如何使用 Terraform 设置 API 网关阶段级执行日志记录?还不支持吗?
API Gateway 阶段编辑器具有 执行日志记录 配置。然而,尽管它有 access Logging 配置参数,但似乎没有参数可以在 aws_api_gateway_stage 中设置它们。
想知道是否还有其他资源可以使用,或者只是这些参数尚未实现。
你必须使用
aws_api_gateway_method_settings
...
resource "aws_api_gateway_method_settings" "YOUR_settings" {
rest_api_id = "${aws_api_gateway_rest_api.YOUR.id}"
stage_name = "${aws_api_gateway_stage.YOUR.stage_name}"
method_path = "*/*"
settings {
logging_level = "INFO"
data_trace_enabled = true
metrics_enabled = true
}
}
CloudWatch LogGroup 应如下所示
API-Gateway-Execution-Logs_{YOU_API_ID}/{YOU_STAGENAME}
...也许您必须设置所有 IAM 角色内容...
您可以在整个“阶段”级别设置这些日志记录级别,也可以覆盖阶段级别并在方法级别定义它,如下例所示:(请注意此处的“method_path”值)
resource "aws_api_gateway_method_settings" "s" {
rest_api_id = aws_api_gateway_rest_api.test.id
stage_name = aws_api_gateway_stage.test.stage_name
method_path =
"${aws_api_gateway_resource.test.path_part}/${aws_api_gateway_method.test.http_method}"
settings {
metrics_enabled = true
logging_level = "INFO"
}
}
在这里找到:
另请参阅此处:
对于未来的读者,这就是 @dasrick 接受的答案中提到的“设置所有 IAM 角色内容”的方法:
# Allow API Gateway to push logs to CloudWatch
resource "aws_api_gateway_account" "main" {
cloudwatch_role_arn = aws_iam_role.main.arn
}
resource "aws_iam_role" "main" {
name = "api-gateway-logs-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "main" {
role = aws_iam_role.main.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"
}
此策略已存在于 AWS 中,如此处所述。