amazon-web-servicespulumipulumi-python

Pulumi AWS API Gateway: How to create CloudWath Logs for Logs/Tracing in Python?


I use Pulumi with the Python module pulumi_aws_apigateway to create Lambda function and API Gateway. I would like to enable CloudWatch Logs with "Full Request and Response Logs" for Logs/Tracing. I got errors as follows:

./__main__.py", line 60, in <module>
        stage_log = apigateway.StageLog('alert-stage-log',
    AttributeError: module 'pulumi_aws_apigateway' has no attribute 'StageLog'

As the error states, the module 'pulumi_aws_apigateway' has no attribute 'StageLog'. Is there any another way to connect the API Gateway state to the CloudWatch Log Group? As follows is my code.

import json
import pulumi
import pulumi_aws as aws
from pulumi import export
import pulumi_aws_apigateway as apigateway

IDENTITY_NAME = "alert"

role = aws.iam.Role(
    f"{IDENTITY_NAME}-lambda-role",
    assume_role_policy=json.dumps({
        "Version": "2012-10-17",
        "Statement": [{
            "Effect": "Allow",
            "Principal": { "Service": "lambda.amazonaws.com" },
            "Action": "sts:AssumeRole"
        }]
    })
)

policy = aws.iam.RolePolicy(
    f"{IDENTITY_NAME}-sqs-role-policy",
    role=role.id,
    policy=json.dumps({
        "Version": "2012-10-17",
        "Statement": [{
            "Action": ["logs:*", "cloudwatch:*"],
            "Resource": "*",
            "Effect": "Allow",
        },
        {
            "Action": ["sqs:SendMessage"],
            "Effect": "Allow",
            "Resource": "*"
        }
      ],
    })
    )

f = aws.lambda_.Function(
    "alertlambda",
    runtime="python3.9",
    code=pulumi.AssetArchive({
        ".": pulumi.FileArchive("./handler"),
    }),
    timeout=300,
    handler="handler.handler",
    role=role.arn,
    opts=pulumi.ResourceOptions(depends_on=[policy]),
)

api = apigateway.RestAPI(f"{IDENTITY_NAME}api", stage_name="alert", routes=[
    apigateway.RouteArgs(path="/{proxy+}", method="ANY", event_handler=f),
])

# Create a CloudWatch Log Group
log_group = aws.cloudwatch.LogGroup('alert-log-group', name='/aws/api-gateway/alert-api')

# Connect the API Gateway stage to the CloudWatch Log Group
stage_log = apigateway.StageLog('alert-stage-log',
                                rest_api_id=api.id,
                                stage_name="alert",
                                cloudwatch_log_group_arn=log_group.arn)

pulumi.export('url', api.url)

Solution

  • How you're creating the log group seems fine, the issue is how you're using the apigateway. Try this:

    import pulumi
    import pulumi_aws as aws
    import pulumi_aws.apigateway as apigateway
    
    lg = aws.cloudwatch.LogGroup('alert-log-group',
                                 name='alert-api',
                                 retention_in_days=30)
    
    stage_log = apigateway.StageLog('alert-stage-log',
                                    rest_api_id=api.id,
                                    stage_name='alert',
                                    cloudwatch_log_group_arn=lg.arn)
    
    pulumi.export('log group', lg.name)
    pulumi.export('url', api.invoke_url)