Recreate AWSServiceRoleForAPIGateway role

Question

I have mistakenly deleted the AWSServiceRoleForAPIGateway role. I've tried to find the exact role's configuration but I couldn't. Please help me create a role with the exact default configuration preferably with CLI. Thanks.

Answer

If you've accidentally deleted the AWSServiceRoleForAPIGateway role and need to recreate it with the default configuration, you can use the AWS Command Line Interface (CLI) to create a new IAM role with similar permissions. However, please note that the exact default configuration might not be retrievable once the role is deleted. Nonetheless, you can create a new role with the necessary permissions for API Gateway. Here's how you can do it:

1)First, you need to create a new IAM policy with the necessary permissions. You can use the following JSON policy document as a starting point:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "arn:aws:logs:*:*:*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "apigateway:GET",
                "apigateway:POST",
                "apigateway:PUT",
                "apigateway:DELETE",
                "apigateway:PATCH"
            ],
            "Resource": "*"
        }
    ]
}
This policy allows API Gateway to perform basic actions and also grants permissions for CloudWatch Logs.

1) Save the above policy document to a file, for example, apigateway-policy.json.
   2)Now, you can create the IAM policy using the AWS CLI. Replace  with your desired policy name:

" aws iam create-policy --policy-name  --policy-document file://apigateway-policy.json"

This command will return the Amazon Resource Name (ARN) of the newly created policy.

1)Finally, you can create a new IAM role and attach the policy to it:

"aws iam create-role --role-name AWSServiceRoleForAPIGateway --assume-role-policy-document file://trust-policy.json"

Replace trust-policy.json with a trust policy document if you want to specify one. If not, you can use a default trust policy.

1)Attach the policy to the role:

"aws iam attach-role-policy --role-name AWSServiceRoleForAPIGateway --policy-arn "

Replace  with the ARN of the policy you created in step 3.

Now, you have recreated a role similar to AWSServiceRoleForAPIGateway with the necessary permissions for API Gateway. Please note that this might not exactly match the default configuration, but it should provide the required permissions for API Gateway to function properly.

Answer

I deleted AWSServiceRoleForAPIGateway

After I deleted I through (I wonder what if that was a bad idea).   Then I found your post.

Then I found this page:

https://docs.aws.amazon.com/apigateway/latest/developerguide/using-service-linked-roles.html#create-slr

I create a new API Gateway the Role was recreated.

Magic!

Answer

Thanks Hari!

the commands didn't work for me and arise this error at the first step: An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Resource  must be in ARN format or "*".

------------------------------------

But instead, surprisingly, I did it with just one command:

aws iam create-service-linked-role --aws-service-name ops.apigateway.amazonaws.com

It has created the role "APIGatewayServiceRolePolicy" and assigned the policy "APIGatewayServiceRolePolicy", AWS managed, and a proper Trust Relationships to the role automatically.

Recreate AWSServiceRoleForAPIGateway role

相關內容