https://pulumi.com logo
#aws
Title
m

millions-furniture-75402

08/11/2020, 2:29 PM
How do I set CloudWatch log role ARN in apigateway settings?
d

delightful-controller-41497

08/11/2020, 2:35 PM
apigateway v1 or v2?
m

millions-furniture-75402

08/11/2020, 2:38 PM
v1
m

millions-furniture-75402

08/11/2020, 2:46 PM
Maybe… though I’m going through crosswalk
Can I maybe put the log group in depends on in the creation of the API with cloudwatch and expect the same result?
It’s interesting that it’s using dependsOn, and not a property.
So the log role ARN is at the apigateway account level.  That wasn’t clear to me, but made it easier to find the property:
Copy code
const appLogRole = new aws.iam.Role(`${appName}-log-role`, {
  assumeRolePolicy: `{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Action": "sts:AssumeRole",
        "Principal": {
          "Service": "<http://apigateway.amazonaws.com|apigateway.amazonaws.com>"
        },
        "Effect": "Allow",
        "Sid": ""
      }
    ]
  }`,
});

const appLogPolicyAttachment = new aws.iam.RolePolicyAttachment(
  `${appName}-log-ra`,
  {
    role: appLogRole,
    policyArn: aws.iam.ManagedPolicies.AmazonAPIGatewayPushToCloudWatchLogs,
  },
  { parent: appLogRole }
);

const appApiSettings = new aws.apigateway.Account(`${appName}-api-settings`, {
  cloudwatchRoleArn: appLogRole.arn
});
👍 1