AWS CloudFormation
User Guide (API Version 2010-05-15)
AWS 服务或AWS文档中描述的功能,可能因地区/位置而异。请点击 Amazon AWS 入门,可查看中国地区的具体差异

AWS::ApiGateway::Account

AWS::ApiGateway::Account 资源指定 Amazon API Gateway (API 网关) 用来将 API 日志写入 Amazon CloudWatch Logs (CloudWatch Logs) 的 AWS Identity and Access Management (IAM) 角色。

重要

如果您的 AWS 账户中从未创建 API 网关 资源,您必须在其他 API 网关 资源上添加依赖关系,例如 AWS::ApiGateway::RestApiAWS::ApiGateway::ApiKey 资源。

如果您的 AWS 账户中已创建 API 网关 资源,则无需依赖关系(即使该资源已删除)。

语法

声明此资源的语法:

JSON

{ "Type" : "AWS::ApiGateway::Account", "Properties" : { "CloudWatchRoleArn": String } }

YAML

Type: "AWS::ApiGateway::Account" Properties: CloudWatchRoleArn: String

属性

CloudWatchRoleArn

具有对您的账户中 CloudWatch Logs 写权限的 IAM 角色的 Amazon 资源名称 (ARN)。

Required: No

Type: String

更新要求无需中断

返回值

Ref

当向 Ref 内部函数提供此资源的逻辑 ID 时,Ref 将返回此资源的 ID,如 mysta-accou-01234b567890example

有关使用 Ref 功能的更多信息,请参阅参考

示例

以下示例创建 API 网关 可用来将日志推送到 CloudWatch Logs 的 IAM 角色。该示例将角色与 AWS::ApiGateway::Account 资源关联。

JSON

"CloudWatchRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": [ "apigateway.amazonaws.com" ] }, "Action": "sts:AssumeRole" }] }, "Path": "/", "ManagedPolicyArns": ["arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"] } }, "Account": { "Type": "AWS::ApiGateway::Account", "Properties": { "CloudWatchRoleArn": { "Fn::GetAtt": ["CloudWatchRole", "Arn"] } } }

YAML

CloudWatchRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: - "apigateway.amazonaws.com" Action: "sts:AssumeRole" Path: "/" ManagedPolicyArns: - "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs" Account: Type: "AWS::ApiGateway::Account" Properties: CloudWatchRoleArn: "Fn::GetAtt": - CloudWatchRole - Arn

本页内容: