Using CloudWatch to monitor and log Event API data - Amazon AppSync Events
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Using CloudWatch to monitor and log Event API data

You can log and debug your Event API using CloudWatch metrics and CloudWatch logs. These tools enable developers to monitor performance, troubleshoot issues, and optimize their Amazon AppSync API operations effectively.

CloudWatch metrics is a tool that provides a wide range of metrics to monitor API performance and usage. These metrics fall into two main categories:

  1. HTTP API Metrics for Publish: These include 4XXError and 5XXError for tracking client and server errors, Latency for measuring response times, Requests for monitoring total API calls, TokensConsumed for tracking resource usage, and Events related to metrics for tracking event publishing performance.

  2. Real-time Subscription Metrics: These metrics focus on WebSocket connections and subscription activities. They include metrics for connection requests, successful connections, subscription registrations, message publishing, and active connections and subscriptions.

CloudWatch Logs is a tool that enables logging capabilities for your Eent APIs. Logs can be set at two levels of the API:

  1. Request-level Logs: These capture overall request information, including HTTP headers, operation summaries, and subscription registrations.

  2. Handler-level Logs: These provide detailed information about handler evaluation, including request and response mappings, and tracing information for each field.

You can configure logging, interpret log entries, and use log data for troubleshooting and optimization. Amazon AppSync provides various log types that provide insight into your API's behavior.

Setting up and configuring logging on an Event API

Us the following instruction to turn on automatic logging on a Event API using the Amazon AppSync console.

  1. Sign in to the Amazon Web Services Management Console and open the AppSync console.

  2. On the APIs page, choose the name of an Event API.

  3. On the API's homepage, in the navigation pane, choose Settings.

  4. Under Logging, do the following:

    1. Turn on Enable Logs.

    2. (Optional) For Log level, choose your preferred field-level logging level (None, Error, or All).

    3. The procedure for adding a service role varies depending on whether you want to create a new role or use an existing one.

      • To create a new role:

        1. For Create or use an existing role, choose New role. This creates a new IAM role that allows Amazon AppSync to write logs to CloudWatch.

      • To use an existing role:

        1. Choose Existing role.

        2. In the service role list, select the ARN of an existing IAM role in your Amazon Web Services account.

          For information about the configuration of the IAM role, see Manually creating an IAM role with CloudWatch Logs permissions.

  5. Choose Save.

Manually creating an IAM role with CloudWatch Logs permissions

If you choose to use an existing IAM role, the role must grant Amazon AppSync the required permissions to write logs to CloudWatch. To configure this manually, you must provide a service role ARN so that Amazon AppSync can assume the role when writing the logs.

In the IAM console, create a new policy with the name AWSAppSyncPushToCloudWatchLogsPolicy that has the following definition:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" } ] }

Next, create a new role with the name AWSAppSyncPushToCloudWatchLogsRole, and attach the newly created policy to the role. Edit the trust relationship for this role to the following:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "appsync.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }

Copy the role ARN and use it when setting up logging for an Amazon AppSync Event API.