Skip to main content
Sumo Logic

AWS Observabilty API Gateway

AWS Observabilty API Gateway
The AWS API Gateway ULM app provides insights into API calls, including traffic management, CORS support, authorization and access control, throttling, monitoring, and API version management.

Amazon API Gateway service allows you to create RESTful APIs and WebSocket APIs for real-time two-way communication applications in containerized and serverless environments, as well as web applications.

The Sumo Logic AWS API Gateway  ULM app provides insights into API Gateway tasks while accepting and processing concurrent API calls throughout your infrastructure, including traffic management, CORS support, authorization and access control, throttling, monitoring, and API version management.

Log and Metric Types 

The AWS API Gateway ULM app uses the following logs and metrics:

Sample CloudTrail Log Message

{"eventVersion":"1.05","userIdentity":{"type":"IAMUser","principalId":"A12445W32RZN24HABCD12",
"arn":"arn:aws:iam::123408221234:user/bob","accountId":"123408221234","accessKeyId":
"ASIAZ123456Y3IMWK7X5","userName":"bob","sessionContext":{"sessionIssuer":{},"webIdFederationData":
{},"attributes":{"mfaAuthenticated":"true","creationDate":"2020-02-17T08:08:01Z"}},"invokedBy":
"signin.amazonaws.com"},"eventTime":"2020-02-17T08:08:01Z","eventSource":"apigateway.amazonaws.com",
"eventName":"GetRestApi","awsRegion":"us-east-1","sourceIPAddress":"149.236.17.11","userAgent":
"signin.amazonaws.com","requestParameters":{"restApiId":"w1234nsgjxf","template":false},
"responseElements":null,"requestID":"1234169e-e70a-44a1-a691-3cd3f857092a","eventID":
"051572b0-83ef-49a3-82f6-bbef1ac8c488","readOnly":true,"eventType":"AwsApiCall","recipientAccountId":
"123408221234"}

Query sample (Metric based)

Average Latency by API Name

_sourceCategory=Labs/AWS/APIGateway/Metric Namespace=aws/apigateway metric=Latency statistic=Average 
account=* region=* entity=* | avg by region, entity

Query sample (CloudTrail Log based)

_sourceCategory=Labs/AWS/CloudTrail/APIGateway "apigateway.amazonaws.com" Namespace={{namespace}}
| json "awsRegion", "eventSource", "eventName" nodrop
| json "requestParameters.basePath" as basePath nodrop
| json "requestParameters.domainName" as domainName nodrop
| json "responseElements.name" as ApiName nodrop // CreateRestApi, ImportRestApi, UpdateRestApi provides ApiName
| json "recipientAccountId" as accountId2 nodrop | json "userIdentity.accountId" as accountId1 nodrop
| if (!isEmpty(accountId1), accountId1, accountId2) as accountId
| where eventSource = "apigateway.amazonaws.com"
| where account matches "{{account}}" and awsRegion matches "{{region}}" and Namespace matches "{{namespace}}"
| count by eventName
| sort by _count, eventName asc