Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
g
great-greece-44955
10/03/2022, 3:16 AMHello, could someone please point me to some documentation on configuring API Gateway access logging, including the required role?
l
little-cartoon-10569
10/03/2022, 3:39 AMJust to CloudWatch? https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html
g
great-greece-44955
10/03/2022, 3:44 AMYes, exactly - to CloudWatch. How can we do this in Pulumi, including setting the required permission on the API Gateway?
l
little-cartoon-10569
10/03/2022, 3:52 AMAll the AWS details are on that page. You don't set any permissions on the APIGateway side, just CloudWatch.
Nope, I have that backwards, my mistake.
You need to add the given managed policy to whatever role you're giving to APIGateway.
You use the Account resource to associate a role with the gateway
There's an example on this page:https://www.pulumi.com/registry/packages/aws/api-docs/apigateway/account/
g
great-greece-44955
10/03/2022, 5:16 AMSo once I have created the user with the required role, how do I associate this account with the API Gateway instance?
I think this is where I was getting stuck on. Is it possible to do this when creating an API Gateway with the AWS Crosswalk API?
l
little-cartoon-10569
10/03/2022, 5:20 AMYou don't need a user for this. You create an instance of the apigateway.Account class.
Not sure about awsx stuff, I'll look it up, onesec.
I can't see API gateway in awsx...
g
great-greece-44955
10/03/2022, 5:23 AMSorry, I meant Account, not user. I the example above, an Account instance named “demo” is created. Do I need to do anything with this to associate it with the API Gateway instance?
l
little-cartoon-10569
10/03/2022, 5:25 AMNo. From the top of the docs page:
Account
Provides a settings of an API Gateway Account. Settings is applied region-wide per provider block.
g
great-greece-44955
10/03/2022, 5:26 AMI see, thanks.