通过云形成在 API GatewayV2 Stage 中启用 CloudWatch 日志 [英] Enable CloudWatch logs in API GatewayV2 Stage with cloud formation
问题描述
有一个
我使用的是自动部署阶段.我能够创建日志组、在 CloudWatch 中写入日志的 IAM 角色,但我无法启用日志记录本身.
wsApiGateway:类型:AWS::ApiGatewayV2::Api特性:名称:foo-ws-网关描述:Websockets 的 Api 网关协议类型:WEBSOCKETRouteSelectionExpression:$request.body.actionDisableExecuteApiEndpoint: true # 我使用自定义域# 省略了路由和集成.wsApiStage:类型:AWS::ApiGatewayV2::Stage取决于:- wsConnectRoute- wsSendRoute- wsDisconnectRoute特性:舞台名称:制作描述:生产中的自动部署自动部署:真ApiId: !Ref wsApiGateway访问日志设置:DestinationArn:!GetAtt wsApiGatewayLogGroup.Arn格式:'{requestTime":$context.requestTime",requestId":$context.requestId",httpMethod":$context.httpMethod",path":"$context.path","routeKey":"$context.routeKey","status":$context.status,"responseLatency":$context.responseLatency, "responseLength":$context.responseLength, ";integrationError":$context.integration.error}'我还必须转到 ApiGateway 以前的版本来定义帐户,以便我可以指定对帐户中的 CloudWatch 日志具有写访问权限的 IAM 角色 ARN(设置部分,控制台的 API 网关).它似乎没有 AWS::ApiGateway2::Account.
apiGatewayAccountConfig:类型:AWS::ApiGateway::Account"特性:CloudWatchRoleArn: !GetAtt apiGatewayWatchLogsRole.Arn如何在 AWS API 网关中使用 CloudFormation 启用 CloudWatch 日志并记录完整的消息数据(根据图像)?
你不能.如 AWS 此处:
<块引用>HTTP API 目前仅支持访问日志,并且这些 API 的日志设置是不同的.有关详细信息,请参阅为 HTTP API 配置日志记录.
There is a similar question but it does not use AWS::ApiGatewayV2::Stage, and I need the AutoDeploy that only the V2 seems to provide.
How do I enable CloudWatch logs and log full message data (as per the image) using CloudFormation in an AWS API Gateway?
I can't find anything at the documentation for the Stage https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-deploymentid
I am using an autodeployed stage. I am able to create the log groups, the IAM role to write logs in CloudWatch, but I can't enable the logging itself.
wsApiGateway:
Type: AWS::ApiGatewayV2::Api
Properties:
Name: foo-ws-gateway
Description: Api Gateway for Websockets
ProtocolType: WEBSOCKET
RouteSelectionExpression: $request.body.action
DisableExecuteApiEndpoint: true # I use custom domain
# routes and integrations ommitted.
wsApiStage:
Type: AWS::ApiGatewayV2::Stage
DependsOn:
- wsConnectRoute
- wsSendRoute
- wsDisconnectRoute
Properties:
StageName: production
Description: Autodeploy in production
AutoDeploy: true
ApiId: !Ref wsApiGateway
AccessLogSettings:
DestinationArn: !GetAtt wsApiGatewayLogGroup.Arn
Format: '{"requestTime":"$context.requestTime","requestId":"$context.requestId","httpMethod":"$context.httpMethod","path":"$context.path","routeKey":"$context.routeKey","status":$context.status,"responseLatency":$context.responseLatency, "responseLength":$context.responseLength, "integrationError":$context.integration.error}'
I also had to go to ApiGateway previous version to define the Account so that I could specify the IAM role ARN that has write access to CloudWatch logs in the account (The section on Settings at,the console's API Gateway). It doesn't seem to have a AWS::ApiGateway2::Account.
apiGatewayAccountConfig:
Type: "AWS::ApiGateway::Account"
Properties:
CloudWatchRoleArn: !GetAtt apiGatewayWatchLogsRole.Arn
How do I enable CloudWatch logs and log full message data (as per the image) using CloudFormation in an AWS API Gateway?
You can't. Execution logs are not supported by HTTP API (i.e. ApiGatewayV2) as explained by AWS here:
HTTP APIs currently support access logging only, and logging setup is different for these APIs. For more information, see Configuring logging for an HTTP API.
这篇关于通过云形成在 API GatewayV2 Stage 中启用 CloudWatch 日志的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
