AWS Global Networks for Transit Gateways service-linked roles
AWS Global Networks for Transit Gateways uses service-linked roles for the permissions that it requires to call other AWS services on your behalf. These service-linked roles are not propagated to your AWS Organizations management account.
Permissions granted by the service-linked role
AWS Global Networks for Transit Gateways uses a Network Manager service-linked role named AWSServiceRoleForNetworkManager to call the actions on your behalf when you work with global networks.
The AWSServiceRoleForNetworkManager service-linked role trusts the following service to assume the role:
-
networkmanager.amazonaws.com
This service-linked role uses the managed policy AWSNetworkManagerServiceRolePolicy. To view the permissions for this policy, see AWSNetworkManagerServiceRolePolicy in the AWS Managed Policy Reference.
Create the service-linked role
You don't need to manually create the AWSServiceRoleForNetworkManager role. global networks creates this role for you when you create your first global network.
For global networks to create a service-linked role on your behalf, you must have the required permissions. For more information, see Service-linked role permissions in the IAM User Guide.
Edit the service-linked role
You can edit the description of AWSServiceRoleForNetworkManager using IAM. For more information, see Edit a service-linked role description in the IAM User Guide.
Delete the service-linked role
If you no longer need to use global networks, we recommend that you delete the AWSServiceRoleForNetworkManager role.
You can delete this service-linked role only after you delete your global network. For information about how to delete your global network, see Delete a global network.
You can use the IAM console, the IAM CLI, or the IAM API to delete service-linked roles. For more information, see Delete a service-linked role in the IAM User Guide.
After you delete AWSServiceRoleForNetworkManager, Network Manager will create the role again when you create a new global network.
Supported Regions for AWS Global Networks for Transit Gateways service-linked roles
AWS Global Networks for Transit Gateways supports the custom-linked roles in all of AWS Regions where the service is available. For more information, see Region availability.
