There is a similar question but it does not use AWS::ApiGatewayV2::Stage, and I need the AutoDeploy that only the V2 seems to provide.
How do I enable CloudWatch logs and log full message data (as per the image) using CloudFormation in an AWS API Gateway?
I can't find anything at the documentation for the Stage https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-deploymentid
I am using an autodeployed stage. I am able to create the log groups, the IAM role to write logs in CloudWatch, but I can't enable the logging itself.
wsApiGateway:
Type: AWS::ApiGatewayV2::Api
Properties:
Name: foo-ws-gateway
Description: Api Gateway for Websockets
ProtocolType: WEBSOCKET
RouteSelectionExpression: $request.body.action
DisableExecuteApiEndpoint: true # I use custom domain
# routes and integrations ommitted.
wsApiStage:
Type: AWS::ApiGatewayV2::Stage
DependsOn:
- wsConnectRoute
- wsSendRoute
- wsDisconnectRoute
Properties:
StageName: production
Description: Autodeploy in production
AutoDeploy: true
ApiId: !Ref wsApiGateway
AccessLogSettings:
DestinationArn: !GetAtt wsApiGatewayLogGroup.Arn
Format: '{"requestTime":"$context.requestTime","requestId":"$context.requestId","httpMethod":"$context.httpMethod","path":"$context.path","routeKey":"$context.routeKey","status":$context.status,"responseLatency":$context.responseLatency, "responseLength":$context.responseLength, "integrationError":$context.integration.error}'
I also had to go to ApiGateway previous version to define the Account so that I could specify the IAM role ARN that has write access to CloudWatch logs in the account (The section on Settings at,the console's API Gateway). It doesn't seem to have a AWS::ApiGateway2::Account.
apiGatewayAccountConfig:
Type: "AWS::ApiGateway::Account"
Properties:
CloudWatchRoleArn: !GetAtt apiGatewayWatchLogsRole.Arn
