CreateProfile
Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.
Required permissions:
rolesanywhere:CreateProfile
.
Request Syntax
POST /profiles HTTP/1.1
Content-type: application/json
{
"acceptRoleSessionName": boolean
,
"durationSeconds": number
,
"enabled": boolean
,
"managedPolicyArns": [ "string
" ],
"name": "string
",
"requireInstanceProperties": boolean
,
"roleArns": [ "string
" ],
"sessionPolicy": "string
",
"tags": [
{
"key": "string
",
"value": "string
"
}
]
}
URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- acceptRoleSessionName
-
Used to determine if a custom role session name will be accepted in a temporary credential request.
Type: Boolean
Required: No
- durationSeconds
-
Used to determine how long sessions vended using this profile are valid for. See the
Expiration
section of the CreateSession API documentation page for more details. In requests, if this value is not provided, the default value will be 3600.Type: Integer
Valid Range: Minimum value of 900. Maximum value of 43200.
Required: No
- enabled
-
Specifies whether the profile is enabled.
Type: Boolean
Required: No
- managedPolicyArns
-
A list of managed policy ARNs that apply to the vended session credentials.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Length Constraints: Minimum length of 1. Maximum length of 200.
Required: No
- name
-
The name of the profile.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern:
^[ a-zA-Z0-9-_]*$
Required: Yes
- requireInstanceProperties
-
Specifies whether instance properties are required in temporary credential requests with this profile.
Type: Boolean
Required: No
- roleArns
-
A list of IAM roles that this profile can assume in a temporary credential request.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 250 items.
Length Constraints: Minimum length of 1. Maximum length of 1011.
Pattern:
^arn:aws(-[^:]+)?:iam(:.*){2}(:role.*)$
Required: Yes
- sessionPolicy
-
A session policy that applies to the trust boundary of the vended session credentials.
Type: String
Required: No
-
The tags to attach to the profile.
Type: Array of Tag objects
Array Members: Minimum number of 0 items. Maximum number of 200 items.
Required: No
Response Syntax
HTTP/1.1 201
Content-type: application/json
{
"profile": {
"acceptRoleSessionName": boolean,
"attributeMappings": [
{
"certificateField": "string",
"mappingRules": [
{
"specifier": "string"
}
]
}
],
"createdAt": "string",
"createdBy": "string",
"durationSeconds": number,
"enabled": boolean,
"managedPolicyArns": [ "string" ],
"name": "string",
"profileArn": "string",
"profileId": "string",
"requireInstanceProperties": boolean,
"roleArns": [ "string" ],
"sessionPolicy": "string",
"updatedAt": "string"
}
}
Response Elements
If the action is successful, the service sends back an HTTP 201 response.
The following data is returned in JSON format by the service.
- profile
-
The state of the profile after a read or write operation.
Type: ProfileDetail object
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You do not have sufficient access to perform this action.
HTTP Status Code: 403
- ValidationException
-
Validation exception error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: