My Saved Presets
You must be logged in to view saved presets

Loading Library ...

AppSync API with Logging Configuration

Configures logging for an AWS AppSync GraphQL API using an IAM role to push logs to CloudWatch.

example

aws_appsync_graphql_api


log_config


openid_connect_config



user_pool_config




lambda_authorizer_config




additional_authentication_provider

openid_connect_config



user_pool_config






depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



example

aws_iam_role



inline_policy



managed_policy_arns





depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



example

aws_iam_role_policy_attachment



depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



assume_role

aws_iam_policy_document

override_policy_documents


source_policy_documents

statement

actions

condition


values


not_actions

not_principals

identifiers

not_resources

principals

identifiers

resources


depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



Terraform Template

data "aws_iam_policy_document" "assume_role" {

  statement {
    actions = ["sts:AssumeRole"]
    effect = "Allow"

    principals {
      identifiers = ["appsync.amazonaws.com"]
      type = "Service"
    }
  }
}

resource "aws_appsync_graphql_api" "example" {

  log_config {
    cloudwatch_logs_role_arn = aws_iam_role.example.arn
    field_log_level = "ERROR"
  }
}

resource "aws_iam_role" "example" {
  assume_role_policy = data.aws_iam_policy_document.assume_role.json
  name = "example"
}

resource "aws_iam_role_policy_attachment" "example" {
  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs"
  role = aws_iam_role.example.name
}

© 2024 asecurecloud. All rights reserved.