我想为我的 API 网关设置一个角色,以便我可以查看任何错误的日志。 但是在尝试执行此操作时,我收到以下错误。
创建变更集失败。当前状态:失败
我不确定 AWS::Serverless::Api 中是否有 Role 属性 当我在此处设置角色时,我的编辑器显示“未知资源类型属性:角色”。
这是我的 CF 脚本。
MyApiGateway:
Type: AWS::Serverless::Api
Properties:
Name:
!Sub
- '${TheEnv}-${TheAppNameForResources}-api'
- TheEnv: !Ref Environment
TheAppNameForResources: !Ref AppNameForResources
TheBucketRegion: !Ref AWS::Region
TracingEnabled: true
OpenApiVersion: 3.0.2
Cors:
AllowHeaders: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
AllowMethods: "'*'"
AllowOrigin: "'*'"
StageName: test
Role: !GetAtt APICloudwatchLogRole.Arn
DefinitionBody:
swagger: "2.0"
paths:
/batch:
get:
x-amazon-apigateway-integration:
uri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-
31/functions/${MyLambdaFunction.Arn}/invocations
httpMethod: GET
type: "aws_proxy"
APICloudwatchLogRole:
Type: AWS::IAM::Role
Properties:
RoleName:
!Sub
- "${TheAppNameForResources}-${TheEnvName}-cw-role-for-api"
- TheAppNameForResources: !Ref AppNameForResources
TheEnvName: !Ref Environment
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: "apigateway.amazonaws.com"
Action: ['sts:AssumeRole']
Policies:
- PolicyName:
!Sub
- "${TheAppNameForResources}-${TheEnvName}-cw-role-for-api"
- TheAppNameForResources: !Ref AppNameForResources
TheEnvName: !Ref Environment
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: "*"
有人知道在使用 AWS::Serverless::Api 时是否有一种方法可以为 API 网关设置角色吗?我也尝试删除整个堆栈并重新创建,但仍然没有成功。
谢谢