CloudWatch日志角色ARN [英] CloudWatch log role ARN

问题描述

我正在尝试使用AWS API网关产品设置一个非常基本的API，看来我找不到任何足以满足其记录要求的策略，因此即使离开第一页设置屏幕上的.我被困在这里:

I am trying to setup a really basic API with the AWS API Gateway product and it seems I can not find any policies which will suffice for it to log and for that matter even leave the first page of the settings screen. I am stuck here:

URL:https://eu-west-1.console.aws.amazon.com/apigateway/home?region=eu-west-1#/settings

和我的绝望导致该角色被授予以下权限:

and my desperations has led to the following permissions being granted to the role:

我还添加了以下定制策略:

I've also added the following bespoke policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*"
    }
  ]
}

全部无济于事.每当我按下保存按钮时，都会得到以下信息:

All to no avail. Whenever I press the save button I get the following:

任何帮助将不胜感激.

推荐答案

这实际上是API Gateway无法承担特定角色的错误. 这可能是由于您角色的信任关系"策略不允许API网关服务承担该角色.

This is actually an error with API Gateway not being able to assume that specific role. This is probably due to your role's Trust Relationship policy not allowing the API Gateway Service to assume the role.

如果添加以下信任关系策略，则该策略将起作用:

If you add the following Trust Relationship policy, it should work:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "apigateway.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

这篇关于CloudWatch日志角色ARN的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！