ELB service-linked role
ELB uses a service-linked role for the permissions that it requires to call other AWS services on your behalf. For more information, see Service-linked roles in the IAM User Guide.
Permissions granted by the service-linked role
ELB uses the service-linked role named AWSServiceRoleForElasticLoadBalancing to call other AWS services on your behalf.
AWSServiceRoleForElasticLoadBalancing trusts the
elasticloadbalancing.amazonaws.com service to assume the
role.
The role permissions policy is AWSElasticLoadBalancingServiceRolePolicy. To view the permissions for this policy, see AWSElasticLoadBalancingServiceRolePolicy in the AWS Managed Policy Reference.
Create the service-linked role
You don't need to manually create the AWSServiceRoleForElasticLoadBalancing role. ELB creates this role for you when you create a load balancer or a target group.
For ELB to create a service-linked role on your behalf, you must have the required permissions. For more information, see Service-linked role permissions in the IAM User Guide.
Edit the service-linked role
You can edit the description of AWSServiceRoleForElasticLoadBalancing using IAM. For more information, see Edit a service-linked role description in the IAM User Guide.
Delete the service-linked role
If you no longer need to use ELB, we recommend that you delete AWSServiceRoleForElasticLoadBalancing.
You can delete this service-linked role only after you delete all load balancers in your AWS account. This ensures that you can't inadvertently remove permission to access your load balancers. For more information, see Delete an Application Load Balancer, Delete a Network Load Balancer, and Delete a Classic Load Balancer.
You can use the IAM console, the IAM CLI, or the IAM API to delete service-linked roles. For more information, see Delete a service-linked role in the IAM User Guide.
After you delete AWSServiceRoleForElasticLoadBalancing, ELB creates the role again if you create a load balancer.
