# help

Gabriel Araújo

12/17/2021, 11:06 PM
trying to create a websocket api..
Copy code
ApiEndpoint: <>

Stack gabiras-coffee-menu-websocket
  Status: failed
  Error: CloudWatch Logs role ARN must be set in account settings to enable logging (Service: AmazonApiGatewayV2; Status Code: 400; Error Code: BadRequestException; Request ID: cacfd1a9-235b-41e8-a17c-3dc8eeaf7845; Proxy: null)
  Helper: This is a common error when configuring Access Log for WebSocket APIs. The AWS API Gateway service in your AWS account does not have permissions to the CloudWatch logs service. Follow this article to create an IAM role for logging to CloudWatch - <>
odd.. i had to manually create a role to allow write to cloud watch and setup in api gateway via console..

Matt Morgan

12/18/2021, 1:19 AM


12/18/2021, 12:53 PM
@Gabriel Araújo yeah, unfortunately you’d have to create the role manually for now
@Matt Morgan, hey just read ur blog post. I’m thinking we can create a custom resources. On create, it will create the APIG role if the role does not exist. And on remove, it does NOT remove the role. What do you think?

Matt Morgan

12/18/2021, 3:38 PM
Or maybe expose an option or retention rule? This is a very weird interaction in APIGW where removal of stack A can break stack B in an unexpected way, but I guess you read about that.