diff --git a/terraform/endpoints.tf b/terraform/endpoints.tf
index ee3672a23..7ab6b06ec 100644
--- a/terraform/endpoints.tf
+++ b/terraform/endpoints.tf
@@ -115,6 +115,9 @@ module "api_gateway" {
   environment     = var.environment
   sub_environment = var.sub_environment
   oas             = local.oas
+  aws_region      = var.aws_region
+  immunisation_account_id = var.immunisation_account_id
+  csoc_account_id = var.csoc_account_id
 }
 
 resource "aws_lambda_permission" "api_gw" {
diff --git a/terraform/environments/dev/int/variables.tfvars b/terraform/environments/dev/int/variables.tfvars
index c5ab8f5bc..fc434a3f7 100644
--- a/terraform/environments/dev/int/variables.tfvars
+++ b/terraform/environments/dev/int/variables.tfvars
@@ -1,6 +1,7 @@
 environment                       = "dev"
 immunisation_account_id           = "345594581768"
 dspp_core_account_id              = "603871901111"
+csoc_account_id                   = "693466633220"
 pds_environment                   = "int"
 batch_error_notifications_enabled = true
 pds_check_enabled                 = false
diff --git a/terraform/environments/dev/internal-dev/variables.tfvars b/terraform/environments/dev/internal-dev/variables.tfvars
index 0b8cf5f26..99e38942e 100644
--- a/terraform/environments/dev/internal-dev/variables.tfvars
+++ b/terraform/environments/dev/internal-dev/variables.tfvars
@@ -1,6 +1,7 @@
 environment                       = "dev"
 immunisation_account_id           = "345594581768"
 dspp_core_account_id              = "603871901111"
+csoc_account_id                   = "693466633220"
 pds_environment                   = "int"
 batch_error_notifications_enabled = true
 pds_check_enabled                 = true
diff --git a/terraform/environments/dev/pr/variables.tfvars b/terraform/environments/dev/pr/variables.tfvars
index 5726c8c18..238d2c6e3 100644
--- a/terraform/environments/dev/pr/variables.tfvars
+++ b/terraform/environments/dev/pr/variables.tfvars
@@ -1,6 +1,7 @@
 environment                       = "dev"
 immunisation_account_id           = "345594581768"
 dspp_core_account_id              = "603871901111"
+csoc_account_id                   = "693466633220"
 pds_environment                   = "int"
 batch_error_notifications_enabled = false
 pds_check_enabled                 = true
diff --git a/terraform/environments/dev/ref/variables.tfvars b/terraform/environments/dev/ref/variables.tfvars
index d0651c62c..3f56b331b 100644
--- a/terraform/environments/dev/ref/variables.tfvars
+++ b/terraform/environments/dev/ref/variables.tfvars
@@ -1,6 +1,7 @@
 environment                       = "dev"
 immunisation_account_id           = "345594581768"
 dspp_core_account_id              = "603871901111"
+csoc_account_id                   = "693466633220"
 pds_environment                   = "ref"
 batch_error_notifications_enabled = true
 pds_check_enabled                 = true
diff --git a/terraform/modules/api_gateway/api.tf b/terraform/modules/api_gateway/api.tf
index b151577b0..cc73e906a 100644
--- a/terraform/modules/api_gateway/api.tf
+++ b/terraform/modules/api_gateway/api.tf
@@ -21,7 +21,7 @@ resource "aws_apigatewayv2_stage" "default" {
   }
   access_log_settings {
     destination_arn = aws_cloudwatch_log_group.api_access_log.arn
-    format          = "{ \"requestId\":\"$context.requestId\", \"extendedRequestId\":\"$context.extendedRequestId\", \"ip\": \"$context.identity.sourceIp\", \"caller\":\"$context.identity.caller\", \"user\":\"$context.identity.user\", \"requestTime\":\"$context.requestTime\", \"httpMethod\":\"$context.httpMethod\", \"resourcePath\":\"$context.resourcePath\", \"status\":\"$context.status\", \"protocol\":\"$context.protocol\",  \"responseLength\":\"$context.responseLength\", \"authorizerError\":\"$context.authorizer.error\", \"authorizerStatus\":\"$context.authorizer.status\", \"requestIsValid\":\"$context.authorizer.is_valid\"\"environment\":\"$context.authorizer.environment\" }"
+    format          = "{ \"requestId\":\"$context.requestId\", \"extendedRequestId\":\"$context.extendedRequestId\", \"ip\":\"$context.identity.sourceIp\", \"caller\":\"$context.identity.caller\", \"user\":\"$context.identity.user\", \"requestTime\":\"$context.requestTime\", \"httpMethod\":\"$context.httpMethod\", \"resourcePath\":\"$context.resourcePath\", \"status\":\"$context.status\", \"protocol\":\"$context.protocol\", \"responseLength\":\"$context.responseLength\", \"accountId\":\"$context.accountId\", \"apiId\":\"$context.apiId\", \"stage\":\"$context.stage\", \"authorizerError\":\"$context.authorizer.error\", \"authorizerStatus\":\"$context.authorizer.status\", \"requestIsValid\":\"$context.authorizer.is_valid\", \"environment\":\"$context.authorizer.environment\" }"
   }
 
   # Bug in terraform-aws-provider with perpetual diff
diff --git a/terraform/modules/api_gateway/logs.tf b/terraform/modules/api_gateway/logs.tf
index 719a55712..2962186ca 100644
--- a/terraform/modules/api_gateway/logs.tf
+++ b/terraform/modules/api_gateway/logs.tf
@@ -53,3 +53,56 @@ resource "aws_iam_role_policy" "cloudwatch" {
 }
 EOF
 }
+
+resource "aws_iam_role_policy_attachment" "api_logs_apigateway_policy" {
+  role       = aws_iam_role.api_cloudwatch.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"
+}
+
+resource "aws_iam_policy" "api_logs_subscription_policy" {
+  name = "${var.short_prefix}-api-logs-subscription-policy"
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Sid = "AllowPutAPIGSubFilter"
+        Effect = "Allow"
+        Action = [
+          "logs:PutSubscriptionFilter"
+        ]
+        Resource = [
+          "arn:aws:logs:${var.aws_region}:${var.immunisation_account_id}:log-group:/aws/vendedlogs/${aws_apigatewayv2_api.service_api.id}/${var.sub_environment}:*",
+          "arn:aws:logs:${var.aws_region}:${var.csoc_account_id}:destination:api_gateway_log_destination"
+        ]
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "api_logs_subscription_policy" {
+  role       = aws_iam_role.api_cloudwatch.name
+  policy_arn = aws_iam_policy.api_logs_subscription_policy.arn
+}
+
+resource "aws_iam_role" "api_logs_subscription_role" {
+  name = "${var.short_prefix}-api-logs-subscription-role"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [{
+      Effect = "Allow",
+      Sid    = "",
+      Principal = {
+        Service = "logs.${var.aws_region}.amazonaws.com"
+      },
+      Action = "sts:AssumeRole"
+    }]
+  })
+}
+
+resource "aws_cloudwatch_log_subscription_filter" "api_logs_subscription_logfilter" {
+  name            = "${var.short_prefix}-api-logs-subscription-logfilter"
+  log_group_name  = aws_cloudwatch_log_group.api_access_log.name
+  filter_pattern  = ""
+  destination_arn = "arn:aws:logs:${var.aws_region}:${var.csoc_account_id}:destination:api_gateway_log_destination"
+  role_arn        = aws_iam_role.api_logs_subscription_role.arn
+}
diff --git a/terraform/modules/api_gateway/variables.tf b/terraform/modules/api_gateway/variables.tf
index 1e37689e0..2b39907df 100644
--- a/terraform/modules/api_gateway/variables.tf
+++ b/terraform/modules/api_gateway/variables.tf
@@ -5,3 +5,6 @@ variable "api_domain_name" {}
 variable "environment" {}
 variable "sub_environment" {}
 variable "oas" {}
+variable "aws_region" {}
+variable "immunisation_account_id" {}
+variable "csoc_account_id" {}
diff --git a/terraform/variables.tf b/terraform/variables.tf
index cf14c0da8..ebad5994c 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -6,6 +6,7 @@ variable "sub_environment" {
 
 variable "immunisation_account_id" {}
 variable "dspp_core_account_id" {}
+variable "csoc_account_id" {}
 
 variable "create_mesh_processor" {
   default = false