Enable Cloudwatch Logs in API Gateway

The logs in the API Gateway is not enabled by default and it needs to be enabled. This is a bit surprising given many other services lambda have logging enabled by default.

To enable logs, a Cloudwatch role needs to be created first. To create the role, open IAM in console. Click on roles.

Click on Create new role and select API Gateway.

After clicking Select the only policy available is AmazonAPIGatewayPushToCloudWatchLogs. Select the policy and Click Next. Add a Role name and description and then click on Create Role.

Once the role is create, note and copy the ARN of the role created.

Once the ARN of the role is copied, it needs to be added API Gateway. On the API Gateway console, click on Settings and enter the ARN of the Cloudwatch role. When the settings is saved, the api can start logging which is recorded in Cloudwatch.