En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Recreate AWSServiceRoleForAPIGateway role

0

I have mistakenly deleted the AWSServiceRoleForAPIGateway role. I've tried to find the exact role's configuration but I couldn't. Please help me create a role with the exact default configuration preferably with CLI. Thanks.

Sujets
Sécurité, identité et conformité
Balises
Centre d’identité IAM AWSPolitiques IAM
Langue
English
Erik
demandé il y a 3 mois109 vues
3 réponses
0

If you've accidentally deleted the AWSServiceRoleForAPIGateway role and need to recreate it with the default configuration, you can use the AWS Command Line Interface (CLI) to create a new IAM role with similar permissions. However, please note that the exact default configuration might not be retrievable once the role is deleted. Nonetheless, you can create a new role with the necessary permissions for API Gateway. Here's how you can do it:

1)First, you need to create a new IAM policy with the necessary permissions. You can use the following JSON policy document as a starting point: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:::" }, { "Effect": "Allow", "Action": [ "apigateway:GET", "apigateway:POST", "apigateway:PUT", "apigateway:DELETE", "apigateway:PATCH" ], "Resource": "" } ] } This policy allows API Gateway to perform basic actions and also grants permissions for CloudWatch Logs.

  1. Save the above policy document to a file, for example, apigateway-policy.json. 2)Now, you can create the IAM policy using the AWS CLI. Replace <YourPolicyName> with your desired policy name:

" aws iam create-policy --policy-name <YourPolicyName> --policy-document file://apigateway-policy.json"

This command will return the Amazon Resource Name (ARN) of the newly created policy.

1)Finally, you can create a new IAM role and attach the policy to it:

"aws iam create-role --role-name AWSServiceRoleForAPIGateway --assume-role-policy-document file://trust-policy.json"

Replace trust-policy.json with a trust policy document if you want to specify one. If not, you can use a default trust policy.

1)Attach the policy to the role:

"aws iam attach-role-policy --role-name AWSServiceRoleForAPIGateway --policy-arn <ARN-of-the-policy-created-in-step-3>"

Replace <ARN-of-the-policy-created-in-step-3> with the ARN of the policy you created in step 3.

Now, you have recreated a role similar to AWSServiceRoleForAPIGateway with the necessary permissions for API Gateway. Please note that this might not exactly match the default configuration, but it should provide the required permissions for API Gateway to function properly.

profile picture
Hari Priya Reddy Maddi
répondu il y a 3 mois
0

Thanks Hari!

the commands didn't work for me and arise this error at the first step: An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Resource must be in ARN format or "*".

But instead, surprisingly, I did it with just one command:

aws iam create-service-linked-role --aws-service-name ops.apigateway.amazonaws.com

It has created the role "APIGatewayServiceRolePolicy" and assigned the policy "APIGatewayServiceRolePolicy", AWS managed, and a proper Trust Relationships to the role automatically.

Erik
répondu il y a 3 mois
0

I deleted AWSServiceRoleForAPIGateway

After I deleted I through (I wonder what if that was a bad idea). Then I found your post.

Then I found this page:

https://docs.aws.amazon.com/apigateway/latest/developerguide/using-service-linked-roles.html#create-slr

I create a new API Gateway the Role was recreated.

Magic!

David J
répondu il y a un mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents