ARN role for API Gateway to enable logs error

I was having this issue today as I was trying to set up a user that I had given those permissions to. Resolved it by going through the "create role" wizard and selecting the API Gateway service which created an IAM arn with the correct permissions.

Select your use case
API Gateway
Allows API Gateway to push logs to CloudWatch Logs.

After much frustration, I followed Alex' advice then gave up for a while.

Eventually, the IAM "stuff" propagated and the "enable logs" requests completely successfully.


For me the following AWS configuration fixed this issue.

Edited the "Trust Relationship" in the Role with the following configuration:

{
 "Version": "2012-10-17",
 "Statement": [
 {
    "Effect": "Allow",
    "Principal": {
    "Service": ["apigateway.amazonaws.com","lambda.amazonaws.com"]
    },
    "Action": "sts:AssumeRole"
  }
 ]
}

Edited the policies with the following:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

Here is a more detailed description for the policy configuration: policy description