1. Home
  2. Training Library
  3. Amazon Web Services
  4. Courses
  5. Introduction to Amazon API Gateway

Monitoring and Troubleshooting

Start course

API Gateway is a fully managed service by Amazon that makes it easy for developers to create, publish, maintain and monitor their APIs at any scale without having to worry about versioning, authorizations, throttling and other administrative tasks. In this course, authored by Tehreem Siddiqui and narrated by Adam Hawkins, you will learn how to create and deploy REST API through API Gateway to expose HTTP endpoints, AWS Lambda functions and other AWS services.


Hello and welcome back to the API Gateway course. This lesson covers the various ways we can monitor and troubleshoot the API Gateway. There are two primary methods, CloudTrail and CloudWatch. CloudTrail gives you an audit history of who, what, when, for the API Gateway and also the same information for individual API calls. You can use this to generally trace back what happened. The API Gateway may also be integrated with CloudWatch for times where you use data and visualization. Let's look at the metrics CloudWatch provides.

The data generally matches what you'd expect from an HTTP server. There are counters for incoming requests, latencies for the API and at the back end level, and finally counters on individual response codes like 4xx and 5xx. These metrics should be enough to assess high-level operational state. CloudWatch also provides simple dashboards. You can also get real time logs with CloudWatch.

This requires a little bit of extra setup though. Let's switch over to the AWS console to integrate our API Gateway with CloudWatch. Let's enable the CloudWatch integration for the the restaurant example from an earlier lesson.

First select the API Gateway and then choose any deployment stage. We'll need a deployed stage to get any metrics. Next check CloudWatch logs and detailed monitoring and try to save the changes. Now unfortunately, we'll get an error because our IAM user does not have access to make these kinds of API calls. To fix this, we need to go back to the IAM console, create a roll with the appropriate permissions. So let's make a new role, can use any name you'd like. Now select API Gateway service role, and attach the push CloudWatch logs policy.

Now save this ARN. We'll need this for later. Now come back to the settings and paste the ARN you just created into the service role settings. Now we can come back to the API Gateway and save our settings. Now we can come back over to the API dashboard and see the metrics provided by CloudWatch. Now you may not have so much in it right now depending on how many requests you've made. You can of course change these numbers by making requests back to your API.

So that's it for the CloudWatch metrics. Let's change pace and see how we can interact with log coming from things coming from things behind our API Gateway. Here I've switched over to the CloudWatch console. Select Metrics on the left, and we'll find metrics for our API Gateway. Make sure you select all metrics and find what you're looking for. You can always add multiple metrics to the visualizations to compare multiple things at the same time. Alright, let's look for logs. Find the log group for the lambda corresponding this API Gateway.

Now what I'll do is I'll open Postman, start sending some requests, generate some logs so we can see them back in CloudWatch. Now what I've done here is sent a malformed JSON request party back to our API. So navigate through the AWS logs console and find the appropriate log stream. Here we see our incorrect parameter and the debugging information.

Now you can also refresh this view if you want to watch logs in real time. You also want to configure different expirations. CloudWatch logs can be expensive, so it's in your best interest to configure this up front, and this wraps up this lesson on monitoring and troubleshooting. These two features should give you enough to get going and debug most common production issues. Our next lesson covers importing and exporting swagger definitions. See you there.

About the Author
Tehreem Siddiqui
Sr. Software Engineer

Tehreem is a Sr. Software Engineer with passion in Cloud Technologies, Big Data analytics, Software Testing and Automation. She has over 10 years of work experience comprising of her tenure at ServiceNow, Microsoft and Harmonic Inc. Most recently she has been developing learning content in-line with the emergence of Public Clouds and XaaS platforms with focus on AWS, Microsoft Azure and GCP. Tehreem resides in BayArea, CA with her family and when not working she enjoys nature/outdoors, movies and fine dining.