Troubleshooting a Terraform Apply failing due to a CloudWatch Logs role ARN must be set error

2024-07-26 2 min read Troubleshooting Barny Baron

Journey: 📊 Community Builder 📊

Subject matter: 💡 Troubleshooting 💡

Task: Troubleshooting a Terraform Apply failing due to a CloudWatch Logs role ARN must be set error

While working on a build to deploy a REST API using API Gateway linked here, the Terraform apply failed mid-way through. The code base for this project is probably the largest I have worked with so far, with hundreds of lines of config to work through.

Troubleshooting

Problem observed:

When running the Terraform Apply, I encountered this error:

“CloudWatch Logs role ARN must be set in account settings to enable logging”

Investigations:

After some investigations online, I decided a quick way to fix the issue was to do it manually using the fix listed here.

This was great and would have worked, but as I could not resume my Terraform state I had to destroy the environment again before I could recreate it.

This gave me a problem as I was then destroying the environment that had my manual fix within.

The only way to get this working was to add to the Terraform config.

I performed some further troubleshooting and managed to find a way forward!

Fix required:

This is the code I needed to add:

Code addition

When I attempt to paste the code into this page it does not format correctly unfortunately, however you can copy the code from here.

But where to introduce it!?

I then needed to locate where to add the new code to.

After checking back at the error seen in the Terraform apply stage, I realised it was deep in the api_gateway.tf file… around line 360!

I updated my templates as follows:

Template update area:

Template update area

Terraform creation success:

Terraform success

If this post helps just one other person, it has served its purpose well!

Cloud