- 최신
- 최다 투표
- 가장 많은 댓글
If you've accidentally deleted the AWSServiceRoleForAPIGateway role and need to recreate it with the default configuration, you can use the AWS Command Line Interface (CLI) to create a new IAM role with similar permissions. However, please note that the exact default configuration might not be retrievable once the role is deleted. Nonetheless, you can create a new role with the necessary permissions for API Gateway. Here's how you can do it:
1)First, you need to create a new IAM policy with the necessary permissions. You can use the following JSON policy document as a starting point: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:::" }, { "Effect": "Allow", "Action": [ "apigateway:GET", "apigateway:POST", "apigateway:PUT", "apigateway:DELETE", "apigateway:PATCH" ], "Resource": "" } ] } This policy allows API Gateway to perform basic actions and also grants permissions for CloudWatch Logs.
- Save the above policy document to a file, for example, apigateway-policy.json. 2)Now, you can create the IAM policy using the AWS CLI. Replace <YourPolicyName> with your desired policy name:
" aws iam create-policy --policy-name <YourPolicyName> --policy-document file://apigateway-policy.json"
This command will return the Amazon Resource Name (ARN) of the newly created policy.
1)Finally, you can create a new IAM role and attach the policy to it:
"aws iam create-role --role-name AWSServiceRoleForAPIGateway --assume-role-policy-document file://trust-policy.json"
Replace trust-policy.json with a trust policy document if you want to specify one. If not, you can use a default trust policy.
1)Attach the policy to the role:
"aws iam attach-role-policy --role-name AWSServiceRoleForAPIGateway --policy-arn <ARN-of-the-policy-created-in-step-3>"
Replace <ARN-of-the-policy-created-in-step-3> with the ARN of the policy you created in step 3.
Now, you have recreated a role similar to AWSServiceRoleForAPIGateway with the necessary permissions for API Gateway. Please note that this might not exactly match the default configuration, but it should provide the required permissions for API Gateway to function properly.
Thanks Hari!
the commands didn't work for me and arise this error at the first step: An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Resource must be in ARN format or "*".
But instead, surprisingly, I did it with just one command:
aws iam create-service-linked-role --aws-service-name ops.apigateway.amazonaws.com
It has created the role "APIGatewayServiceRolePolicy" and assigned the policy "APIGatewayServiceRolePolicy", AWS managed, and a proper Trust Relationships to the role automatically.
