AWS Fundamentals Logo
AWS Fundamentals
AWS::IAM::Role

IAM Role

Creates a new role for your AWS-account. For more information about roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *IAM User Guide*. For information about quotas for role names and the number of roles you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.

Properties

9 configurable properties. 1 required. Click a row to see details.

Filter:
PropertyTypeFlags
AssumeRolePolicyDocument
objectstring
Required
Description
string
ManagedPolicyArns
Array<string>
MaxSessionDuration
integer
Path
string
Create-only
PermissionsBoundary
string
Policies
Array<Policy>
RoleName
string
Create-only
Tags
Array<Tag>

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

AttributeTypeDescription
Arnstring-
RoleIdstring-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::IAM::Role

Resources:
  MyResource:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument: "value"
      Tags:
        - Key: Environment
          Value: Production
      Description: !Ref "AWS::StackName"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

iam:CreateRoleiam:PutRolePolicyiam:AttachRolePolicyiam:GetRolePolicyiam:TagRoleiam:UntagRoleiam:GetRole

read

iam:GetRoleiam:ListAttachedRolePoliciesiam:ListRolePoliciesiam:GetRolePolicy

update

iam:UpdateRoleiam:UpdateRoleDescriptioniam:UpdateAssumeRolePolicyiam:DetachRolePolicyiam:AttachRolePolicyiam:DeleteRolePermissionsBoundaryiam:PutRolePermissionsBoundaryiam:DeleteRolePolicy

delete

iam:DeleteRoleiam:DetachRolePolicyiam:DeleteRolePolicyiam:GetRoleiam:ListAttachedRolePoliciesiam:ListRolePoliciesiam:TagRoleiam:UntagRole

list

iam:ListRoles

Get the IAM Cheat Sheet

Everything you need to know about IAM on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

ServiceIAM
Properties11
Required1
TaggingSupported
Primary IDRoleName

Supported Operations

CreateReadUpdateDeleteList

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

PathRoleName

Related Resources

External Links