I am new to Cloudwatch. How can I see the request payload and client service name which is calling the API in the Cloudwatch logs? I also want to filter the logs based on the client-service-name.
Related
I'm trying to upload a file into the S3 bucket via AWS API Gateway integration with S3.
I have created an API gateway and integrated it with Amazon S3. I have created both PUT and POST methods. When trying to upload via POST method, I observe internal server error. It works well via PUT method. But I have requirment only for POST method.
I have attached both my Gateway configuration API Gateway configuration and Test results via postman postman test results.
I have to schedule an API call which is Oauth 2.0 authenticated.
If I run the API call manually by accessing the token on Postman, the API call gets successfully hit.
Now I want to schedule this API call to monitor its response time and check whether it is up or not.
So, I used Postman monitor for it and added a collection which has OAuth details as well as the request. But somehow monitor is not working and it is throwing Unauthorised error.
I want to know what am I missing in Postman monitor to schedule the API or Is there any tool or method available for free where I can schedule API call and get the email notification on its failure.
We use a third party app that sends event-driven webhook requests to trigger our ERP system. We have set an ERP endpoint to receive the request but due to ERP system complexibility, we must receive the request body to a predefined format. So, somehow we need to transform the webhook body and send it to our ERP API in the desired format. I am thinking of using AWS lambda.
Can anyone give me some guidelines how to trigger the AWS lambda function receiving the webhook, then transform its content to the desired format and, finally, POST the right structure to our ERP API?
You would need to create an AWS API Gateway to receive the webhook request. You would configure the API Gateway to pass the request to an AWS Lambda function. Inside the Lambda function you would write code to parse the request, convert it into the desired format, and then perform a POST request to your ERP system.
My intention is to create an HTTP API on Amazon API Gateway that writes a file to S3 using the PutObject action via the S3 API (without calling Lambda in between). This is the PutObject request syntax: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html#API_PutObject_RequestSyntax
I'm not sure if this is technically possible and I'm getting a 403 Forbidden: ForbiddenException response in Postman.
So far I have:
Created the S3 bucket (with CORS configured)
Created the HTTP API in API Gateway (with CORS configured), with a 'putObject' POST action
Configured an integration on the HTTP API to https://[s3-bucket-name].s3.us-east-1.amazonaws.com
Create a Postman request to the HTTP API 'invoke URL', with 'Host' and 'x-apigw-api-id' set on the headers
The ForbiddenException obviously indicates a permission issue, either on the HTTP API or the S3 API behind it. I did configure a Cloudwatch Log Group on the HTTP API, which is showing no entries, so it seems that it's an HTTP API access issue.
I also suspect that I need to add Parameter Mappings to the HTTP API to pass in all of the necessary headers to the S3 putObject action.
My questions are:
Is this type of HTTP API integration direct to S3 possible?
What is the likely cause of the 403 Forbidden response from the service?
Would I use 'Append' Parameter Mappings in the HTTP API integration configuration to add the standard S3 API parameters (and avoid exposing them to the client)?
I managed to solve this myself. Answers to my own questions:
Is this type of HTTP API integration direct to S3 possible?
Yes. On my HTTP API I used an HTTP PUT integration that points to the S3 service endpoint (including the bucket name in the endpoint is incorrect).
What is the likely cause of the 403 Forbidden response from the service?
I didn't get the request working from Postman, however, when I made the request from the browser it worked. I had to create a Blob in Javascript before sending it as a request via navigator.beacon() to the HTTP API endpoint URL.
Would I use 'Append' Parameter Mappings in the HTTP API integration configuration to add the standard S3 API parameters (and avoid exposing them to the client)?
I did have to use Parameter Mappings to get the S3 PutObject request to work from API Gateway. My configuration is shown below.
Screenshot of Parameter Mapping configuration in my HTTP API
Edit: I have discovered a problem here with this approach: the HTTP API doesn't allow certain security-related headers to be added on the Parameter Mappings. I was trying to set header.x-amz-acl: 'bucket-owner-full-control' but I got the error message below:
Invalid mapping expression specified: Validation Result: warnings : [], errors : [Operations on header x-amz-acl are restricted]
It seems that modifying any security-related S3 API header isn't possible in the HTTP API. This is a major problem for calling the S3 API directly as it means that in order to function, the S3 bucket needs to be public.
I need to be able to see the logs for my calls on AWS API Gateway. When I perform the calls from within Gateway's Dashboard I can see them under the Logs section.
How can I see them for external call (e.g.: calls made using curl)?
I tried enabling CloudWatch but I can only see the metric, and not the actual log messages.
The most likely reason for not being able to see API Gateway logs in CloudWatch logs is that you haven't specified the ARN of an IAM role that enables API Gateway to write information to CloudWatch Logs.
You then need to explicitly enable logging on each Stage. You don't need to (re)Deploy the API, just Save.
Detailed instructions here:
https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html#set-up-access-logging-using-console
Once enabled you will get a log group named "/aws/apigateway/welcome" with a log line confirming logs are enabled.