AWS CloudWatch: Setup API Gateway Account with CloudWatch Logging

Terraform Template

data "aws_iam_policy_document" "assume_role" {

  statement {
    actions = ["sts:AssumeRole"]
    effect = "Allow"

    principals {
      identifiers = ["apigateway.amazonaws.com"]
      type = "Service"
    }
  }
}

data "aws_iam_policy_document" "cloudwatch" {

  statement {
    actions = ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutLogEvents", "logs:GetLogEvents", "logs:FilterLogEvents"]
    effect = "Allow"
    resources = [*]
  }
}

resource "aws_api_gateway_account" "demo" {
  cloudwatch_role_arn = aws_iam_role.cloudwatch.arn
}

resource "aws_iam_role" "cloudwatch" {
  assume_role_policy = data.aws_iam_policy_document.assume_role.json
  name = "api_gateway_cloudwatch_global"
}

resource "aws_iam_role_policy" "cloudwatch" {
  name = "default"
  policy = data.aws_iam_policy_document.cloudwatch.json
  role = aws_iam_role.cloudwatch.id
}

Loading Library ...

Setup API Gateway Account with CloudWatch Logging

demo

depends_on

ignore_changes

replace_triggered_by

cloudwatch

managed_policy_arns

depends_on

ignore_changes

replace_triggered_by

cloudwatch

depends_on

ignore_changes

replace_triggered_by

assume_role

override_policy_documents

source_policy_documents

actions

values

not_actions

identifiers

not_resources

identifiers

resources

depends_on

ignore_changes

replace_triggered_by

cloudwatch

override_policy_documents

source_policy_documents

actions

values

not_actions

identifiers

not_resources

identifiers

resources

depends_on

ignore_changes

replace_triggered_by

Terraform Template