aws-cdk-lib.aws_apigateway.AccessLogField

class AccessLogField

LanguageType name
.NETAmazon.CDK.AWS.APIGateway.AccessLogField
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsapigateway#AccessLogField
Javasoftware.amazon.awscdk.services.apigateway.AccessLogField
Pythonaws_cdk.aws_apigateway.AccessLogField
TypeScript (source)aws-cdk-lib » aws_apigateway » AccessLogField

$context variables that can be used to customize access log pattern.

Example

 apigateway.AccessLogFormat.custom(JSON.stringify({
     requestId: apigateway.AccessLogField.contextRequestId(),
     sourceIp: apigateway.AccessLogField.contextIdentitySourceIp(),
     method: apigateway.AccessLogField.contextHttpMethod(),
     userContext: {
       sub: apigateway.AccessLogField.contextAuthorizerClaims('sub'),
       email: apigateway.AccessLogField.contextAuthorizerClaims('email')
     }
  }))

Initializer

new AccessLogField()

Methods

NameDescription
static contextAccountId()⚠️The API callers AWS account ID.
static contextApiId()The identifier API Gateway assigns to your API.
static contextAuthenticateError()The error message returned from an authentication attempt.
static contextAuthenticateLatency()The authentication latency in ms.
static contextAuthenticateStatus()The status code returned from an authentication attempt.
static contextAuthorizeError()The authorization error message.
static contextAuthorizeLatency()The authorization latency in ms.
static contextAuthorizeStatus()The status code returned from an authorization attempt.
static contextAuthorizer(property)The stringified value of the specified key-value pair of the context map returned from an API Gateway Lambda authorizer function.
static contextAuthorizerClaims(property)A property of the claims returned from the Amazon Cognito user pool after the method caller is successfully authenticated.
static contextAuthorizerError()The error message returned from an authorizer.
static contextAuthorizerIntegrationLatency()The authorizer latency in ms.
static contextAuthorizerIntegrationStatus()The status code returned from a Lambda authorizer.
static contextAuthorizerLatency()The authorizer latency in ms.
static contextAuthorizerPrincipalId()The principal user identification associated with the token sent by the client and returned from an API Gateway Lambda authorizer (formerly known as a custom authorizer).
static contextAuthorizerRequestId()The AWS endpoint's request ID.
static contextAuthorizerStatus()The status code returned from an authorizer.
static contextAwsEndpointRequestId()The AWS endpoint's request ID.
static contextCallerAccountId()The API callers AWS account ID.
static contextCustomDomainBasePathMatched()The path for an API mapping that an incoming request matched.
static contextDomainName()The full domain name used to invoke the API.
static contextDomainPrefix()The first label of the $context.domainName. This is often used as a caller/customer identifier.
static contextErrorMessage()A string containing an API Gateway error message.
static contextErrorMessageString()The quoted value of $context.error.message, namely "$context.error.message".
static contextErrorResponseType()A type of GatewayResponse.
static contextErrorValidationErrorString()A string containing a detailed validation error message.
static contextExtendedRequestId()The extended ID that API Gateway assigns to the API request, which contains more useful information for debugging/troubleshooting.
static contextHttpMethod()The HTTP method used.
static contextIdentityAccountId()The AWS account ID associated with the request.
static contextIdentityApiKey()For API methods that require an API key, this variable is the API key associated with the method request.
static contextIdentityApiKeyId()The API key ID associated with an API request that requires an API key.
static contextIdentityCaller()The principal identifier of the caller making the request.
static contextIdentityClientCertIssunerDN()The distinguished name of the issuer of the certificate that a client presents.
static contextIdentityClientCertPem()The PEM-encoded client certificate that the client presented during mutual TLS authentication.
static contextIdentityClientCertSerialNumber()The serial number of the certificate.
static contextIdentityClientCertSubjectDN()The distinguished name of the subject of the certificate that a client presents.
static contextIdentityClientCertValidityNotAfter()The date after which the certificate is invalid.
static contextIdentityClientCertValidityNotBefore()The date before which the certificate is invalid.
static contextIdentityCognitoAuthenticationProvider()The Amazon Cognito authentication provider used by the caller making the request.
static contextIdentityCognitoAuthenticationType()The Amazon Cognito authentication type of the caller making the request.
static contextIdentityCognitoIdentityId()The Amazon Cognito identity ID of the caller making the request.
static contextIdentityCognitoIdentityPoolId()The Amazon Cognito identity pool ID of the caller making the request.
static contextIdentityPrincipalOrgId()The AWS organization ID.
static contextIdentitySourceIp()The source IP address of the TCP connection making the request to API Gateway.
static contextIdentityUser()The principal identifier of the user making the request.
static contextIdentityUserAgent()The User-Agent header of the API caller.
static contextIdentityUserArn()The Amazon Resource Name (ARN) of the effective user identified after authentication.
static contextIntegrationErrorMessage()A string that contains an integration error message.
static contextIntegrationLatency()The integration latency in ms.
static contextIntegrationStatus()For Lambda proxy integration, this parameter represents the status code returned from AWS Lambda, not from the backend Lambda function.
static contextOwnerAccountId()The API owner's AWS account ID.
static contextPath()The request path.
static contextProtocol()The request protocol, for example, HTTP/1.1.
static contextRequestId()The ID that API Gateway assigns to the API request.
static contextRequestOverrideHeader(headerName)The request header override.
static contextRequestOverridePath(pathName)The request path override.
static contextRequestOverrideQuerystring(querystringName)The request query string override.
static contextRequestTime()The CLF-formatted request time (dd/MMM/yyyy:HH:mm:ss +-hhmm).
static contextRequestTimeEpoch()The Epoch-formatted request time.
static contextResourceId()The identifier that API Gateway assigns to your resource.
static contextResourcePath()The path to your resource.
static contextResponseLatency()The response latency in ms.
static contextResponseLength()The response payload length.
static contextResponseOverrideHeader(headerName)The response header override.
static contextResponseOverrideStatus()The response status code override.
static contextStage()The deployment stage of the API request (for example, Beta or Prod).
static contextStatus()The method response status.
static contextWafError()The error message returned from AWS WAF.
static contextWafLatency()The AWS WAF latency in ms.
static contextWafResponseCode()The response received from AWS WAF: WAF_ALLOW or WAF_BLOCK.
static contextWafStatus()The status code returned from AWS WAF.
static contextWebaclArn()The complete ARN of the web ACL that is used to decide whether to allow or block the request.
static contextXrayTraceId()The trace ID for the X-Ray trace.

static contextAccountId()⚠️

public static contextAccountId(): string

⚠️ Deprecated: Use contextCallerAccountId or contextOwnerAccountId instead

Returns

  • string

The API callers AWS account ID.


static contextApiId()

public static contextApiId(): string

Returns

  • string

The identifier API Gateway assigns to your API.


static contextAuthenticateError()

public static contextAuthenticateError(): string

Returns

  • string

The error message returned from an authentication attempt.


static contextAuthenticateLatency()

public static contextAuthenticateLatency(): string

Returns

  • string

The authentication latency in ms.


static contextAuthenticateStatus()

public static contextAuthenticateStatus(): string

Returns

  • string

The status code returned from an authentication attempt.


static contextAuthorizeError()

public static contextAuthorizeError(): string

Returns

  • string

The authorization error message.


static contextAuthorizeLatency()

public static contextAuthorizeLatency(): string

Returns

  • string

The authorization latency in ms.


static contextAuthorizeStatus()

public static contextAuthorizeStatus(): string

Returns

  • string

The status code returned from an authorization attempt.


static contextAuthorizer(property)

public static contextAuthorizer(property: string): string

Parameters

  • property string — key of the context map.

Returns

  • string

The stringified value of the specified key-value pair of the context map returned from an API Gateway Lambda authorizer function.

See also: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html


static contextAuthorizerClaims(property)

public static contextAuthorizerClaims(property: string): string

Parameters

  • property string — A property key of the claims.

Returns

  • string

A property of the claims returned from the Amazon Cognito user pool after the method caller is successfully authenticated.

See also: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html


static contextAuthorizerError()

public static contextAuthorizerError(): string

Returns

  • string

The error message returned from an authorizer.


static contextAuthorizerIntegrationLatency()

public static contextAuthorizerIntegrationLatency(): string

Returns

  • string

The authorizer latency in ms.


static contextAuthorizerIntegrationStatus()

public static contextAuthorizerIntegrationStatus(): string

Returns

  • string

The status code returned from a Lambda authorizer.


static contextAuthorizerLatency()

public static contextAuthorizerLatency(): string

Returns

  • string

The authorizer latency in ms.


static contextAuthorizerPrincipalId()

public static contextAuthorizerPrincipalId(): string

Returns

  • string

The principal user identification associated with the token sent by the client and returned from an API Gateway Lambda authorizer (formerly known as a custom authorizer).

See also: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html


static contextAuthorizerRequestId()

public static contextAuthorizerRequestId(): string

Returns

  • string

The AWS endpoint's request ID.


static contextAuthorizerStatus()

public static contextAuthorizerStatus(): string

Returns

  • string

The status code returned from an authorizer.


static contextAwsEndpointRequestId()

public static contextAwsEndpointRequestId(): string

Returns

  • string

The AWS endpoint's request ID.


static contextCallerAccountId()

public static contextCallerAccountId(): string

Returns

  • string

The API callers AWS account ID.


static contextCustomDomainBasePathMatched()

public static contextCustomDomainBasePathMatched(): string

Returns

  • string

The path for an API mapping that an incoming request matched.

Applicable when a client uses a custom domain name to access an API. For example if a client sends a request to https://api.example.com/v1/orders/1234, and the request matches the API mapping with the path v1/orders, the value is v1/orders.

See also: https://docs.aws.amazon.com/en_jp/apigateway/latest/developerguide/rest-api-mappings.html


static contextDomainName()

public static contextDomainName(): string

Returns

  • string

The full domain name used to invoke the API.

This should be the same as the incoming Host header.


static contextDomainPrefix()

public static contextDomainPrefix(): string

Returns

  • string

The first label of the $context.domainName. This is often used as a caller/customer identifier.


static contextErrorMessage()

public static contextErrorMessage(): string

Returns

  • string

A string containing an API Gateway error message.


static contextErrorMessageString()

public static contextErrorMessageString(): string

Returns

  • string

The quoted value of $context.error.message, namely "$context.error.message".


static contextErrorResponseType()

public static contextErrorResponseType(): string

Returns

  • string

A type of GatewayResponse.

This variable can only be used for simple variable substitution in a GatewayResponse body-mapping template, which is not processed by the Velocity Template Language engine, and in access logging.

See also: https://docs.aws.amazon.com/apigateway/latest/developerguide/customize-gateway-responses.html


static contextErrorValidationErrorString()

public static contextErrorValidationErrorString(): string

Returns

  • string

A string containing a detailed validation error message.


static contextExtendedRequestId()

public static contextExtendedRequestId(): string

Returns

  • string

The extended ID that API Gateway assigns to the API request, which contains more useful information for debugging/troubleshooting.


static contextHttpMethod()

public static contextHttpMethod(): string

Returns

  • string

The HTTP method used.

Valid values include: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.


static contextIdentityAccountId()

public static contextIdentityAccountId(): string

Returns

  • string

The AWS account ID associated with the request.


static contextIdentityApiKey()

public static contextIdentityApiKey(): string

Returns

  • string

For API methods that require an API key, this variable is the API key associated with the method request.

For methods that don't require an API key, this variable is

See also: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html


static contextIdentityApiKeyId()

public static contextIdentityApiKeyId(): string

Returns

  • string

The API key ID associated with an API request that requires an API key.


static contextIdentityCaller()

public static contextIdentityCaller(): string

Returns

  • string

The principal identifier of the caller making the request.


static contextIdentityClientCertIssunerDN()

public static contextIdentityClientCertIssunerDN(): string

Returns

  • string

The distinguished name of the issuer of the certificate that a client presents.

Present when a client accesses an API by using a custom domain name that has mutual TLS enabled. Present only in access logs if mutual TLS authentication fails.


static contextIdentityClientCertPem()

public static contextIdentityClientCertPem(): string

Returns

  • string

The PEM-encoded client certificate that the client presented during mutual TLS authentication.

Present when a client accesses an API by using a custom domain name that has mutual TLS enabled. Present only in access logs if mutual TLS authentication fails.


static contextIdentityClientCertSerialNumber()

public static contextIdentityClientCertSerialNumber(): string

Returns

  • string

The serial number of the certificate.

Present when a client accesses an API by using a custom domain name that has mutual TLS enabled. Present only in access logs if mutual TLS authentication fails.


static contextIdentityClientCertSubjectDN()

public static contextIdentityClientCertSubjectDN(): string

Returns

  • string

The distinguished name of the subject of the certificate that a client presents.

Present when a client accesses an API by using a custom domain name that has mutual TLS enabled. Present only in access logs if mutual TLS authentication fails.


static contextIdentityClientCertValidityNotAfter()

public static contextIdentityClientCertValidityNotAfter(): string

Returns

  • string

The date after which the certificate is invalid.

Present when a client accesses an API by using a custom domain name that has mutual TLS enabled. Present only in access logs if mutual TLS authentication fails.


static contextIdentityClientCertValidityNotBefore()

public static contextIdentityClientCertValidityNotBefore(): string

Returns

  • string

The date before which the certificate is invalid.

Present when a client accesses an API by using a custom domain name that has mutual TLS enabled. Present only in access logs if mutual TLS authentication fails.


static contextIdentityCognitoAuthenticationProvider()

public static contextIdentityCognitoAuthenticationProvider(): string

Returns

  • string

The Amazon Cognito authentication provider used by the caller making the request.

Available only if the request was signed with Amazon Cognito credentials.

See also: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html


static contextIdentityCognitoAuthenticationType()

public static contextIdentityCognitoAuthenticationType(): string

Returns

  • string

The Amazon Cognito authentication type of the caller making the request.

Available only if the request was signed with Amazon Cognito credentials.


static contextIdentityCognitoIdentityId()

public static contextIdentityCognitoIdentityId(): string

Returns

  • string

The Amazon Cognito identity ID of the caller making the request.

Available only if the request was signed with Amazon Cognito credentials.


static contextIdentityCognitoIdentityPoolId()

public static contextIdentityCognitoIdentityPoolId(): string

Returns

  • string

The Amazon Cognito identity pool ID of the caller making the request.

Available only if the request was signed with Amazon Cognito credentials.


static contextIdentityPrincipalOrgId()

public static contextIdentityPrincipalOrgId(): string

Returns

  • string

The AWS organization ID.


static contextIdentitySourceIp()

public static contextIdentitySourceIp(): string

Returns

  • string

The source IP address of the TCP connection making the request to API Gateway.

Warning: You should not trust this value if there is any chance that the X-Forwarded-For header could be forged.


static contextIdentityUser()

public static contextIdentityUser(): string

Returns

  • string

The principal identifier of the user making the request.

Used in Lambda authorizers.

See also: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html


static contextIdentityUserAgent()

public static contextIdentityUserAgent(): string

Returns

  • string

The User-Agent header of the API caller.


static contextIdentityUserArn()

public static contextIdentityUserArn(): string

Returns

  • string

The Amazon Resource Name (ARN) of the effective user identified after authentication.

See also: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html


static contextIntegrationErrorMessage()

public static contextIntegrationErrorMessage(): string

Returns

  • string

A string that contains an integration error message.


static contextIntegrationLatency()

public static contextIntegrationLatency(): string

Returns

  • string

The integration latency in ms.


static contextIntegrationStatus()

public static contextIntegrationStatus(): string

Returns

  • string

For Lambda proxy integration, this parameter represents the status code returned from AWS Lambda, not from the backend Lambda function.


static contextOwnerAccountId()

public static contextOwnerAccountId(): string

Returns

  • string

The API owner's AWS account ID.


static contextPath()

public static contextPath(): string

Returns

  • string

The request path.

For example, for a non-proxy request URL of https://{rest-api-id.execute-api.{region}.amazonaws.com/{stage}/root/child, this value is /{stage}/root/child.


static contextProtocol()

public static contextProtocol(): string

Returns

  • string

The request protocol, for example, HTTP/1.1.


static contextRequestId()

public static contextRequestId(): string

Returns

  • string

The ID that API Gateway assigns to the API request.


static contextRequestOverrideHeader(headerName)

public static contextRequestOverrideHeader(headerName: string): string

Parameters

  • headerName string

Returns

  • string

The request header override.

If this parameter is defined, it contains the headers to be used instead of the HTTP Headers that are defined in the Integration Request pane.

See also: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-override-request-response-parameters.html


static contextRequestOverridePath(pathName)

public static contextRequestOverridePath(pathName: string): string

Parameters

  • pathName string

Returns

  • string

The request path override.

If this parameter is defined, it contains the request path to be used instead of the URL Path Parameters that are defined in the Integration Request pane.

See also: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-override-request-response-parameters.html


static contextRequestOverrideQuerystring(querystringName)

public static contextRequestOverrideQuerystring(querystringName: string): string

Parameters

  • querystringName string

Returns

  • string

The request query string override.

If this parameter is defined, it contains the request query strings to be used instead of the URL Query String Parameters that are defined in the Integration Request pane.


static contextRequestTime()

public static contextRequestTime(): string

Returns

  • string

The CLF-formatted request time (dd/MMM/yyyy:HH:mm:ss +-hhmm).


static contextRequestTimeEpoch()

public static contextRequestTimeEpoch(): string

Returns

  • string

The Epoch-formatted request time.


static contextResourceId()

public static contextResourceId(): string

Returns

  • string

The identifier that API Gateway assigns to your resource.


static contextResourcePath()

public static contextResourcePath(): string

Returns

  • string

The path to your resource.

For example, for the non-proxy request URI of https://{rest-api-id.execute-api.{region}.amazonaws.com/{stage}/root/child, The $context.resourcePath value is /root/child.

See also: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-step-by-step.html


static contextResponseLatency()

public static contextResponseLatency(): string

Returns

  • string

The response latency in ms.


static contextResponseLength()

public static contextResponseLength(): string

Returns

  • string

The response payload length.


static contextResponseOverrideHeader(headerName)

public static contextResponseOverrideHeader(headerName: string): string

Parameters

  • headerName string

Returns

  • string

The response header override.

If this parameter is defined, it contains the header to be returned instead of the Response header that is defined as the Default mapping in the Integration Response pane.

See also: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-override-request-response-parameters.html


static contextResponseOverrideStatus()

public static contextResponseOverrideStatus(): string

Returns

  • string

The response status code override.

If this parameter is defined, it contains the status code to be returned instead of the Method response status that is defined as the Default mapping in the Integration Response pane.

See also: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-override-request-response-parameters.html


static contextStage()

public static contextStage(): string

Returns

  • string

The deployment stage of the API request (for example, Beta or Prod).


static contextStatus()

public static contextStatus(): string

Returns

  • string

The method response status.


static contextWafError()

public static contextWafError(): string

Returns

  • string

The error message returned from AWS WAF.


static contextWafLatency()

public static contextWafLatency(): string

Returns

  • string

The AWS WAF latency in ms.


static contextWafResponseCode()

public static contextWafResponseCode(): string

Returns

  • string

The response received from AWS WAF: WAF_ALLOW or WAF_BLOCK.

Will not be set if the stage is not associated with a web ACL.

See also: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html


static contextWafStatus()

public static contextWafStatus(): string

Returns

  • string

The status code returned from AWS WAF.


static contextWebaclArn()

public static contextWebaclArn(): string

Returns

  • string

The complete ARN of the web ACL that is used to decide whether to allow or block the request.

Will not be set if the stage is not associated with a web ACL.

See also: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html


static contextXrayTraceId()

public static contextXrayTraceId(): string

Returns

  • string

The trace ID for the X-Ray trace.

See also: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enabling-xray.html