How it works
API Gateway assumes this role to manage CloudMonitor resources on your behalf. When you map an API group to a CloudMonitor application group, the API operations in that API group automatically become instances in the corresponding application group. You can then apply the same alert settings to all API operations in an API group at once, instead of configuring each operation individually.
Role name and policy
Role name: AliyunServiceRoleForApiGatewayMonitoring
Attached policy: AliyunServiceRolePolicyForApiGatewayMonitoring
Trusted service
API Gateway is the trusted service for this role. API Gateway automatically creates this role when needed.
Permission policy
The AliyunServiceRolePolicyForApiGatewayMonitoring policy has the following permissions:
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cms:CreateMonitorGroup",
"cms:CreateMonitorGroupInstances",
"cms:DescribeMonitorGroups",
"cms:DeleteMonitorGroup",
"cms:DeleteMonitorGroupInstances"
],
"Resource": "acs:cms:*:*:*"
}
]
}Delete the service-linked role
Before you delete the AliyunServiceRoleForApiGatewayMonitoring role, remove all dependent application groups from CloudMonitor. If dependent resources still exist, the deletion fails.
Step 1: Delete the dependent application group
Log on to the CloudMonitor console.
In the left-side navigation pane, click
Application Groups.Find the application group named
APIGATEWAY_${region}_$(groupId)and delete it.${region}is the region where the API group resides.$(groupId)is the ID of the API group.Example:
APIGATEWAY_ap-southeast-1_d17e78c9d436436c89a7e8c42a329a4d
Step 2: Delete the RAM role
Log on to the RAM console.
In the left-side navigation pane, click
RAM Roles.Find the
AliyunServiceRoleForApiGatewayMonitoringrole and click Delete in the Actions column.
If you need this role again later, API Gateway automatically recreates it when you map an API group to a CloudMonitor application group.