pulumi-aws-kotlin/com.pulumi.aws.apigateway.kotlin/AccountArgs

AccountArgs

data class AccountArgs(val cloudwatchRoleArn: Output<String>? = null) : ConvertibleToJava<AccountArgs>

Provides a settings of an API Gateway Account. Settings is applied region-wide per provider block.

Note: As there is no API method for deleting account settings or resetting it to defaults, destroying this resource will keep your account settings intact

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.apigateway.Account;
import com.pulumi.aws.apigateway.AccountArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("Service")
                    .identifiers("apigateway.amazonaws.com")
                    .build())
                .actions("sts:AssumeRole")
                .build())
            .build());
        var cloudwatchRole = new Role("cloudwatchRole", RoleArgs.builder()
            .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());
        var demo = new Account("demo", AccountArgs.builder()
            .cloudwatchRoleArn(cloudwatchRole.arn())
            .build());
        final var cloudwatchPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .actions(
                    "logs:CreateLogGroup",
                    "logs:CreateLogStream",
                    "logs:DescribeLogGroups",
                    "logs:DescribeLogStreams",
                    "logs:PutLogEvents",
                    "logs:GetLogEvents",
                    "logs:FilterLogEvents")
                .resources("*")
                .build())
            .build());
        var cloudwatchRolePolicy = new RolePolicy("cloudwatchRolePolicy", RolePolicyArgs.builder()
            .role(cloudwatchRole.id())
            .policy(cloudwatchPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());
    }
}
Content copied to clipboard

Import

API Gateway Accounts can be imported using the word api-gateway-account, e.g.,

$ pulumi import aws:apigateway/account:Account demo api-gateway-account
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(cloudwatchRoleArn: Output<String>? = null)

Properties

Link copied to clipboard
val cloudwatchRoleArn: Output<String>? = null

ARN of an IAM role for CloudWatch (to allow logging & monitoring). See more in AWS Docs. Logging & monitoring can be enabled/disabled and otherwise tuned on the API Gateway Stage level.

Functions

Link copied to clipboard
open override fun toJava(): AccountArgs