AWS::ApiGateway::Account - AWS CloudFormation
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

AWS::ApiGateway::Account

AWS::ApiGateway::Account 资源指定 Amazon API Gateway 用来将 API 日志写入 Amazon CloudWatch Logs 的 IAM 角色。

重要

如果从未在 AWS 账户中创建某个 API Gateway 资源,则必须添加另一个 API Gateway 资源的依赖项,例如 AWS::ApiGateway::RestApiAWS::ApiGateway::ApiKey 资源。

如果您的 AWS 账户中已创建 API Gateway 资源,则无需依赖关系(即使该资源已删除)。

语法

要在 AWS CloudFormation 模板中声明此实体,请使用以下语法:

JSON

{ "Type" : "AWS::ApiGateway::Account", "Properties" : { "CloudWatchRoleArn" : String } }

YAML

Type: AWS::ApiGateway::Account Properties: CloudWatchRoleArn: String

属性

CloudWatchRoleArn

具有对您的账户中 CloudWatch Logs 写权限的 IAM 角色的 Amazon 资源名称 (ARN)。

必需:否

类型:字符串

Update requires: No interruption

返回值

Ref

在将此资源的逻辑 ID 传递给内部 Ref 函数时,Ref 返回 资源的 ID,例如 mysta-accou-01234b567890example

For more information about using the Ref function, see Ref.

示例

将账户与 IAM 角色关联

以下示例创建 API Gateway 可代入以将日志推送到 CloudWatch Logs 的 IAM 角色。该示例将角色与 AWS::ApiGateway::Account resource 关联。

JSON

{ "CloudWatchRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "apigateway.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Path": "/", "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs" ] } }, "Account": { "Type": "AWS::ApiGateway::Account", "Properties": { "CloudWatchRoleArn": { "Fn::GetAtt": [ "CloudWatchRole", "Arn" ] } } } }

YAML

CloudWatchRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - apigateway.amazonaws.com Action: 'sts:AssumeRole' Path: / ManagedPolicyArns: - >- arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs Account: Type: 'AWS::ApiGateway::Account' Properties: CloudWatchRoleArn: !GetAtt - CloudWatchRole - Arn

另请参阅