Sign In to the Console
AWS CloudFormation
User Guide (Version )

AWS Documentation » AWS CloudFormation » User Guide » Amazon API Gateway Resource Type Reference » AWS::ApiGateway::Account

AWS::ApiGateway::Account

The AWS::ApiGateway::Account resource specifies the IAM role that Amazon API Gateway uses to write API logs to Amazon CloudWatch Logs.

Important

If an API Gateway resource has never been created in your AWS account, you must add a dependency on another API Gateway resource, such as an AWS::ApiGateway::RestApi or AWS::ApiGateway::ApiKey resource.

If an API Gateway resource has been created in your AWS account, no dependency is required (even if the resource was deleted).

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::ApiGateway::Account",
  "Properties" : {
      "CloudWatchRoleArn" : String
    }
}

YAML

Type: AWS::ApiGateway::Account
Properties: 
  CloudWatchRoleArn: String

Properties

CloudWatchRoleArn

The Amazon Resource Name (ARN) of an IAM role that has write access to CloudWatch Logs in your account.

Required: No

Type: String

Update requires: No interruption

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the resource, such as mysta-accou-01234b567890example.

For more information about using the Ref function, see Ref.

Examples

Associate account with IAM role

The following example creates an IAM role that API Gateway can assume to push logs to CloudWatch Logs. The example associates the role with the AWS::ApiGateway::Account resource.

JSON

{
    "CloudWatchRole": {
        "Type": "AWS::IAM::Role",
        "Properties": {
            "AssumeRolePolicyDocument": {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Principal": {
                            "Service": [
                                "apigateway.amazonaws.com"
                            ]
                        },
                        "Action": "sts:AssumeRole"
                    }
                ]
            },
            "Path": "/",
            "ManagedPolicyArns": [
                "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"
            ]
        }
    },
    "Account": {
        "Type": "AWS::ApiGateway::Account",
        "Properties": {
            "CloudWatchRoleArn": {
                "Fn::GetAtt": [
                    "CloudWatchRole",
                    "Arn"
                ]
            }
        }
    }
}

YAML

CloudWatchRole:
  Type: 'AWS::IAM::Role'
  Properties:
    AssumeRolePolicyDocument:
      Version: 2012-10-17
      Statement:
        - Effect: Allow
          Principal:
            Service:
              - apigateway.amazonaws.com
          Action: 'sts:AssumeRole'
    Path: /
    ManagedPolicyArns:
      - >-
        arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs
Account:
  Type: 'AWS::ApiGateway::Account'
  Properties:
    CloudWatchRoleArn: !GetAtt 
      - CloudWatchRole
      - Arn

See Also