AWS::ApiGateway::Account
The AWS::ApiGateway::Account
resource specifies the IAM role that Amazon API Gateway uses to write API logs to
Amazon CloudWatch Logs.
If an API Gateway resource has never been created in your AWS account, you must add a dependency on another API Gateway resource, such as an AWS::ApiGateway::RestApi or AWS::ApiGateway::ApiKey resource.
If an API Gateway resource has been created in your AWS account, no dependency is required (even if the resource was deleted).
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::ApiGateway::Account", "Properties" : { "CloudWatchRoleArn" :
String
} }
YAML
Type: AWS::ApiGateway::Account Properties: CloudWatchRoleArn:
String
Properties
CloudWatchRoleArn
-
The Amazon Resource Name (ARN) of an IAM role that has write access to CloudWatch Logs in your account.
Required: No
Type: String
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the ID of the resource, such as mysta-accou-01234b567890example
.
For more information about using the Ref
function, see Ref.
Examples
Associate account with IAM role
The following example creates an IAM role that API Gateway can assume to push logs
to CloudWatch Logs. The example associates the role with the AWS::ApiGateway::Account resource
.
JSON
{ "CloudWatchRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "apigateway.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Path": "/", "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs" ] } }, "Account": { "Type": "AWS::ApiGateway::Account", "Properties": { "CloudWatchRoleArn": { "Fn::GetAtt": [ "CloudWatchRole", "Arn" ] } } } }
YAML
CloudWatchRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - apigateway.amazonaws.com Action: 'sts:AssumeRole' Path: / ManagedPolicyArns: - >- arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs Account: Type: 'AWS::ApiGateway::Account' Properties: CloudWatchRoleArn: !GetAtt - CloudWatchRole - Arn
See also
-
account:update in the Amazon API Gateway REST API Reference