create_role ( $role_name, $assume_role_policy_document, $opt )

Creates a new role for your AWS account. For more information about roles, go to Working with Roles. For information about limitations on role names and the number of roles you can create, go to Limitations on IAM Entities in Using AWS Identity and Access Management.

The policy grants permission to an EC2 instance to assume the role. The policy is URL-encoded according to RFC 3986. For more information about RFC 3986, go to http://www.faqs.org/rfcs/rfc3986.html. Currently, only EC2 instances can assume roles.

Access

public

Parameters

Parameter

Type

Required

Description

$role_name

string

Required

Name of the role to create. [Constraints: The value must be between 1 and 64 characters, and must match the following regular expression pattern: [\w+=,.@-]*]

$assume_role_policy_document

string

Required

The policy that grants an entity permission to assume the role. [Constraints: The value must be between 1 and 131072 characters, and must match the following regular expression pattern: [\u0009\u000A\u000D\u0020-\u00FF]+]

$opt

array

Optional

An associative array of parameters that can have the following keys:

  • Path - string - Optional - The path to the role. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access Management. This parameter is optional. If it is not included, it defaults to a slash (/). [Constraints: The value must be between 1 and 512 characters, and must match the following regular expression pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F)]
  • curlopts - array - Optional - A set of values to pass directly into curl_setopt(), where the key is a pre-defined CURLOPT_* constant.
  • returnCurlHandle - boolean - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.

Returns

Type

Description

CFResponse

A CFResponse object containing a parsed HTTP response.

Examples

Test the preparation of instance profiles and roles.

// Instantiate the client
$iam = new AmazonIAM();

// Role policy
$role_policy = new CFPolicy($iam, array(
	'Statement' => array(
		array(
			'Effect' => 'Allow',
			'Action' => '*',
			'Resource' => '*'
		)
	)
));

// Create role
$response = $iam->create_role('example-role', AmazonIAM::STANDARD_EC2_ASSUME_ROLE_POLICY);
var_dump($response->isOK());

// Create instance profile
$response = $iam->create_instance_profile('example-profile');
var_dump($response->isOK());

// Put role policy
$response = $iam->put_role_policy('example-role', 'example-role-policy', $role_policy->get_json());
var_dump($response->isOK());

// Add role to instance
$response = $iam->add_role_to_instance_profile('example-profile', 'example-role');
var_dump($response->isOK());
Result:
bool(true)
bool(true)
bool(true)
bool(true)

Source

Method defined in services/iam.class.php | Toggle source view (8 lines) | View on GitHub

public function create_role($role_name, $assume_role_policy_document, $opt = null)
{
    if (!$opt) $opt = array();
    $opt['RoleName'] = $role_name;
    $opt['AssumeRolePolicyDocument'] = $assume_role_policy_document;
    
    return $this->authenticate('CreateRole', $opt);
}

Copyright © 2010–2013 Amazon Web Services, LLC


Feedback