Create a service role - Amazon Chime SDK

Create a service role

AWS uses service roles to grant permissions to an AWS service so it can access AWS resources. The policies that you attach to a service role determine which resources the service can access and what it can do with those resources. The service role that you create for the Amazon Chime SDK gives the service permission to make SendMessages calls to your Amazon Pinpoint application.

To create a service role

  1. Sign in to the AWS Management Console and open the IAM console at

  2. In the navigation pane, choose Policies, and then choose Create Policy.

  3. Choose the JSON tab and copy the policy below into the text box. Be sure to replace project_id with the the ID of the Amazon Pinpoint application created in the previous step, and the aws_account_id with your AWS Account ID.

    { "Version": "2012-10-17", "Statement": { "Action": "mobiletargeting:SendMessages", "Resource": "arn:aws:mobiletargeting:region:aws_account_id:apps/project_id/messages", "Effect": "Allow" } }
  4. Choose Next: Tags.

  5. Choose Next: Review, and enter AmazonChimePushNotificationPolicy in the Name field, and choose Create Policy.

  6. In the navigation pane, choose Roles, and then choose Create role.

  7. On the Create role page, choose AWS service, open the Choose a user case list and choose EC2.

  8. Choose Next: Permissions, and in the search box, enter AmazonChimePushNotificationPolicy, and select the check box next to the policy.

  9. Choose Next: Tags.

  10. Choose Next: Review, and enter ServiceRoleForAmazonChimePushNotification in the Name field.


    You must use the name listed above. The Amazon Chime SDK only accepts that specific name.

  11. Choose Create role, and on the Roles page. enter ServiceRoleForAmazonChimePushNotification in the search box, and choose the matching role.

  12. Choose the Trust Relationships tab, choose Edit trust relationship and replace the existing policy with the one below.

    { "Version": "2008-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "" }, "Action": "sts:AssumeRole" } ] }
  13. Choose Update Trust Policy.


Modifying the role by changing the name, the permission policy, or the trust policy can break the push notification functionality.