AWS::ApiGateway::Account
The AWS::ApiGateway::Account
resource specifies the IAM role that Amazon API Gateway uses to write API logs to Amazon CloudWatch Logs. To avoid overwriting other roles, you should only have one AWS::ApiGateway::Account
resource per region per account.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::ApiGateway::Account", "Properties" : { "CloudWatchRoleArn" :
String
} }
YAML
Type: AWS::ApiGateway::Account Properties: CloudWatchRoleArn:
String
Properties
CloudWatchRoleArn
-
The ARN of an Amazon CloudWatch role for the current Account.
Required: No
Type: String
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the ID of the resource, such as mysta-accou-01234b567890example
.
For more information about using the Ref
function, see Ref
.
Fn::GetAtt
The Fn::GetAtt
intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt
intrinsic function, see Fn::GetAtt
.
Id
-
The ID for the account. For example:
abc123
.
Examples
Associate account with IAM role
The following example creates an IAM role that API Gateway can assume to push logs to CloudWatch Logs. The example associates the role with the AWS::ApiGateway::Account resource
.
JSON
{ "CloudWatchRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "apigateway.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }, "Path": "/", "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs" ] } }, "Account": { "Type": "AWS::ApiGateway::Account", "Properties": { "CloudWatchRoleArn": { "Fn::GetAtt": [ "CloudWatchRole", "Arn" ] } } } }
YAML
CloudWatchRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - apigateway.amazonaws.com Action: 'sts:AssumeRole' Path: / ManagedPolicyArns: - >- arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs Account: Type: 'AWS::ApiGateway::Account' Properties: CloudWatchRoleArn: !GetAtt - CloudWatchRole - Arn
See also
-
account:update in the Amazon API Gateway REST API Reference