CODEWITHSUNDEEP
amazon-web-servicesapiaws-api-gatewayamazon-cloudwatch
Bala krishna
Bala krishna

Reputation: 639

Trace which IAM user made the AWS API gateway request

I have created an AWS API GATEWAY and added lambda function as endpoint to API Gateway.

I have enabled IAM Authentication , If they need to make request to this API Gateway.

I have enabled API GATEWAY to push all logs to cloudwatch.

If any user needs to make a request to API Gateway they have to provide their IAM access id and secret key in Postman .

All these invocation logs are pushed to cloudwatch but I am not able to find which user is making the API request .

I couldn't find any parameter to check this details, can any one help me in how to find which IAM user made the request to API gateway

Upvotes: 1

Views: 1329

Answers (2)

Marcin
Marcin

Reputation: 238189

It seems that you haven't enabled Custom Access Logging in your stage:

enter image description here

Because, depending on the Log Format specified, you can log the IAM users as well.

Example output from my trial:

{
{
    "requestId": "1f51a513-250f-4849-936f-c9e1ced767ab",
    "ip": "xxx.xxx.xxx.xxx",
    "caller": "AIDA3VGCKVNJRL7CJ4OCF",
    "user": "arn:aws:iam::xxxxxxx:user/<user-name-who-made-request>",
    "requestTime": "14/Aug/2020:08:01:36 +0000",
    "httpMethod": "GET",
    "resourcePath": "/",
    "status": "200",
    "protocol": "HTTP/1.1",
    "responseLength": "1310"
}
}

Upvotes: 1

Chuong Nguyen
Chuong Nguyen

Reputation: 1162

In my opinion, the Cloudwatch Logs or Cloudtrail don't provide the username and password or keys of the source, just the source IP.

You can look carefully in the body of your logs to see that if they are included in the body.

If you want to trace the keys, I think that you should define the logs from the output of your Lambda to include the information you need.

Upvotes: 0

Related Questions