How do I set CloudWatch log role ARN in apigateway settings Pulumi Community #aws

Join Slack

How do I set CloudWatch log role ARN in apigateway...

# aws

millions-furniture-75402

08/11/2020, 2:29 PM

How do I set CloudWatch log role ARN in apigateway settings?

delightful-controller-41497

08/11/2020, 2:35 PM

apigateway v1 or v2?

millions-furniture-75402

08/11/2020, 2:38 PM

delightful-controller-41497

08/11/2020, 2:42 PM

maybe this helps? https://www.pulumi.com/docs/reference/pkg/aws/apigateway/stage/#managing-the-api-logging-cloudwatch-log-group

millions-furniture-75402

08/11/2020, 2:46 PM

Maybe… though I’m going through crosswalk

millions-furniture-75402

08/11/2020, 2:48 PM

Can I maybe put the log group in depends on in the creation of the API with cloudwatch and expect the same result?

millions-furniture-75402

08/11/2020, 2:48 PM

It’s interesting that it’s using dependsOn, and not a property.

millions-furniture-75402

08/11/2020, 3:48 PM

So the log role ARN is at the apigateway account level. That wasn’t clear to me, but made it easier to find the property:

Copy code

const appLogRole = new aws.iam.Role(`${appName}-log-role`, {
  assumeRolePolicy: `{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Action": "sts:AssumeRole",
        "Principal": {
          "Service": "<http://apigateway.amazonaws.com|apigateway.amazonaws.com>"
        },
        "Effect": "Allow",
        "Sid": ""
      }
    ]
  }`,
});

const appLogPolicyAttachment = new aws.iam.RolePolicyAttachment(
  `${appName}-log-ra`,
  {
    role: appLogRole,
    policyArn: aws.iam.ManagedPolicies.AmazonAPIGatewayPushToCloudWatchLogs,
  },
  { parent: appLogRole }
);

const appApiSettings = new aws.apigateway.Account(`${appName}-api-settings`, {
  cloudwatchRoleArn: appLogRole.arn
});

👍 1

Open in Slack

Previous Next