All geek questions in one place

How to enable cloudwatch logs and assign your own domain name in cloudformation

I have a cloud information template for creating api using an API gateway.

I do not know how:

  • Enable cloud browsing logs for stage in cloud form template

  • Assign a stage to a custom domain name in a cloud information template.

Is this one possible in the jso cloudformation template?

+5
source share
2 answers
  • Cloudwatch Logs :

Yes, you can enable cloud weather logs in cloudformation:

  • Configure CloudTrail log file delivery to CloudWatch logs.
  • Create an AWS CloudFormation stack using a template.

the cloud record should be something like this:

"SecurityGroupChangesAlarm": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "AlarmName" : "CloudTrailSecurityGroupChanges", "AlarmDescription" : "Alarms when an API call is made to create, update or delete a Security Group.", "AlarmActions" : [{ "Ref" : "AlarmNotificationTopic" }], "MetricName" : "SecurityGroupEventCount", "Namespace" : "CloudTrailMetrics", "ComparisonOperator" : "GreaterThanOrEqualToThreshold", "EvaluationPeriods" : "1", "Period" : "300", "Statistic" : "Sum", "Threshold" : "1" } },

Check out the aws whitepaper. Described in detail here.

  • Custom Domain Name:

a custom domain name is not defined in the cloud information template. It must be created separately, as stated in aws doc :

  • Log in to the Gateway API console at https://console.aws.amazon.com/apigateway .
  • Select custom domain names from the main navigation bar.
  • Select "Create" in the secondary navigation bar.
  • In creating a custom domain name
  • DNS setup using Amazon route 53
+3
source

Update July 5, 2017 : AWS::ApiGateway::DomainName now available, so the user resource is no longer needed for this part.

Original post dated December 24, 2016:

  • Enable cloud browsing logs for stage in cloud information template

To enable CloudWatch logs for the ApiGateway stage using CloudFormation for each method call in your API, you need to set the DataTraceEnabled property to true for all methods in the AWS::ApiGateway::Stage resource.

As stated in the "Configure Stage" section of the documentation, you will also need to associate your API Gateway account with the appropriate IAM permissions to transfer data to CloudWatch logs. To do this, you will also need to create an AWS::ApiGateway::Account resource that references the IAM role that contains the AmazonAPIGatewayPushToCloudWatchLogs managed policy, as described in the example documentation:

 CloudWatchRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: - "apigateway.amazonaws.com" Action: "sts:AssumeRole" Path: "/" ManagedPolicyArns: - "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs" Account: Type: "AWS::ApiGateway::Account" Properties: CloudWatchRoleArn: "Fn::GetAtt": - CloudWatchRole - Arn
  1. Assign a stage to a custom domain name in a cloud information template

Unfortunately, CloudFormation does not provide an official resource matching the DomainName API APIGateway REST. Fortunately, the Carl Nordenfelt unofficial API gateway for the CloudFormation project provides Custom::ApiDomainName . Here is an example provided in the documentation:

 TestApiDomainName: Type: Custom::ApiDomainName Properties: ServiceToken: {Lambda_Function_ARN} domainName: example.com certificateName: testCertificate certificateBody": "-----BEGIN CERTIFICATE-----line1 line2 ... -----END CERTIFICATE-----" certificateChain: "-----BEGIN CERTIFICATE-----line1 line2 ... -----END CERTIFICATE-----" certificatePrivateKey: "-----BEGIN RSA PRIVATE KEY-----line1 line2 ... -----END RSA PRIVATE KEY-----"

Also note that once the domain name has been created, you must create a Route53 alias record that points to !GetAtt TestApiDomainName.distributionDomainName and the static CloudFront zone identifier ( Z2FDTNDATAQYW2 ), for example:

 myDNSRecord: Type: AWS::Route53::RecordSet Properties: HostedZoneName: !Ref HostedZone Name: !Ref DomainName Type: A AliasTarget: DNSName: !GetAtt TestApiDomainName.distributionDomainName HostedZoneId: Z2FDTNDATAQYW2
+2
source

Source: https://habr.com/ru/post/1261007/

More articles:


All Articles