By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Recreate AWSServiceRoleForAPIGateway role

0

I have mistakenly deleted the AWSServiceRoleForAPIGateway role. I've tried to find the exact role's configuration but I couldn't. Please help me create a role with the exact default configuration preferably with CLI. Thanks.

Topics
Security, Identity, & Compliance
Tags
AWS IAM Identity CenterIAM Policies
Language
English
Erik
asked 2 months ago96 views
3 Answers
0

If you've accidentally deleted the AWSServiceRoleForAPIGateway role and need to recreate it with the default configuration, you can use the AWS Command Line Interface (CLI) to create a new IAM role with similar permissions. However, please note that the exact default configuration might not be retrievable once the role is deleted. Nonetheless, you can create a new role with the necessary permissions for API Gateway. Here's how you can do it:

1)First, you need to create a new IAM policy with the necessary permissions. You can use the following JSON policy document as a starting point: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:::" }, { "Effect": "Allow", "Action": [ "apigateway:GET", "apigateway:POST", "apigateway:PUT", "apigateway:DELETE", "apigateway:PATCH" ], "Resource": "" } ] } This policy allows API Gateway to perform basic actions and also grants permissions for CloudWatch Logs.

  1. Save the above policy document to a file, for example, apigateway-policy.json. 2)Now, you can create the IAM policy using the AWS CLI. Replace <YourPolicyName> with your desired policy name:

" aws iam create-policy --policy-name <YourPolicyName> --policy-document file://apigateway-policy.json"

This command will return the Amazon Resource Name (ARN) of the newly created policy.

1)Finally, you can create a new IAM role and attach the policy to it:

"aws iam create-role --role-name AWSServiceRoleForAPIGateway --assume-role-policy-document file://trust-policy.json"

Replace trust-policy.json with a trust policy document if you want to specify one. If not, you can use a default trust policy.

1)Attach the policy to the role:

"aws iam attach-role-policy --role-name AWSServiceRoleForAPIGateway --policy-arn <ARN-of-the-policy-created-in-step-3>"

Replace <ARN-of-the-policy-created-in-step-3> with the ARN of the policy you created in step 3.

Now, you have recreated a role similar to AWSServiceRoleForAPIGateway with the necessary permissions for API Gateway. Please note that this might not exactly match the default configuration, but it should provide the required permissions for API Gateway to function properly.

profile picture
Hari Priya Reddy Maddi
answered 2 months ago
0

Thanks Hari!

the commands didn't work for me and arise this error at the first step: An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Resource must be in ARN format or "*".

But instead, surprisingly, I did it with just one command:

aws iam create-service-linked-role --aws-service-name ops.apigateway.amazonaws.com

It has created the role "APIGatewayServiceRolePolicy" and assigned the policy "APIGatewayServiceRolePolicy", AWS managed, and a proper Trust Relationships to the role automatically.

Erik
answered 2 months ago
0

I deleted AWSServiceRoleForAPIGateway

After I deleted I through (I wonder what if that was a bad idea). Then I found your post.

Then I found this page:

https://docs.aws.amazon.com/apigateway/latest/developerguide/using-service-linked-roles.html#create-slr

I create a new API Gateway the Role was recreated.

Magic!

David J
answered 12 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content