create-role

The aws iam create-role command is used to create a new role in IAM. This role can then be associated with specific policies that define what actions the role can perform and what resources it has access to.

Syntax

aws iam create-role \
  --role-name ROLE_NAME \
  --assume-role-policy-document ASSUME_ROLE_POLICY_DOCUMENT

Options

--role-name ROLE_NAME: The name of the role to create.
--assume-role-policy-document ASSUME_ROLE_POLICY_DOCUMENT: The policy that grants an entity permission to assume the role.

Assume Role Policy Document

The Assume Role Policy Document is a JSON formatted document that defines who can assume the role and under what conditions. You can create this document manually or use IAM policy creation tools.

Below is an example of an Assume Role Policy Document:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

This policy allows the EC2 service to assume the role.

See also the original AWS documentation.

create-role

Syntax​

Options​

Assume Role Policy Document​

Syntax

Options

Assume Role Policy Document