通过cloudformation向cloudwatch发送api网关日志

我正在创建一个cfn模板,在这里我为api网关启用日志。它创造了这样一个角色

  "ApiGatewayCloudWatchLogsRole": {
  "Type": "AWS::IAM::Role",
  "Properties": {
    "AssumeRolePolicyDocument": {
      "Version": "2012-10-17",
      "Statement": [{
        "Effect": "Allow",
        "Principal": { "Service": ["apigateway.amazonaws.com"] },
        "Action": ["sts:AssumeRole"]
      }]
    },
    "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess"
        ],
    "Policies": [{
      "PolicyName": "ApiGatewayLogsPolicy",
      "PolicyDocument": {
        "Version": "2012-10-17",
        "Statement": [{
          "Effect": "Allow",
          "Action": [
            "logs:CreateLogGroup",
            "logs:CreateLogStream",
            "logs:DescribeLogGroups",
            "logs:DescribeLogStreams",
            "logs:PutLogEvents",
            "logs:GetLogEvents",
            "logs:FilterLogEvents"
          ],
          "Resource": "*"
        }]
      }
    }]
  }
}

我加上了 AWS::ApiGateway::Account 就这样 doc

"ApiGatewayAccount": {
  "Type" : "AWS::ApiGateway::Account",
  "Properties" : {
    "CloudWatchRoleArn" : {"Fn::GetAtt" : ["ApiGatewayCloudWatchLogsRole", "Arn"] }
  }
},

在文件中 aws::apigateway::帐户 是的。他们这样说:

重要的

如果您的aws帐户中从未创建过api网关资源, 必须添加对另一个API网关资源的依赖关系,例如 aws::apigateway::restapi或aws::apigateway::apikey资源。

如果在您的aws帐户中创建了api网关资源,则不 依赖关系是必需的(即使资源已被删除)。

这是我对上述注释的理解,如果我的CFN没有 AWS::ApiGateway::Resource 然后我需要在我的 aws::apigateway::帐户 以这样的方式, aws::apigateway::帐户 只有在 AWS::ApiGateway::RestApi 是创建的。

所以,我把cfn片段改成这样

"ApiGatewayAccount": {
  "Type" : "AWS::ApiGateway::Account",
  "DependsOn": [
        "CFNTest" -->This is a`AWS::ApiGateway::RestApi`
      ],
  "Properties" : {
    "CloudWatchRoleArn" : {"Fn::GetAtt" : ["ApiGatewayCloudWatchLogsRole", "Arn"] }
  }
},

我的理解对吗?

谢谢