Use CreateServiceLinkedRole with an AWS SDK or CLI - AWS Identity and Access Management

Use CreateServiceLinkedRole with an AWS SDK or CLI

The following code examples show how to use CreateServiceLinkedRole.

.NET
SDK for .NET
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

/// <summary> /// Create an IAM service-linked role. /// </summary> /// <param name="serviceName">The name of the AWS Service.</param> /// <param name="description">A description of the IAM service-linked role.</param> /// <returns>The IAM role that was created.</returns> public async Task<Role> CreateServiceLinkedRoleAsync(string serviceName, string description) { var request = new CreateServiceLinkedRoleRequest { AWSServiceName = serviceName, Description = description }; var response = await _IAMService.CreateServiceLinkedRoleAsync(request); return response.Role; }
CLI
AWS CLI

To create a service-linked role

The following create-service-linked-role example creates a service-linked role for the specified AWS service and attaches the specified description.

aws iam create-service-linked-role \ --aws-service-name lex.amazonaws.com \ --description "My service-linked role to support Lex"

Output:

{ "Role": { "Path": "/aws-service-role/lex.amazonaws.com/", "RoleName": "AWSServiceRoleForLexBots", "RoleId": "AROA1234567890EXAMPLE", "Arn": "arn:aws:iam::1234567890:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", "CreateDate": "2019-04-17T20:34:14+00:00", "AssumeRolePolicyDocument": { "Version":"2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" ], "Effect": "Allow", "Principal": { "Service": [ "lex.amazonaws.com" ] } } ] } } }

For more information, see Using service-linked roles in the AWS IAM User Guide.

Go
SDK for Go V2
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

import ( "context" "encoding/json" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/iam" "github.com/aws/aws-sdk-go-v2/service/iam/types" ) // RoleWrapper encapsulates AWS Identity and Access Management (IAM) role actions // used in the examples. // It contains an IAM service client that is used to perform role actions. type RoleWrapper struct { IamClient *iam.Client } // CreateServiceLinkedRole creates a service-linked role that is owned by the specified service. func (wrapper RoleWrapper) CreateServiceLinkedRole(ctx context.Context, serviceName string, description string) ( *types.Role, error) { var role *types.Role result, err := wrapper.IamClient.CreateServiceLinkedRole(ctx, &iam.CreateServiceLinkedRoleInput{ AWSServiceName: aws.String(serviceName), Description: aws.String(description), }) if err != nil { log.Printf("Couldn't create service-linked role %v. Here's why: %v\n", serviceName, err) } else { role = result.Role } return role, err }
JavaScript
SDK for JavaScript (v3)
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

Create a service-linked role.

import { CreateServiceLinkedRoleCommand, GetRoleCommand, IAMClient, } from "@aws-sdk/client-iam"; const client = new IAMClient({}); /** * * @param {string} serviceName */ export const createServiceLinkedRole = async (serviceName) => { const command = new CreateServiceLinkedRoleCommand({ // For a list of AWS services that support service-linked roles, // see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html. // // For a list of AWS service endpoints, see https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html. AWSServiceName: serviceName, }); try { const response = await client.send(command); console.log(response); return response; } catch (caught) { if ( caught instanceof Error && caught.name === "InvalidInputException" && caught.message.includes( "Service role name AWSServiceRoleForElasticBeanstalk has been taken in this account", ) ) { console.warn(caught.message); return client.send( new GetRoleCommand({ RoleName: "AWSServiceRoleForElasticBeanstalk" }), ); } throw caught; } };
PHP
SDK for PHP
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

$uuid = uniqid(); $service = new IAMService(); public function createServiceLinkedRole($awsServiceName, $customSuffix = "", $description = "") { $createServiceLinkedRoleArguments = ['AWSServiceName' => $awsServiceName]; if ($customSuffix) { $createServiceLinkedRoleArguments['CustomSuffix'] = $customSuffix; } if ($description) { $createServiceLinkedRoleArguments['Description'] = $description; } return $this->iamClient->createServiceLinkedRole($createServiceLinkedRoleArguments); }
PowerShell
Tools for PowerShell V4

Example 1: This example creates a servicelinked role for autoscaling service.

New-IAMServiceLinkedRole -AWSServiceName autoscaling.amazonaws.com -CustomSuffix RoleNameEndsWithThis -Description "My service-linked role to support autoscaling"
Tools for PowerShell V5

Example 1: This example creates a servicelinked role for autoscaling service.

New-IAMServiceLinkedRole -AWSServiceName autoscaling.amazonaws.com -CustomSuffix RoleNameEndsWithThis -Description "My service-linked role to support autoscaling"
Python
SDK for Python (Boto3)
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

def create_service_linked_role(service_name, description): """ Creates a service-linked role. :param service_name: The name of the service that owns the role. :param description: A description to give the role. :return: The newly created role. """ try: response = iam.meta.client.create_service_linked_role( AWSServiceName=service_name, Description=description ) role = iam.Role(response["Role"]["RoleName"]) logger.info("Created service-linked role %s.", role.name) except ClientError: logger.exception("Couldn't create service-linked role for %s.", service_name) raise else: return role
Ruby
SDK for Ruby
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

# Creates a service-linked role # # @param service_name [String] The service name to create the role for. # @param description [String] The description of the service-linked role. # @param suffix [String] Suffix for customizing role name. # @return [String] The name of the created role def create_service_linked_role(service_name, description, suffix) response = @iam_client.create_service_linked_role( aws_service_name: service_name, description: description, custom_suffix: suffix ) role_name = response.role.role_name @logger.info("Created service-linked role #{role_name}.") role_name rescue Aws::Errors::ServiceError => e @logger.error("Couldn't create service-linked role for #{service_name}. Here's why:") @logger.error("\t#{e.code}: #{e.message}") raise end
Rust
SDK for Rust
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

pub async fn create_service_linked_role( client: &iamClient, aws_service_name: String, custom_suffix: Option<String>, description: Option<String>, ) -> Result<CreateServiceLinkedRoleOutput, SdkError<CreateServiceLinkedRoleError>> { let response = client .create_service_linked_role() .aws_service_name(aws_service_name) .set_custom_suffix(custom_suffix) .set_description(description) .send() .await?; Ok(response) }
Swift
SDK for Swift
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository.

import AWSIAM import AWSS3 public func createServiceLinkedRole(service: String, suffix: String? = nil, description: String?) async throws -> IAMClientTypes.Role { let input = CreateServiceLinkedRoleInput( awsServiceName: service, customSuffix: suffix, description: description ) do { let output = try await client.createServiceLinkedRole(input: input) guard let role = output.role else { throw ServiceHandlerError.noSuchRole } return role } catch { print("ERROR: createServiceLinkedRole:", dump(error)) throw error } }

For a complete list of AWS SDK developer guides and code examples, see Using this service with an AWS SDK. This topic also includes information about getting started and details about previous SDK versions.