thien k phan
Insufficient permissions to enable logging (Service: AmazonApiGatewayV2; Status Code: 400; Error Code: BadRequestException;…)
While I was working on the serverless monorepo CI/CD deployment. This error appears when you are trying to deploy serverless application on AWS. Although, it should throw some specific missing iam permission.
 
🚫
Insufficient permissions to enable logging (Service: AmazonApiGatewayV2; Status Code: 400; Error Code: BadRequestException; Request ID: xxxxx; Proxy: null)
notion image
🔎 Root cause: You’re probably missing the following IAM permissions actions:
  • logs:CreateLogDelivery
  • logs:PutResourcePolicy
  • logs:DescribeResourcePolicies
  • logs:DescribeLogGroups
If any of these types of logs is already being sent to a log group in CloudWatch Logs, then to set up the sending of another one of these types of logs to that same log group, you only need the logs:CreateLogDelivery permission.
📘 Reference:
 
💡 Solution: Attach the permissions above inline or create a new policy including the following permisions:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AWSLogDeliveryWrite", "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogDelivery" "logs:PutResourcePolicy", "logs:DescribeResourcePolicies" "logs:DescribeLogGroups" ], "Resource": [ "*" // you can refine the resource with granular permissions ] } ] }