Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

AWS Global Networks for Transit Gateways service-linked roles

PDF
Focus mode
AWS Global Networks for Transit Gateways service-linked roles - AWS Network Manager
Permissions granted by the service-linked roleCreate the service-linked roleEdit the service-linked roleDelete the service-linked roleSupported Regions

AWS Global Networks for Transit Gateways uses service-linked roles for the permissions that it requires to call other AWS services on your behalf. These service-linked roles are not propagated to your management account.

Permissions granted by the service-linked role

AWS Global Networks for Transit Gateways uses a Network Manager service-linked role named AWSServiceRoleForNetworkManager to call the actions on your behalf when you work with global networks.

The AWSServiceRoleForNetworkManager service-linked role trusts the following service to assume the role:

  • networkmanager.amazonaws.com

This service-linked role uses the managed policy AWSNetworkManagerServiceRolePolicy. To view the permissions for this policy, see AWSNetworkManagerServiceRolePolicy in the AWS Managed Policy Reference.

Create the service-linked role

You don't need to manually create the AWSServiceRoleForNetworkManager role. global networks creates this role for you when you create your first global network.

For global networks to create a service-linked role on your behalf, you must have the required permissions. For more information, see Service-linked role permissions in the IAM User Guide.

Edit the service-linked role

You can edit the description of AWSServiceRoleForNetworkManager using IAM. For more information, see Edit a service-linked role description in the IAM User Guide.

Delete the service-linked role

If you no longer need to use global networks, we recommend that you delete the AWSServiceRoleForNetworkManager role.

You can delete this service-linked role only after you delete your global network. For information about how to delete your global network, see Delete a global network.

You can use the IAM console, the IAM CLI, or the IAM API to delete service-linked roles. For more information, see Delete a service-linked role in the IAM User Guide.

After you delete AWSServiceRoleForNetworkManager, Network Manager will create the role again when you create a new global network.

Supported Regions for AWS Global Networks for Transit Gateways service-linked roles

AWS Global Networks for Transit Gateways supports the custom-linked roles in all of AWS Regions where the service is available. For more information, see Region availability.

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.