Amazon API Gateway to Amazon CloudWatch

This pattern creates an Amazon API Gateway with access logging to Amazon CloudWatch configured.

Learn more about this pattern at Serverless Land Patterns: https://serverlessland.com/patterns/apigw-cloudwatch

Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the AWS Pricing page for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.


Deployment Instructions

  1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository:

    git clone https://github.com/aws-samples/serverless-patterns
  2. Change directory to the pattern directory:

    cd apigw-cloudwatch
  3. From the command line, use AWS SAM to deploy the AWS resources for the pattern as specified in the template.yml file:

    sam deploy --guided
  4. During the prompts:

    • Enter a stack name
    • Enter the desired AWS Region
    • Allow SAM CLI to create IAM roles with the required permissions.

    Once you have run sam deploy --guided mode once and saved arguments to a configuration file (samconfig.toml), you can use sam deploy in future to use these defaults.

  5. Note the outputs from the SAM deployment process. These contain the resource names and/or ARNs which are used for testing.

How it works

The application will only accept requests from countries that are in the country code array for the WAF rule.


Deploy the application and then go to the oputput URL. Refresh the screen multiple times. Then go to Amazon CloudWatch and check the log group that is created. The name will be in the outputs. You will see something like:

    "requestId": "d14676c9-a4a3-46e0-9168-87ed1a429eb3",
    "waf-error": "-",
    "waf-status": "-",
    "waf-latency": "-",
    "waf-response": "-",
    "authenticate-error": "-",
    "authenticate-status": "-",
    "authenticate-latency": "-",
    "authorize-error": "-",
    "authorize-status": "-",
    "authorize-latency": "-",
    "integration-error": "-",
    "integration-status": "200",
    "integration-latency": "15",
    "integration-requestId": "55c51049-49c2-42f6-bb23-48e9595094da",
    "integration-integrationStatus": "200",
    "response-latency": "17",
    "status": "200"

You can add authorization and a WAF to see the other data filled in.


  1. Delete the stack
    sam delete --stack-name STACK_NAME
  2. Confirm the stack has been deleted
    aws cloudformation list-stacks --query "StackSummaries[?contains(StackName,'STACK_NAME')].StackStatus"

All Rights Reserved

Let's register a Viblo Account to get more interesting posts.