Bootstrap FreeKB - Amazon Web Services (AWS) - Create role using the AWS CLI
Amazon Web Services (AWS) - Create role using the AWS CLI


This assumes you have already configured the aws command line tool. If not, check out my article on Getting Started with the AWS CLI.

The aws iam create-role command can be used to create an IAM (Identity and Access Management) Role.

The aws iam create-role command can be used to created a role. By default, the role will not have any Trust Relationship policies or Permission Policies attached, meaning the role will not have permission to do anything. It's just an empty role that you would then attach one or more policies to.

aws iam create-role --role-name my-role

 

Or, you can create a JSON file that contains the Trust Relationship policy that you want to attach to the role.

In this example, the role will allow user john.doe to assume the role.

{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Principal": { "AWS": "arn:aws:iam::123456789012:user/john.doe" },
          "Action": "sts:AssumeRole"
      }
  ]
}

 

In this example, the role will allow the API Gateway service to assume the role.

{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Principal": { "Service": "apigateway.amazonaws.com" },
          "Action": "sts:AssumeRole"
      }
  ]
}

 

And then the aws iam create-role command with the --assume-role-policy-document option can be used to create the role with an attached Trust Relationship policy.

~]$ aws iam create-role --role-name my-role --assume-role-policy-document file://my.json
{
    "Role": {
        "Path": "/",
        "RoleName": "my-role",
        "RoleId": "AROA2MITL76GPTDCUEJO5",
        "Arn": "arn:aws:iam::123456789012:role/my-role",
        "CreateDate": "2023-07-18T06:08:58+00:00",
        "AssumeRolePolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Principal": {
                        "AWS": "arn:aws:iam::123456789012:user/john.doe"
                    },
                    "Action": "sts:AssumeRole"
                }
            ]
        }
    }
}

 

If you also want to attach one or more Permission Policies to the role, the aws iam attach-role-policy command can be used.

aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/my-permission-policy --role-name my-role

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 5bd586 in the box below so that we can be sure you are a human.