I deployed a new Lamdba with API Gateway, and when I tried turning on the CloudWatch logging for this API Gateway from the console:
![](https://i0.wp.com/www.kevinhooke.com/wp-content/uploads/2021/10/image-17.png?resize=525%2C182&ssl=1)
… I got this error that I haven’t seen before:
![](https://i0.wp.com/www.kevinhooke.com/wp-content/uploads/2021/10/image-16.png?resize=525%2C59&ssl=1)
Turns out per the steps on this page, you need to create an IAM role with API Gateway as the Trusted Entity, and attach the managed policy ‘AmazonAPIGatewayPushToCloudWatchLogs’ :
![](https://i0.wp.com/www.kevinhooke.com/wp-content/uploads/2021/10/image-18.png?resize=525%2C264&ssl=1)
Add the ARN for the role you created to the Settings for the API you are working with here:
![](https://i0.wp.com/www.kevinhooke.com/wp-content/uploads/2021/10/image-19.png?resize=525%2C258&ssl=1)
Done!