Class CreateRoleCommandProtected

Creates a new role for your Amazon Web Services account.

For more information about roles, see IAM roles in the IAM User Guide. For information about quotas for role names and the number of roles you can create, see IAM and STS quotas in the IAM User Guide.

Example

Use a bare-bones client and the command you need to make an API call.

import { IAMClient, CreateRoleCommand } from "@aws-sdk/client-iam"; // ES Modules import
// const { IAMClient, CreateRoleCommand } = require("@aws-sdk/client-iam"); // CommonJS import
const client = new IAMClient(config);
const input = { // CreateRoleRequest
  Path: "STRING_VALUE",
  RoleName: "STRING_VALUE", // required
  AssumeRolePolicyDocument: "STRING_VALUE", // required
  Description: "STRING_VALUE",
  MaxSessionDuration: Number("int"),
  PermissionsBoundary: "STRING_VALUE",
  Tags: [ // tagListType
    { // Tag
      Key: "STRING_VALUE", // required
      Value: "STRING_VALUE", // required
    },
  ],
};
const command = new CreateRoleCommand(input);
const response = await client.send(command);
// { // CreateRoleResponse
//   Role: { // Role
//     Path: "STRING_VALUE", // required
//     RoleName: "STRING_VALUE", // required
//     RoleId: "STRING_VALUE", // required
//     Arn: "STRING_VALUE", // required
//     CreateDate: new Date("TIMESTAMP"), // required
//     AssumeRolePolicyDocument: "STRING_VALUE",
//     Description: "STRING_VALUE",
//     MaxSessionDuration: Number("int"),
//     PermissionsBoundary: { // AttachedPermissionsBoundary
//       PermissionsBoundaryType: "PermissionsBoundaryPolicy",
//       PermissionsBoundaryArn: "STRING_VALUE",
//     },
//     Tags: [ // tagListType
//       { // Tag
//         Key: "STRING_VALUE", // required
//         Value: "STRING_VALUE", // required
//       },
//     ],
//     RoleLastUsed: { // RoleLastUsed
//       LastUsedDate: new Date("TIMESTAMP"),
//       Region: "STRING_VALUE",
//     },
//   },
// };

Param

CreateRoleCommandInput

Returns

CreateRoleCommandOutput

See

• CreateRoleCommandInput for command's input shape.
• CreateRoleCommandOutput for command's response shape.
• config for IAMClient's config shape.

Throws

ConcurrentModificationException (client fault)

The request was rejected because multiple requests to change this object were submitted simultaneously. Wait a few minutes and submit your request again.

Throws

EntityAlreadyExistsException (client fault)

The request was rejected because it attempted to create a resource that already exists.

Throws

InvalidInputException (client fault)

The request was rejected because an invalid or out-of-range value was supplied for an input parameter.

Throws

LimitExceededException (client fault)

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account limits. The error message describes the limit exceeded.

Throws

MalformedPolicyDocumentException (client fault)

The request was rejected because the policy document was malformed. The error message describes the specific error.

Throws

ServiceFailureException (server fault)

The request processing has failed because of an unknown error, exception or failure.

Throws

IAMServiceException

Base exception class for all service exceptions from IAM service.

Example

To create an IAM role

// The following command creates a role named Test-Role and attaches a trust policy that you must convert from JSON to a string. Upon success, the response includes the same policy as a URL-encoded JSON string.
const input = {
  "AssumeRolePolicyDocument": "<Stringified-JSON>",
  "Path": "/",
  "RoleName": "Test-Role"
};
const command = new CreateRoleCommand(input);
const response = await client.send(command);
/* response ==
{
  "Role": {
    "Arn": "arn:aws:iam::123456789012:role/Test-Role",
    "AssumeRolePolicyDocument": "<URL-encoded-JSON>",
    "CreateDate": "2013-06-07T20:43:32.821Z",
    "Path": "/",
    "RoleId": "AKIAIOSFODNN7EXAMPLE",
    "RoleName": "Test-Role"
  }
}
*/
// example id: eaaa4b5f-51f1-4f73-b0d3-30127040eff8