#115 - Turn on API Gateway Access Logs

formkiq · Feb 16, 2023 · a352d0c · a352d0c
1 parent ed8ad3a
commit a352d0c
Show file tree

Hide file tree

Showing 5 changed files with 108 additions and 6 deletions.
diff --git a/lambda-api/src/main/resources/cloudformation/template-snippet.yaml b/lambda-api/src/main/resources/cloudformation/template-snippet.yaml
@@ -124,7 +124,14 @@ Conditions:
       - Condition: HasTypesenseApiKey
 
 Resources:        
-
+
+  DocumentsApiRequestsLogGroup:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      LogGroupName: 
+        Fn::Sub: "/aws/lambda/${DocumentsApiRequests}"
+      RetentionInDays: 90
+
   DocumentsApiRequests:
     Type: AWS::Serverless::Function
     DependsOn:
@@ -197,6 +204,20 @@ Resources:
         Ref: DocumentsApiRequests
       Principal: apigateway.amazonaws.com
 
+  DocumentsStageAccessLogs:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      RetentionInDays: 90
+      LogGroupName: 
+        Fn::Sub: "/${AWS::StackName}/APIDocumentsHttpAccessLogs"
+
+  IamDocumentsStageAccessLogs:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      RetentionInDays: 90
+      LogGroupName: 
+        Fn::Sub: "/${AWS::StackName}/APIDocumentsIamAccessLogs"
+
   DocumentsStage:
     Type: AWS::ApiGatewayV2::Stage
     Properties:
@@ -206,6 +227,12 @@ Resources:
       Description: 
         Fn::Sub: "Documents API ${AppEnvironment}"
       StageName: "$default"
+      AccessLogSettings:
+        DestinationArn: 
+          Fn::GetAtt: 
+          - DocumentsStageAccessLogs
+          - Arn
+        Format: '{ "requestId":"$context.requestId", "ip": "$context.identity.sourceIp", "requestTime":"$context.requestTime", "httpMethod":"$context.httpMethod","routeKey":"$context.routeKey", "status":"$context.status","protocol":"$context.protocol", "integrationStatus": $context.integrationStatus, "integrationLatency": $context.integrationLatency, "responseLength":"$context.responseLength" }'
 
   IamDocumentsStage:
     Type: AWS::ApiGatewayV2::Stage
@@ -216,6 +243,13 @@ Resources:
       Description: 
         Fn::Sub: "Documents IAM API ${AppEnvironment}"
       StageName: "$default"
+      AccessLogSettings:
+        DestinationArn: 
+          Fn::GetAtt: 
+          - IamDocumentsStageAccessLogs
+          - Arn
+        Format: '{ "requestId":"$context.requestId", "ip": "$context.identity.sourceIp", "requestTime":"$context.requestTime", "httpMethod":"$context.httpMethod","routeKey":"$context.routeKey", "status":"$context.status","protocol":"$context.protocol", "integrationStatus": $context.integrationStatus, "integrationLatency": $context.integrationLatency, "responseLength":"$context.responseLength" }'
+
 
   DocumentsHttpApiUrlParameter:
     Type: AWS::SSM::Parameter

diff --git a/lambda-s3/src/main/resources/cloudformation/template-sar.yaml b/lambda-s3/src/main/resources/cloudformation/template-sar.yaml
@@ -199,6 +199,13 @@ Resources:
           Value: 
             Fn::Sub: "${AWS::StackName}"
 
+  DocumentActionsProcessorLogGroup:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      LogGroupName: 
+        Fn::Sub: "/aws/lambda/${DocumentActionsProcessor}"
+      RetentionInDays: 90
+
   DocumentActionsProcessor:
     Type: AWS::Serverless::Function
     DependsOn:
@@ -247,7 +254,14 @@ Resources:
               - DocumentActionsQueue
               - Arn
             BatchSize: 10          
-
+
+  StagingS3CreateLogGroup:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      LogGroupName: 
+        Fn::Sub: "/aws/lambda/${StagingS3Create}"
+      RetentionInDays: 90
+
   StagingS3Create:
     Type: AWS::Serverless::Function
     DependsOn:
@@ -325,7 +339,14 @@ Resources:
         - ''
         - - 'arn:aws:s3:::'
           - Fn::Sub: "formkiq-${FormKiQType}-${AppEnvironment}-staging-${AWS::AccountId}"
-
+
+  DocumentsS3UpdateLogGroup:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      LogGroupName: 
+        Fn::Sub: "/aws/lambda/${DocumentsS3Update}"
+      RetentionInDays: 90
+
   DocumentsS3Update:
     Type: AWS::Serverless::Function
     DependsOn:

diff --git a/lambda-typesense/src/main/resources/cloudformation/typesense/template.yaml b/lambda-typesense/src/main/resources/cloudformation/typesense/template.yaml
@@ -99,6 +99,13 @@ Conditions:
       - Condition: CreateResources
 
 Resources:
+
+  TypesenseProcessorLogGroup:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      LogGroupName: 
+        Fn::Sub: "/aws/lambda/${TypesenseProcessor}"
+      RetentionInDays: 90
 
   TypesenseProcessor:
     Type: AWS::Serverless::Function
@@ -485,6 +492,13 @@ Resources:
           - Arn
       PayloadFormatVersion: "1.0"
 
+  StageAccessLogs:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      RetentionInDays: 90
+      LogGroupName: 
+        Fn::Sub: "/${AWS::StackName}/APITypeSenseAccessLogs"
+
   Stage:
     Type: AWS::ApiGatewayV2::Stage
     Condition: CreateResources
@@ -493,6 +507,12 @@ Resources:
         Ref: ApiGateway
       StageName: $default
       AutoDeploy: true
+      AccessLogSettings:
+        DestinationArn: 
+          Fn::GetAtt: 
+          - StageAccessLogs
+          - Arn
+        Format: '{ "requestId":"$context.requestId", "ip": "$context.identity.sourceIp", "requestTime":"$context.requestTime", "httpMethod":"$context.httpMethod","routeKey":"$context.routeKey", "status":"$context.status","protocol":"$context.protocol", "integrationStatus": $context.integrationStatus, "integrationLatency": $context.integrationLatency, "responseLength":"$context.responseLength" }'
 
   Route:
     Type: AWS::ApiGatewayV2::Route

diff --git a/module-email-notify/src/main/resources/cloudformation/template-sar.yaml b/module-email-notify/src/main/resources/cloudformation/template-sar.yaml
@@ -76,7 +76,14 @@ Resources:
           Fn::Sub: "${AppEnvironment}"
         StackName: 
           Fn::Sub: "${AWS::StackName}"
-
+
+  EmailNotifyLogGroup:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      LogGroupName: 
+        Fn::Sub: "/aws/lambda/${EmailNotify}"
+      RetentionInDays: 90
+
   EmailNotify:
     Type: AWS::Serverless::Function
     DependsOn:

diff --git a/websocket-api/src/main/resources/cloudformation/template-sar.yaml b/websocket-api/src/main/resources/cloudformation/template-sar.yaml
@@ -98,7 +98,14 @@ Resources:
     Properties:
       ApiId: 
         Ref: WebSocketApi
-
+
+  StageAccessLogs:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      RetentionInDays: 90
+      LogGroupName: 
+        Fn::Sub: "/${AWS::StackName}/APIWebsocketAccessLogs"
+
   Stage:
     Type: AWS::ApiGatewayV2::Stage
     Properties:
@@ -109,6 +116,12 @@ Resources:
         Ref: Deployment
       ApiId: 
         Ref: WebSocketApi
+      AccessLogSettings:
+        DestinationArn: 
+          Fn::GetAtt: 
+          - StageAccessLogs
+          - Arn
+        Format: '{ "requestId":"$context.requestId", "ip": "$context.identity.sourceIp", "requestTime":"$context.requestTime", "httpMethod":"$context.httpMethod","routeKey":"$context.routeKey", "status":"$context.status","protocol":"$context.protocol", "integrationStatus": $context.integrationStatus, "integrationLatency": $context.integrationLatency, "responseLength":"$context.responseLength" }'
       Tags:
         Application: 
           Fn::Sub: "FormKiQ ${FormKiQType}"
@@ -193,7 +206,14 @@ Resources:
           Fn::Sub: "${AppEnvironment}"
         StackName: 
           Fn::Sub: "${AWS::StackName}"
-
+
+  ApiFunctionLogGroup:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      LogGroupName: 
+        Fn::Sub: "/aws/lambda/${ApiFunction}"
+      RetentionInDays: 90
+
   ApiFunction:
     Type: AWS::Serverless::Function
     Properties: