IAM Actions:Create Role

Search (SHIFT+S)

ECS Management API

ECS Object Service API

ECS API Changes

Create Role

POST /iam?Action=CreateRole

Creates a new IAM Role in the caller's namespace or x-emc-namespace header if provided.

Query Parameters

RoleName	The name of the role to create.
AssumeRolePolicyDocument	The trust relationship policy document that grants an entity permission to assume the role
MaxSessionDuration	The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours
Description	A description of the role.
Path	The path to the role. Optional, defaults to "/" and only "/" is allowed.
PermissionsBoundary	The ARN of the policy that is used to set the permissions boundary for the role.
Tags	A list of tags that you want to attach to the role being created.

Required Roles

This call has no restrictions.

Request Payload

No Request Payload

Response Body

Field	Description	Type	Notes
CreateRoleResponse
Result
Role
Arn	Arn that identifies the role.	String
AssumeRolePolicyDocument	The trust relationship policy document that grants an entity permission to assume the role.	String
CreateDate	ISO 8601 DateTime when role was created.	String
Description	The description of the IAM role.	String
MaxSessionDuration	The maximum session duration (in seconds) that you want to set for the specified role.	Integer
Path	The path to the IAM role.	String
RoleId	Unique Id associated with the role.	String
RoleName	Simple name identifying the role.	String
Tags	The list of Tags associated with the role.
Tags			0-* Elements
PermissionsBoundary
PermissionsBoundaryArn	The ARN of the policy set as permissions boundary.	String
PermissionsBoundaryType	The permissions boundary usage type that indicates what type of IAM resource is used as the permissions boundary for an entity. This data type can only have a value of Policy.	String
ResponseMetadata
RequestId		String

Examples

Request

NOTE: AssumeRolePolicyDocument must be url-encoded as a query parameter for the REST API request.
AssumeRolePolicyDocument in json format:
{
  
    "Version": "2012-10-17",
  
    "Statement": [

      {
      
        "Effect": "Allow",
      
        "Principal": {
        
            "AWS": [
          
                  "urn:ecs:iam::ns:user/payroll1"
        
            ]
      
        },
      
        "Action": "sts:AssumeRole"
    
      }
  
    ]

}


POST https://192.168.0.0::4443/iam?Action=CreateRole&RoleName=FinanceRoleAll&Path=%2F&AssumeRolePolicyDocument=%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%5B%22urn%3Aecs%3Aiam%3A%3Ans%3Auser%2Fpayroll1%22%5D%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D&Tags.member.1.Key=Department&Tags.member.1.Value=Finance&MaxSessionDuration=3600
Accept: application/xml
X-SDS-AUTH-TOKEN: <AUTH_TOKEN>
x-emc-namespace: <namespace>

Response

HTTP/1.1 200 OK
Content-Type: application/xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:CreateRoleResponse xmlns:ns2="none">
    <ResponseMetadata>
        <RequestId>0af9f5b8:171648dacb1:19b24:1ca</RequestId>
    </ResponseMetadata>
    <CreateRoleResult>
        <Role>
            <Arn>urn:ecs:iam::ns:role/FinanceRoleAll</Arn>
            <AssumeRolePolicyDocument>{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":["urn:ecs:iam::ns:user/payroll1"]},"Action":"sts:AssumeRole"}]}</AssumeRolePolicyDocument>
            <CreateDate>2020-04-13T19:16:49Z</CreateDate>
            <Description></Description>
            <MaxSessionDuration>3600</MaxSessionDuration>
            <Path>/</Path>
            <RoleId>AROA01293C069EA32003</RoleId>
            <RoleName>FinanceRoleAll</RoleName>
            <Tags>
                <member>
                    <Key>Department</Key>
                    <Value>Finance</Value>
                </member>
            </Tags>
        </Role>
    </CreateRoleResult>
</ns2:CreateRoleResponse>

Request

NOTE: AssumeRolePolicyDocument must be url-encoded as a query parameter for the REST API request.

AssumeRolePolicyDocument in json format:
{
  
    "Version": "2012-10-17",
  
    "Statement": [

      {
      
        "Effect": "Allow",
      
        "Principal": {
        
            "AWS": [
          
                  "urn:ecs:iam::ns:user/payroll1"
        
            ]
      
        },
      
        "Action": "sts:AssumeRole"
    
      }
  
    ]

}


POST https://192.168.0.0::4443/iam?Action=CreateRole&RoleName=FinanceRoleAll&Path=%2F&AssumeRolePolicyDocument=%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%5B%22urn%3Aecs%3Aiam%3A%3Ans%3Auser%2Fpayroll1%22%5D%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D&Tags.member.1.Key=Department&Tags.member.1.Value=Finance&MaxSessionDuration=3600
Content-Type: application/json
X-SDS-AUTH-TOKEN: <AUTH_TOKEN>
x-emc-namespace: <namespace>

Response

HTTP/1.1 200 OK
Content-Type: application/json

{
    "ResponseMetadata": {
        "RequestId": "0af9f5b8:171648dacb1:1a5e4:11d"
    },
    "CreateRoleResult": {
        "Role": {
            "Arn": "urn:ecs:iam::ns:role/FinanceRoleAll",
            "AssumeRolePolicyDocument": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"urn:ecs:iam::ns:user/payroll1\"]},\"Action\":\"sts:AssumeRole\"}]}",
            "CreateDate": "2020-04-13T19:59:13Z",
            "Description": "",
            "MaxSessionDuration": 3600,
            "Path": "/",
            "RoleId": "AROAB5778241C2347F22",
            "RoleName": "FinanceRoleAll",
            "Tags": [
                {
                    "Key": "Department",
                    "Value": "Finance"
                }
            ]
        }
    }
}

Request

NOTE: AssumeRolePolicyDocument must be url-encoded as a query parameter for the REST API request.
AssumeRolePolicyDocument in json format:
{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
            "AWS": [
                  "urn:ecs:iam::ns:user/payroll1"
            ]
        },
        "Action": "sts:AssumeRole"
      }
    ]
}

curl -H $token -H "Content-Type: application/xml" -H "x-emc-namespace: <namespace>" -X POST https://$nodeIp:4443/iam?Action=CreateRole&RoleName=FinanceRoleAll&Path=%2F&AssumeRolePolicyDocument=%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22AWS%22%3A%5B%22urn%3Aecs%3Aiam%3A%3Ans%3Auser%2Fpayroll1%22%5D%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D&Tags.member.1.Key=Department&Tags.member.1.Value=Finance&MaxSessionDuration=3600

Response

HTTP/1.1 200 OK
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:CreateRoleResponse xmlns:ns2="none">
    <ResponseMetadata>
        <RequestId>0af9f5b8:171648dacb1:19b24:1ca</RequestId>
    </ResponseMetadata>
    <CreateRoleResult>
        <Role>
            <Arn>urn:ecs:iam::ns:role/FinanceRoleAll</Arn>
            <AssumeRolePolicyDocument>{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":["urn:ecs:iam::ns:user/payroll1"]},"Action":"sts:AssumeRole"}]}</AssumeRolePolicyDocument>
            <CreateDate>2020-04-13T19:16:49Z</CreateDate>
            <Description></Description>
            <MaxSessionDuration>3600</MaxSessionDuration>
            <Path>/</Path>
            <RoleId>AROA01293C069EA32003</RoleId>
            <RoleName>FinanceRoleAll</RoleName>
            <Tags>
                <member>
                    <Key>Department</Key>
                    <Value>Finance</Value>
                </member>
            </Tags>
        </Role>
    </CreateRoleResult>
</ns2:CreateRoleResponse>