Answer-first summary for fast verification
Answer: AWS Security Token Service(STS) is used by API Gateway for logging data to CloudWatch logs. Hence, AWS STS has to be enabled for the Region that you're using, To enable CloudWatch Logs for all or only some of the methods, you must also specify the ARN of an IAM role that enables API Gateway to write information to CloudWatch Logs on behalf of your user. The IAM role must also contain the following trust relationship statement
Overall explanation Correct options: AWS Security Token Service(STS) is used by API Gateway for logging data to CloudWatch logs. Hence, AWS STS has to be enabled for the Region that you're using API Gateway calls AWS Security Token Service to assume the IAM role, so make sure that AWS STS is enabled for the Region. If you receive an error when setting the IAM role ARN, check your AWS Security Token Service account settings to make sure that AWS STS is enabled in the Region that you're using. To enable CloudWatch Logs for all or only some of the methods, you must also specify the ARN of an IAM role that enables API Gateway to write information to CloudWatch Logs on behalf of your user. The IAM role must also contain the following trust relationship statement To enable CloudWatch Logs for all or only some of the methods, you must also specify the ARN of an IAM role that enables API Gateway to write information to CloudWatch Logs on behalf of your user. To do so, choose Settings from the APIs main navigation pane. Then enter the ARN of an IAM role in the CloudWatch log role ARN text field. The IAM role must also contain the trust relationship statement.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A developer has recently integrated an AWS Lambda function with an Amazon API Gateway API. However, this integration has resulted in errors that the developer is finding difficult to troubleshoot. To resolve this, the developer has decided to enable CloudWatch logging specifically at the method level for the API Gateway API.
When configuring method-level logging for the API Gateway, what are the crucial points that the developer should consider? (Select two)
A
API Gateway API log groups or streams can only be deleted and recreated by redeploying the API
B
AWS Security Token Service(STS) is used by API Gateway for logging data to CloudWatch logs. Hence, AWS STS has to be enabled for the Region that you're using
C
You are charged for accessing method-level and stage-level CloudWatch metrics, but not for API-level metrics
D
To enable CloudWatch Logs for all or only some of the methods, you must also specify the ARN of an IAM role that enables API Gateway to write information to CloudWatch Logs on behalf of your user. The IAM role must also contain the following trust relationship statement
E
In access logging, only input variables are supported
No comments yet.