CreateServiceLinkedRole
Creates an IAM role that is linked to a specific AWS service. The service controls the attached policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly changed or deleted role, which could put your AWS resources into an unknown state. Allowing the service to control the role helps improve service stability and proper cleanup when a service and its role are no longer needed. For more information, see Using service-linked roles in the IAM User Guide.
To attach a policy to this service-linked role, you must make the request using the AWS service that depends on this role.
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
- AWSServiceName
-
The service principal for the AWS service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example:
elasticbeanstalk.amazonaws.com
.Service principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see AWS services that work with IAM in the IAM User Guide. Look for the services that have Yes in the Service-Linked Role column. Choose the Yes link to view the service-linked role documentation for that service.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[\w+=.@-]*
Required: Yes
- CustomSuffix
-
A string that you provide, which is combined with the service-provided prefix to form the complete role name. If you make multiple requests for the same service, then you must supply a different
CustomSuffix
for each request. Otherwise the request fails with a duplicate role name error. For example, you could add-1
or-debug
to the suffix.Some services do not support the
CustomSuffix
parameter. If you provide an optional suffix and the operation fails, try the operation again without the suffix.Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern:
[\w+=,.@-]+
Required: No
- Description
-
The description of the role.
Type: String
Length Constraints: Maximum length of 1000.
Pattern:
[\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]*
Required: No
Response Elements
The following element is returned by the service.
Errors
For information about the errors that are common to all actions, see Common Errors.
- InvalidInput
-
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
HTTP Status Code: 400
- LimitExceeded
-
The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.
HTTP Status Code: 409
- NoSuchEntity
-
The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.
HTTP Status Code: 404
- ServiceFailure
-
The request processing has failed because of an unknown error, exception or failure.
HTTP Status Code: 500
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: