Configure AWS API Gateway Method Settings

The aws:apigateway/methodSettings:MethodSettings resource, part of the Pulumi AWS provider, configures CloudWatch logging, metrics, and tracing for individual API Gateway methods or entire stages. This guide focuses on three capabilities: CloudWatch logging levels, metrics collection, and request/response tracing.

Method settings apply to existing REST API stages and require an IAM role that grants API Gateway permission to write CloudWatch Logs. The examples are intentionally small. Combine them with your own REST API, Stage, and IAM configuration.

Disable CloudWatch logging for a method

High-volume endpoints or methods handling sensitive data often skip logging to reduce costs and protect information.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pathSpecific = new aws.apigateway.MethodSettings("path_specific", {
    restApi: example.id,
    stageName: exampleAwsApiGatewayStage.stageName,
    methodPath: "path1/GET",
    settings: {
        loggingLevel: "OFF",
    },
});

import pulumi
import pulumi_aws as aws

path_specific = aws.apigateway.MethodSettings("path_specific",
    rest_api=example["id"],
    stage_name=example_aws_api_gateway_stage["stageName"],
    method_path="path1/GET",
    settings={
        "logging_level": "OFF",
    })

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/apigateway"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := apigateway.NewMethodSettings(ctx, "path_specific", &apigateway.MethodSettingsArgs{
			RestApi:    pulumi.Any(example.Id),
			StageName:  pulumi.Any(exampleAwsApiGatewayStage.StageName),
			MethodPath: pulumi.String("path1/GET"),
			Settings: &apigateway.MethodSettingsSettingsArgs{
				LoggingLevel: pulumi.String("OFF"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var pathSpecific = new Aws.ApiGateway.MethodSettings("path_specific", new()
    {
        RestApi = example.Id,
        StageName = exampleAwsApiGatewayStage.StageName,
        MethodPath = "path1/GET",
        Settings = new Aws.ApiGateway.Inputs.MethodSettingsSettingsArgs
        {
            LoggingLevel = "OFF",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.apigateway.MethodSettings;
import com.pulumi.aws.apigateway.MethodSettingsArgs;
import com.pulumi.aws.apigateway.inputs.MethodSettingsSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var pathSpecific = new MethodSettings("pathSpecific", MethodSettingsArgs.builder()
            .restApi(example.id())
            .stageName(exampleAwsApiGatewayStage.stageName())
            .methodPath("path1/GET")
            .settings(MethodSettingsSettingsArgs.builder()
                .loggingLevel("OFF")
                .build())
            .build());

    }
}

resources:
  pathSpecific:
    type: aws:apigateway:MethodSettings
    name: path_specific
    properties:
      restApi: ${example.id}
      stageName: ${exampleAwsApiGatewayStage.stageName}
      methodPath: path1/GET
      settings:
        loggingLevel: OFF

The loggingLevel property controls CloudWatch log verbosity. Setting it to “OFF” disables logging entirely for the specified method. The methodPath uses the format “resource_path/http_method” to target a specific endpoint.

Log errors and collect CloudWatch metrics

Production APIs typically track errors and performance without the storage costs of full request logging.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pathSpecific = new aws.apigateway.MethodSettings("path_specific", {
    restApi: example.id,
    stageName: exampleAwsApiGatewayStage.stageName,
    methodPath: "path1/GET",
    settings: {
        loggingLevel: "ERROR",
        metricsEnabled: true,
        dataTraceEnabled: false,
    },
});

import pulumi
import pulumi_aws as aws

path_specific = aws.apigateway.MethodSettings("path_specific",
    rest_api=example["id"],
    stage_name=example_aws_api_gateway_stage["stageName"],
    method_path="path1/GET",
    settings={
        "logging_level": "ERROR",
        "metrics_enabled": True,
        "data_trace_enabled": False,
    })

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/apigateway"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := apigateway.NewMethodSettings(ctx, "path_specific", &apigateway.MethodSettingsArgs{
			RestApi:    pulumi.Any(example.Id),
			StageName:  pulumi.Any(exampleAwsApiGatewayStage.StageName),
			MethodPath: pulumi.String("path1/GET"),
			Settings: &apigateway.MethodSettingsSettingsArgs{
				LoggingLevel:     pulumi.String("ERROR"),
				MetricsEnabled:   pulumi.Bool(true),
				DataTraceEnabled: pulumi.Bool(false),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var pathSpecific = new Aws.ApiGateway.MethodSettings("path_specific", new()
    {
        RestApi = example.Id,
        StageName = exampleAwsApiGatewayStage.StageName,
        MethodPath = "path1/GET",
        Settings = new Aws.ApiGateway.Inputs.MethodSettingsSettingsArgs
        {
            LoggingLevel = "ERROR",
            MetricsEnabled = true,
            DataTraceEnabled = false,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.apigateway.MethodSettings;
import com.pulumi.aws.apigateway.MethodSettingsArgs;
import com.pulumi.aws.apigateway.inputs.MethodSettingsSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var pathSpecific = new MethodSettings("pathSpecific", MethodSettingsArgs.builder()
            .restApi(example.id())
            .stageName(exampleAwsApiGatewayStage.stageName())
            .methodPath("path1/GET")
            .settings(MethodSettingsSettingsArgs.builder()
                .loggingLevel("ERROR")
                .metricsEnabled(true)
                .dataTraceEnabled(false)
                .build())
            .build());

    }
}

resources:
  pathSpecific:
    type: aws:apigateway:MethodSettings
    name: path_specific
    properties:
      restApi: ${example.id}
      stageName: ${exampleAwsApiGatewayStage.stageName}
      methodPath: path1/GET
      settings:
        loggingLevel: ERROR
        metricsEnabled: true
        dataTraceEnabled: false

When loggingLevel is “ERROR”, API Gateway writes only failed requests to CloudWatch Logs. The metricsEnabled property activates CloudWatch metrics for latency and request counts. Setting dataTraceEnabled to false prevents logging request and response bodies, reducing storage costs while maintaining error visibility.

Enable full request and response tracing

Debugging integration issues or auditing API usage requires complete visibility into payloads.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pathSpecific = new aws.apigateway.MethodSettings("path_specific", {
    restApi: example.id,
    stageName: exampleAwsApiGatewayStage.stageName,
    methodPath: "path1/GET",
    settings: {
        loggingLevel: "INFO",
        metricsEnabled: true,
        dataTraceEnabled: true,
    },
});

import pulumi
import pulumi_aws as aws

path_specific = aws.apigateway.MethodSettings("path_specific",
    rest_api=example["id"],
    stage_name=example_aws_api_gateway_stage["stageName"],
    method_path="path1/GET",
    settings={
        "logging_level": "INFO",
        "metrics_enabled": True,
        "data_trace_enabled": True,
    })

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/apigateway"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := apigateway.NewMethodSettings(ctx, "path_specific", &apigateway.MethodSettingsArgs{
			RestApi:    pulumi.Any(example.Id),
			StageName:  pulumi.Any(exampleAwsApiGatewayStage.StageName),
			MethodPath: pulumi.String("path1/GET"),
			Settings: &apigateway.MethodSettingsSettingsArgs{
				LoggingLevel:     pulumi.String("INFO"),
				MetricsEnabled:   pulumi.Bool(true),
				DataTraceEnabled: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var pathSpecific = new Aws.ApiGateway.MethodSettings("path_specific", new()
    {
        RestApi = example.Id,
        StageName = exampleAwsApiGatewayStage.StageName,
        MethodPath = "path1/GET",
        Settings = new Aws.ApiGateway.Inputs.MethodSettingsSettingsArgs
        {
            LoggingLevel = "INFO",
            MetricsEnabled = true,
            DataTraceEnabled = true,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.apigateway.MethodSettings;
import com.pulumi.aws.apigateway.MethodSettingsArgs;
import com.pulumi.aws.apigateway.inputs.MethodSettingsSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var pathSpecific = new MethodSettings("pathSpecific", MethodSettingsArgs.builder()
            .restApi(example.id())
            .stageName(exampleAwsApiGatewayStage.stageName())
            .methodPath("path1/GET")
            .settings(MethodSettingsSettingsArgs.builder()
                .loggingLevel("INFO")
                .metricsEnabled(true)
                .dataTraceEnabled(true)
                .build())
            .build());

    }
}

resources:
  pathSpecific:
    type: aws:apigateway:MethodSettings
    name: path_specific
    properties:
      restApi: ${example.id}
      stageName: ${exampleAwsApiGatewayStage.stageName}
      methodPath: path1/GET
      settings:
        loggingLevel: INFO
        metricsEnabled: true
        dataTraceEnabled: true

Setting loggingLevel to “INFO” captures all requests, including successful ones. When dataTraceEnabled is true, API Gateway logs full request and response bodies to CloudWatch. This provides maximum observability but increases CloudWatch storage costs significantly.

Beyond these examples

These snippets focus on specific method settings features: CloudWatch logging levels, and metrics and data trace toggles. They’re intentionally minimal rather than complete API configurations.

The examples reference pre-existing infrastructure such as REST API and Stage resources, and an IAM role granting API Gateway permission to write CloudWatch Logs. They focus on configuring observability rather than provisioning the API itself.

To keep things focused, common method settings patterns are omitted, including:

  • Throttling limits (throttlingBurstLimit, throttlingRateLimit)
  • Response caching (cachingEnabled, cacheTtlInSeconds)
  • Wildcard method paths (/ for stage-wide settings)
  • Cache encryption (cacheDataEncrypted)

These omissions are intentional: the goal is to illustrate how each observability feature is wired, not provide drop-in API modules. See the API Gateway MethodSettings resource reference for all available configuration options.

Let's configure AWS API Gateway Method Settings

Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.

Try Pulumi Cloud for FREE

Frequently Asked Questions

Resource Management & Deployment
Why do my method settings require two applies after deployment?
When using aws.apigateway.Deployment with the stageName argument, stages are recreated on redeployment, requiring a second apply to recreate method settings. Use aws.apigateway.Stage instead to avoid this issue.
Method Path Configuration
What format should I use for methodPath?
Use {resource_path}/{http_method} for individual methods (e.g., path1/GET) or */* to apply settings to all methods in the stage. Trim any leading forward slashes using trimprefix.
Why is my methodPath failing validation?
Leading forward slashes in the path cause validation errors. Use trimprefix(aws_api_gateway_resource.example.path, "/") to remove them.
Logging & Monitoring
What are the available logging levels and what do they capture?

You have three options:

  1. OFF - No logging
  2. ERROR - Captures only errors
  3. INFO - Captures both errors and informational logs
How do I enable full request and response logging?
Set loggingLevel to INFO and enable dataTraceEnabled: true in the settings block. This captures complete request and response data.
What's the difference between metricsEnabled and dataTraceEnabled?
metricsEnabled enables CloudWatch metrics for the method, while dataTraceEnabled enables full request/response body logging. You can enable metrics without data tracing for less verbose monitoring.
Immutability & Updates
What properties force replacement of method settings?
The methodPath, restApi, and stageName properties are immutable. Changing any of these requires replacing the resource.

Using a different cloud?

Explore integration guides for other cloud providers:

Azure Guides GCP Guides