Using service-linked roles for Amazon VPC Lattice
Amazon VPC Lattice uses a service-linked role for the permissions that it requires to call other AWS services on your behalf. For more information, see Using service-linked roles in the IAM User Guide.
Service-linked role permissions for VPC Lattice
VPC Lattice uses the service-linked role named AWSServiceRoleForVpcLattice.
The AWSServiceRoleForVpcLattice service-linked role trusts the following service to assume the role:
-
vpc-lattice.amazonaws.com
The role permissions policy named AWSVpcLatticeServiceRolePolicy
allows
VPC Lattice to publish CloudWatch metrics in the AWS/VpcLattice
namespace.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "cloudwatch:PutMetricData",
"Resource": "*",
"Condition": {
"StringEquals": {
"cloudwatch:namespace": "AWS/VpcLattice"
}
}
}
]
}
You must configure permissions to allow an IAM entity (such as a user, group, or role) to create, edit, or delete a service-linked role. For more information, see Service-linked role permissions in the IAM User Guide.
Creating a service-linked role for VPC Lattice
You don't need to manually create a service-linked role. When you create VPC Lattice resources in the AWS Management Console, the AWS CLI, or the AWS API, VPC Lattice creates the service-linked role for you.
If you delete this service-linked role, and then need to create it again, you can use the same process to recreate the role in your account. When you create VPC Lattice resources, VPC Lattice creates the service-linked role for you again.
Editing a service-linked role for VPC Lattice
You can edit the description of AWSServiceRoleForVpcLattice using IAM. For more information, see Editing a service-linked role in the IAM User Guide.
Deleting a service-linked role for VPC Lattice
If you no longer need to use Amazon VPC Lattice, we recommend that you delete AWSServiceRoleForVpcLattice.
You can delete this service-linked role only after you delete all VPC Lattice resources in your AWS account.
Use the IAM console, the AWS CLI, or the AWS API to delete the AWSServiceRoleForVpcLattice service-linked role. For more information, see Deleting a service-linked role in the IAM User Guide.
After you delete a service-linked role, VPC Lattice creates the role again when you create VPC Lattice resources in your AWS account.
Supported Regions for VPC Lattice service-linked roles
VPC Lattice supports using service-linked roles in all of the Regions where the service is available.