I'm struggling to enable logging from API Gateway to Cloudwatch I've created the role and policy allowing API gateway to log to Cloudwatch and applied this on the api gateway Account resource, which works fine. In the AWS console, you then have to go to the Stage and enable logging. Optionally adding

Custom access logging

where you define your format However, in Pulumi stage resource properties there is only

destinationArn

and

format

. And even when I supply a destinationArn (have tested both creating the log group myself and referencing its arn, or simply contructing an arn string and letting API gateway create the log group) this doesn't enable the "CloudWatch logs" setting which remains on 'disabled' after pulumi up. The

Detailed metrics

option is also missing from the pulumi provider as is

x-ray tracing

Am I missing something?

Just to make sure: Have you seen the example at https://www.pulumi.com/registry/packages/aws/api-docs/apigateway/stage/#managing-the-api-logging-cloudwatch-log-group?

@modern-zebra-45309 yes thanks I've already configured that. There are two parts to getting the logging working, one is setting up the role and the log group, which is global for the entire account. The other is enabling logging on the particular API gateway stage That option is simply missing from the pulumi

apigateway

provider. The

apigatewayv2

provider has it, but apparently that's only for websockets apis. I ended up getting it working using the

aws-native

provider.

# tried using v2 since the properties are just not present on the v1 provider resource. but v2 is for websockets only apparently not http api
  api_payments_secondStage:
    # type: aws:apigateway:Stage # v1
    # type: aws:apigatewayv2:Stage # v2
    type: aws-native:apigateway:Stage # native
    options: {}
    properties:
      # deployment: ${api_payments.deployment} # v1
      deploymentId: ${api_payments.deployment} # native
      # autoDeploy: True # v2 setting
      # restApi: ${api_payments.api.id} # v1
      # apiId:  ${api_payments.api.id} # v2
      restApiId: ${api_payments.api.id} # native
      stageName: ${pulumi.stack}_native_active # v1 and native
      # name: ${api_payments.stage.stageName}_active # v2
      # defaultRouteSettings: # v2
      methodSettings:
        - resourcePath: "/*"
          httpMethod: "*"
          loggingLevel: INFO
          # detailedMetricsEnabled: True
          metricsEnabled: True
          dataTraceEnabled: True
      # accessLogSettings: # v1, v2
      accessLogSetting: # native
        destinationArn: ${lg_api_gateway_payments.arn}
        # destinationArn: arn:aws:logs:ap-southeast-1:${varCurrentAwsAccountId}:log-group:API-Gateway-PinConfigured-LogGroup_${api_payments.api.id}/${pulumi.stack}
        # Format from <https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html?icmpid=apigateway_console_help#apigateway-cloudwatch-log-formats>
        format: '{ "requestId":"$context.requestId", "extendedRequestId":"$context.extendedRequestId","ip": "$context.identity.sourceIp", "caller":"$context.identity.caller", "user":"$context.identity.user", "requestTime":"$context.requestTime", "httpMethod":"$context.httpMethod", "resourcePath":"$context.resourcePath", "status":"$context.status", "protocol":"$context.protocol", "responseLength":"$context.responseLength" }'
      description: ${pulumi.stack}
      tags:
        - key: Environment # native
          value: ${pulumi.stack} # native
        # Environment: ${pulumi.stack} # v1 and v2
        # CreatedBy: pulumi # v1 and v2

V1 and V2 of API gateway are indeed different products. While the naming suggests an upgraded release. V1 is for REST api deployments and V2 like you wrote for web sockets.