From a7c5c75f70e7dab9481b142c4798a0abe6ef7dff Mon Sep 17 00:00:00 2001
From: Niranjan Jayakar <nija@amazon.com>
Date: Mon, 17 Aug 2020 17:03:37 +0100
Subject: [PATCH] fix(apigateway): access log format does not allow tokens
 (#9769)

fixes #9687


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 packages/@aws-cdk/aws-apigateway/lib/stage.ts |  7 +++++--
 .../aws-apigateway/test/test.stage.ts         | 21 +++++++++++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/packages/@aws-cdk/aws-apigateway/lib/stage.ts b/packages/@aws-cdk/aws-apigateway/lib/stage.ts
index 2284b20eba857..387983a19d86d 100644
--- a/packages/@aws-cdk/aws-apigateway/lib/stage.ts
+++ b/packages/@aws-cdk/aws-apigateway/lib/stage.ts
@@ -1,4 +1,4 @@
-import { Construct, Duration, IResource, Resource, Stack } from '@aws-cdk/core';
+import { Construct, Duration, IResource, Resource, Stack, Token } from '@aws-cdk/core';
 import { AccessLogFormat, IAccessLogDestination } from './access-log';
 import { CfnStage } from './apigateway.generated';
 import { Deployment } from './deployment';
@@ -210,7 +210,10 @@ export class Stage extends Resource implements IStage {
     if (!accessLogDestination && !accessLogFormat) {
       accessLogSetting = undefined;
     } else {
-      if (accessLogFormat !== undefined && !/.*\$context.requestId.*/.test(accessLogFormat.toString())) {
+      if (accessLogFormat !== undefined &&
+        !Token.isUnresolved(accessLogFormat.toString()) &&
+        !/.*\$context.requestId.*/.test(accessLogFormat.toString())) {
+
         throw new Error('Access log must include at least `AccessLogFormat.contextRequestId()`');
       }
       if (accessLogFormat !== undefined && accessLogDestination === undefined) {
diff --git a/packages/@aws-cdk/aws-apigateway/test/test.stage.ts b/packages/@aws-cdk/aws-apigateway/test/test.stage.ts
index e98f33f266ae5..b51f30a601e20 100644
--- a/packages/@aws-cdk/aws-apigateway/test/test.stage.ts
+++ b/packages/@aws-cdk/aws-apigateway/test/test.stage.ts
@@ -333,6 +333,27 @@ export = {
     test.done();
   },
 
+  'does not fail when access log format is a token'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const api = new apigateway.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: false });
+    const deployment = new apigateway.Deployment(stack, 'my-deployment', { api });
+    api.root.addMethod('GET');
+
+    // WHEN
+    const testLogGroup = new logs.LogGroup(stack, 'LogGroup');
+    const testFormat = apigateway.AccessLogFormat.custom(cdk.Lazy.stringValue({ produce: () => 'test' }));
+
+    // THEN
+    test.doesNotThrow(() => new apigateway.Stage(stack, 'my-stage', {
+      deployment,
+      accessLogDestination: new apigateway.LogGroupLogDestination(testLogGroup),
+      accessLogFormat: testFormat,
+    }));
+
+    test.done();
+  },
+
   'fails when access log destination is empty'(test: Test) {
     // GIVEN
     const stack = new cdk.Stack();