必须在账户设置中设置 CloudWatch Logs 角色 ARN 才能启用日志记录

我有一个 API 网关，我正在尝试将其部署到开发人员，但我不断收到有关 CloudWatch 日志记录的错误。我找不到如何正确设置部署权限。希望有人有一些可以提供帮助的知识，因为文档非常模糊并且没有真正的帮助。我希望附加模板或 cli 中的正确权限和策略。

这是我遇到的错误：

Resource handler returned message: "CloudWatch      
Logs role ARN must be set in account settings to    
enable logging (Service: ApiGateway, Status         
Code: 400, Request ID:                              
ac7ee97a-255b-4be9-8352-66b762f87c5d)"              
(RequestToken:                                      
88b15f37-2b1c-cfa2-43d7-5ca7b8572b63,               
HandlerErrorCode: InvalidRequest)  

这是我的 template.yaml 文件：

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  gofiber-sam-v1
  
  Sample SAM Template for gofiber-sam-v1

# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
  Function:
    Timeout: 60
Parameters:
  DeploymentStage:
    Type: String
    Default: dev
    AllowedValues:
      - dev
      - v1
    Description: Deployment Stage

Resources:
  CloudWatchLogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: /aws/lambda/GoFiberApp
      RetentionInDays: 30

  GoFiberAppRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - lambda.amazonaws.com
            Action: sts:AssumeRole

  GoFiberAppPolicy:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: GoFiberAppPolicy
      Roles:
        - !Ref GoFiberAppRole
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Action:
              - s3:PutObject
              - s3:GetObject
            Resource: "*"
          - Effect: Allow
            Action:
              - logs:CreateLogGroup
              - logs:CreateLogStream
              - logs:PutLogEvents
            Resource: arn:aws:logs:*:*:log-group:/aws/lambda/GoFiberApp:*
  GoFiberApp:
    Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
    Metadata:
      Name: "GoFiber Sam API Handler"
    Properties:
      CodeUri: ./
      Handler: main
      Runtime: go1.x
      Role: !GetAtt GoFiberAppRole.Arn
      Architectures:
        - x86_64
      Events:
        ProxyEvent:
          Type: Api
          Properties:
            Path: /{proxy+}
            Method: ANY
            RestApiId: !Ref ApiGatewayRestApi
  

  ApiGatewayRestApi:
    Type: AWS::Serverless::Api # More info about API Resource:
    Metadata:
      Name: "AdPrompt API (is2p5yk9v3)"
    Properties:
      StageName: dev
      Auth:
        ApiKeyRequired: true
      MethodSettings:
      - HttpMethod: "*"
        LoggingLevel: INFO
        ResourcePath: "/*"
      AccessLogSetting:
        DestinationArn: !GetAtt CloudWatchLogGroup.Arn
        Format: '{"requestId":"$context.requestId","ip":"$context.identity.sourceIp","requestTime":"$context.requestTime","httpMethod":"$context.httpMethod","routeKey":"$context.routeKey","status":"$context.status","responseLength":"$context.responseLength"}'

  ApiGatewayRestApiRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - apigateway.amazonaws.com
            Action: sts:AssumeRole

  ApiGatewayDeployment:
    Type: AWS::ApiGateway::Deployment
    Properties:
      RestApiId: !Ref ApiGatewayRestApi

  DevStage:
    Type: AWS::ApiGateway::Stage
    Condition: IsDev
    Properties:
      StageName: dev
      Description: Dev Stage
      RestApiId: !Ref ApiGatewayRestApi
      DeploymentId: !Ref ApiGatewayDeployment
  V1Stage:
    Type: AWS::ApiGateway::Stage
    Condition: IsV1
    Properties:
      StageName: v1
      Description: Prod Stage
      RestApiId: !Ref ApiGatewayRestApi
      DeploymentId: !Ref ApiGatewayDeployment

Conditions:
  IsDev: !Equals [!Ref DeploymentStage, 'dev']
  IsV1: !Equals [!Ref DeploymentStage, 'v1']

Outputs:
  GoFiberAPI:
    Description: "API Gateway endpoint URL AdPrompt API"
    Value: !Sub "https://${ApiGatewayRestApi}.execute-api.${AWS::Region}.amazonaws.com/${DeploymentStage}"  # Construct the API endpoint URL using the RestApiId and StageName
    Export:
      Name: "GoFiberAPI"
  ApiGatewayRestApi:
    Description: "RESTful API"
    Value: !Ref ApiGatewayRestApi  # Use the intrinsic function Ref to reference the RestApiId
  ApiGatewayRestApiIamRole:
    Description: "IAM role for GoFiber API Gateway"
    Value: !GetAtt ApiGatewayRestApiRole.Arn