AWS::ApiGateway::Account

The AWS::ApiGateway::Account resource specifies the AWS Identity and Access Management (IAM) role that Amazon API Gateway (API Gateway) uses to write API logs to Amazon CloudWatch Logs (CloudWatch Logs).

Important

If an API Gateway resource has never been created in your AWS account, you must add a dependency on another API Gateway resource, such as an AWS::ApiGateway::RestApi or AWS::ApiGateway::ApiKey resource.

If an API Gateway resource has been created in your AWS account, no dependency is required (even if the resource was deleted).

Topics

Syntax
Properties
Return Value
Example

Syntax

The syntax for declaring this resource:

JSON


{
  "Type" : "AWS::ApiGateway::Account",
  "Properties" : {
    "CloudWatchRoleArn": String
  }
}

YAML


Type: "AWS::ApiGateway::Account"
Properties: 
  CloudWatchRoleArn: String

Properties

CloudWatchRoleArn

The Amazon Resource Name (ARN) of an IAM role that has write access to CloudWatch Logs in your account.

Required: No

Type: String

Update requires: No interruption

Return Value

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the ID of the resource, such as mysta-accou-01234b567890example.

For more information about using the Ref function, see Ref.

Example

The following example creates an IAM role that API Gateway can assume to push logs to CloudWatch Logs. The example associates the role with the AWS::ApiGateway::Account resource.

JSON


"CloudWatchRole": {
  "Type": "AWS::IAM::Role",
  "Properties": {
    "AssumeRolePolicyDocument": {
      "Version": "2012-10-17",
      "Statement": [{
        "Effect": "Allow",
        "Principal": { "Service": [ "apigateway.amazonaws.com" ] },
        "Action": "sts:AssumeRole"
      }]
    },
    "Path": "/",
    "ManagedPolicyArns": ["arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"]
  }
},
"Account": {
  "Type": "AWS::ApiGateway::Account",
  "Properties": {
    "CloudWatchRoleArn": { "Fn::GetAtt": ["CloudWatchRole", "Arn"] }
  }
}

YAML


CloudWatchRole: 
 Type: "AWS::IAM::Role"
 Properties: 
  AssumeRolePolicyDocument: 
   Version: "2012-10-17"
   Statement: 
    - Effect: Allow
      Principal: 
       Service: 
        - "apigateway.amazonaws.com"
      Action: "sts:AssumeRole"
  Path: "/"
  ManagedPolicyArns: 
   - "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"
Account: 
 Type: "AWS::ApiGateway::Account"
 Properties: 
  CloudWatchRoleArn: 
   "Fn::GetAtt": 
    - CloudWatchRole
    - Arn

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

« Previous Next »