Enabling AWS API Gateway CloudWatch logging

I deployed a new Lamdba with API Gateway, and when I tried turning on the CloudWatch logging for this API Gateway from the console:

… I got this error that I haven’t seen before:

Turns out per the steps on this page, you need to create an IAM role with API Gateway as the Trusted Entity, and attach the managed policy ‘AmazonAPIGatewayPushToCloudWatchLogs’ :

Add the ARN for the role you created to the Settings for the API you are working with here:

Done!