Resource: awsApiGatewayAccount
Provides a settings of an API Gateway Account. Settings is applied region-wide per provider
block.
-> Note: As there is no API method for deleting account settings or resetting it to defaults, destroying this resource will keep your account settings intact
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsIamPolicyDocumentAssumeRole =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"assume_role",
{
statement: [
{
actions: ["sts:AssumeRole"],
effect: "Allow",
principals: [
{
identifiers: ["apigateway.amazonaws.com"],
type: "Service",
},
],
},
],
}
);
const dataAwsIamPolicyDocumentCloudwatch =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"cloudwatch",
{
statement: [
{
actions: [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
"logs:GetLogEvents",
"logs:FilterLogEvents",
],
effect: "Allow",
resources: ["*"],
},
],
}
);
const awsIamRoleCloudwatch = new aws.iamRole.IamRole(this, "cloudwatch_2", {
assumeRolePolicy: dataAwsIamPolicyDocumentAssumeRole.json,
name: "api_gateway_cloudwatch_global",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRoleCloudwatch.overrideLogicalId("cloudwatch");
const awsIamRolePolicyCloudwatch = new aws.iamRolePolicy.IamRolePolicy(
this,
"cloudwatch_3",
{
name: "default",
policy: dataAwsIamPolicyDocumentCloudwatch.json,
role: awsIamRoleCloudwatch.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRolePolicyCloudwatch.overrideLogicalId("cloudwatch");
new aws.apiGatewayAccount.ApiGatewayAccount(this, "demo", {
cloudwatchRoleArn: awsIamRoleCloudwatch.arn,
});
Argument Reference
The following argument is supported:
cloudwatchRoleArn
- (Optional) ARN of an IAM role for CloudWatch (to allow logging & monitoring). See more in AWS Docs. Logging & monitoring can be enabled/disabled and otherwise tuned on the API Gateway Stage level.
Attributes Reference
The following attribute is exported:
throttleSettings
- Account-Level throttle settings. See exported fields below.
throttleSettings
block exports the following:
burstLimit
- Absolute maximum number of times API Gateway allows the API to be called per second (RPS).rateLimit
- Number of times API Gateway allows the API to be called per second on average (RPS).
Import
API Gateway Accounts can be imported using the word apiGatewayAccount
, e.g.,