What should the developer do to meet these requirements?
Enable API Gateway execution logging. Delete old logs using API Gateway retention settings.
Enable API Gateway access logs. Use Amazon CloudWatch retention settings to delete old logs.
Enable detailed Amazon CloudWatch metrics. Delete old logs with a recurring AWS Lambda function.
Create and use API Gateway usage plans. Delete old logs with a recurring AWS Lambda function.
Explanations:
API Gateway execution logging provides information about the execution details but does not log who accesses the API or how. Additionally, API Gateway does not have retention settings for logs, so this option does not fulfill the requirement of controlling log retention.
Enabling API Gateway access logs allows tracking who is accessing the API and the details of each request. CloudWatch retention settings allow control over how long the logs are stored, fulfilling both the logging and retention requirements.
Detailed CloudWatch metrics provide information about API performance, not about who and how each caller accesses the API. CloudWatch metrics are not suitable for logging access details, and using a Lambda function to delete logs is unnecessary for this use case.
API Gateway usage plans are used to track API usage by different clients, but they do not log detailed access information. A Lambda function would not be needed to delete logs, and usage plans do not directly address the logging and retention needs as specified in the question.
I arrange that the answer is:
Enable API Gateway access logs. Use Amazon CloudWatch retention settings to delete old logs.