Menu
I am trying to setup a really basic API with the AWS API Gateway product and it seems I can not find any policies which will suffice for it to log and for that matter even leave the first page of the settings screen. I am stuck here:
URL: https://eu-west-1.console.aws.amazon.com/apigateway/home?region=eu-west-1#/settings
and my desperations has led to the following permissions being granted to the role:
I've also added the following bespoke policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
All to no avail. Whenever I press the save button I get the following:
Any help would be greatly appreciated.
451
For log groups, CloudWatch Logs supports identifying specific resources using the resource ARNs (also referred to as resource-level permissions) for some of the API actions.
Turn on logging for your API and stage On the Stage Editor pane, choose the Logs/Tracing tab. 3. On the Logs/Tracing tab, under CloudWatch Settings, do the following to turn on execution logging: Choose the Enable CloudWatch Logs check box.
To view API Gateway logs, log in to your AWS Console and select CloudWatch from the list of services. Select Logs from the left panel. Select the log group prefixed with API-Gateway-Execution-Logs_ followed by the API Gateway id. You should see 300 log streams ordered by the last event time.
This is actually an error with API Gateway not being able to assume that specific role. This is probably due to your role's Trust Relationship policy not allowing the API Gateway Service to assume the role.
If you add the following Trust Relationship policy, it should work:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
