No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hello, could someone please point me to some documentation on configuring API Gateway access logging, including the required role? 

Just to CloudWatch? <https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html>

Yes, exactly - to CloudWatch. How can we do this in Pulumi, including setting the required permission on the API Gateway?

All the AWS details are on that page.  You don't set any permissions on the APIGateway side, just CloudWatch.

You need to add the given managed policy to whatever role you're giving to APIGateway.

You use the Account resource to associate a role with the gateway

There's an example on this page:<https://www.pulumi.com/registry/packages/aws/api-docs/apigateway/account/>

So once I have created the user with the required  role, how do I associate this account with the API Gateway instance?

I think this is where I was getting stuck on. Is it possible to do this when creating an API Gateway with the AWS Crosswalk API?

You don't need a user for this. You create an instance of the apigateway.Account class.

Not sure about awsx stuff, I'll look it up, onesec.

Sorry, I meant Account, not user. I the example above, an Account instance named “demo” is created. Do I need to do anything with this to associate it with the API Gateway instance?

No. From the top of the docs page:
&gt; Account
&gt; 
&gt; Provides a settings of an API Gateway Account. Settings is applied region-wide per provider block.