How to create CloudWath Logs for Logs/Tracing?

[garyyang6]

Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

I use Pulumi with the Python module pulumi_aws_apigateway to create Lambda function and API Gateway. I would like to enable CloudWatch Logs with "Full Request and Response Logs" for Logs/Tracing. I got errors as follows:

./__main__.py", line 60, in <module>
        stage_log = apigateway.StageLog('alert-stage-log',
    AttributeError: module 'pulumi_aws_apigateway' has no attribute 'StageLog'

As the error states, the module 'pulumi_aws_apigateway' has no attribute 'StageLog'. Is there any another way to connect the API Gateway state to the CloudWatch Log Group? As follows is my code.

import json
import pulumi
import pulumi_aws as aws
from pulumi import export
import pulumi_aws_apigateway as apigateway

IDENTITY_NAME = "alert"

role = aws.iam.Role(
    f"{IDENTITY_NAME}-lambda-role",
    assume_role_policy=json.dumps({
        "Version": "2012-10-17",
        "Statement": [{
            "Effect": "Allow",
            "Principal": { "Service": "lambda.amazonaws.com" },
            "Action": "sts:AssumeRole"
        }]
    })
)

policy = aws.iam.RolePolicy(
    f"{IDENTITY_NAME}-sqs-role-policy",
    role=role.id,
    policy=json.dumps({
        "Version": "2012-10-17",
        "Statement": [{
            "Action": ["logs:*", "cloudwatch:*"],
            "Resource": "*",
            "Effect": "Allow",
        },
        {
            "Action": ["sqs:SendMessage"],
            "Effect": "Allow",
            "Resource": "*"
        }
      ],
    })
    )

f = aws.lambda_.Function(
    "alertlambda",
    runtime="python3.9",
    code=pulumi.AssetArchive({
        ".": pulumi.FileArchive("./handler"),
    }),
    timeout=300,
    handler="handler.handler",
    role=role.arn,
    opts=pulumi.ResourceOptions(depends_on=[policy]),
)

api = apigateway.RestAPI(f"{IDENTITY_NAME}api", stage_name="alert", routes=[
    apigateway.RouteArgs(path="/{proxy+}", method="ANY", event_handler=f),
])

# Create a CloudWatch Log Group
log_group = aws.cloudwatch.LogGroup('alert-log-group', name='/aws/api-gateway/alert-api')

# Connect the API Gateway stage to the CloudWatch Log Group
stage_log = apigateway.StageLog('alert-stage-log',
                                rest_api_id=api.id,
                                stage_name="alert",
                                cloudwatch_log_group_arn=log_group.arn)

pulumi.export('url', api.url)

Affected area/feature

[rquitales]

Hi @garyyang6, I apologize for the confusion and the error you encountered regarding enabling logging for your API Gateway. Enabling logging through pulumi_aws_apigateway is not supported, which is why you received the has no attribute 'StageLog' error. The only resource currently supported in this package is RestAPI (documentation).

To assist you further, it would be helpful if you could provide additional details on how you encountered this nonexistent method. Understanding the specific steps or code that led to this error will allow us to investigate and address the issue more effectively.

Regarding a working example, you can adapt the following code snippet to enable logging for your API Gateway:

api_gateway_account = aws.apigateway.Account("example_account",
    cloudwatch_role_arn= log_group.arn
)

This snippet utilizes the Account resource from the pulumi-aws (https://www.pulumi.com/registry/packages/aws/api-docs/apigateway/account/) to enable logging on the API Gateway Account. By associating the CloudWatch log group ARN (log_group.arn) with the API Gateway Account, you can enable logging for your API Gateway.

Please give this approach a try and let us know if it unblocks you. If you have any further questions or encounter any issues, please don't hesitate to reach out. We're here to help!

[mjeffryes]

Closing due to inactivity