Monitoring is vital to maintaining your AWS cloud resources' reliability, security, and performance. To gain a better insight into your API activity, you must enable access and debug logging for your Amazon API Gateway API. This will record information about the API execution at the API stage level, information that can be extremely useful for auditing and troubleshooting. By default, logging is disabled for your Amazon API Gateway REST and WebSocket APIs. Once the logging feature is enabled, Amazon API Gateway sends the access and debug logging data recorded for your API stage to a CloudWatch Logs log group created for this purpose.
Remediation Steps
To enable logging for your API Gateway REST/WebSocket API via AWS Management Console:
- Access the Amazon API Gateway console available at https://console.aws.amazon.com/apigateway and choose APIs.
- Open the REST/WebSocket API that you want to configure and choose Stages.
- Open the API stage that you want to log in to and select the Logs/Tracing tab.
- Select the Enable CloudWatch Logs checkbox to enable access and debug logging for your API stage.
- For Log level, choose the logging level that you want to configure for your API stage.
- Select the Log full requests/responses data checkbox for REST API and Log full message data for WebSocket API if you want to record the full request/response/message data sent to Amazon API Gateway.
- Choose Save Changes to apply the changes.
Useful Links
- Amazon API Gateway Service FAQs
- Monitoring in Amazon API Gateway
- Setting up CloudWatch logging for APIs
- update-stage CLI command