CreateProfile - IAM Roles Anywhere

CreateProfile

Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.

Required permissions: rolesanywhere:CreateProfile.

Request Syntax

POST /profiles HTTP/1.1 Content-type: application/json { "acceptRoleSessionName": boolean, "durationSeconds": number, "enabled": boolean, "managedPolicyArns": [ "string" ], "name": "string", "requireInstanceProperties": boolean, "roleArns": [ "string" ], "sessionPolicy": "string", "tags": [ { "key": "string", "value": "string" } ] }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

acceptRoleSessionName

Used to determine if a custom role session name will be accepted in a temporary credential request.

Type: Boolean

Required: No

durationSeconds

Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details. In requests, if this value is not provided, the default value will be 3600.

Type: Integer

Valid Range: Minimum value of 900. Maximum value of 43200.

Required: No

enabled

Specifies whether the profile is enabled.

Type: Boolean

Required: No

managedPolicyArns

A list of managed policy ARNs that apply to the vended session credentials.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Length Constraints: Minimum length of 1. Maximum length of 200.

Required: No

name

The name of the profile.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 255.

Pattern: ^[ a-zA-Z0-9-_]*$

Required: Yes

requireInstanceProperties

Specifies whether instance properties are required in temporary credential requests with this profile.

Type: Boolean

Required: No

roleArns

A list of IAM roles that this profile can assume in a temporary credential request.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 250 items.

Length Constraints: Minimum length of 1. Maximum length of 1011.

Pattern: ^arn:aws(-[^:]+)?:iam(:.*){2}(:role.*)$

Required: Yes

sessionPolicy

A session policy that applies to the trust boundary of the vended session credentials.

Type: String

Required: No

tags

The tags to attach to the profile.

Type: Array of Tag objects

Array Members: Minimum number of 0 items. Maximum number of 200 items.

Required: No

Response Syntax

HTTP/1.1 201 Content-type: application/json { "profile": { "acceptRoleSessionName": boolean, "attributeMappings": [ { "certificateField": "string", "mappingRules": [ { "specifier": "string" } ] } ], "createdAt": "string", "createdBy": "string", "durationSeconds": number, "enabled": boolean, "managedPolicyArns": [ "string" ], "name": "string", "profileArn": "string", "profileId": "string", "requireInstanceProperties": boolean, "roleArns": [ "string" ], "sessionPolicy": "string", "updatedAt": "string" } }

Response Elements

If the action is successful, the service sends back an HTTP 201 response.

The following data is returned in JSON format by the service.

profile

The state of the profile after a read or write operation.

Type: ProfileDetail object

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 403

ValidationException

Validation exception error.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: