I deployed a new Lamdba with API Gateway, and when I tried turning on the CloudWatch logging for this API Gateway from the console:
… I got this error that I haven’t seen before:
Turns out per the steps on this page, you need to create an IAM role with API Gateway as the Trusted Entity, and attach the managed policy ‘AmazonAPIGatewayPushToCloudWatchLogs’ :
Add the ARN for the role you created to the Settings for the API you are working with here:
Done!