambda.amazonaws.com"]
    },
    "Action": "sts:AssumeRole"
  }
 ]
}

Edited the policies with the following:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

Here is a more detailed description for the policy configuration: policy description

like image 43
Rene B. Avatar answered Sep 22 '22 22:09

Rene B.