Class: Aws::IAM::Types::CreateRoleRequest

Inherits:
Struct
  • Object
show all
Includes:
Structure
Defined in:
lib/aws-sdk-iam/types.rb

Overview

Note:

When making an API call, you may pass CreateRoleRequest data as a hash:

{
  path: "pathType",
  role_name: "roleNameType", # required
  assume_role_policy_document: "policyDocumentType", # required
  description: "roleDescriptionType",
  max_session_duration: 1,
  permissions_boundary: "arnType",
  tags: [
    {
      key: "tagKeyType", # required
      value: "tagValueType", # required
    },
  ],
}

Instance Attribute Summary collapse

Instance Attribute Details

#assume_role_policy_documentString

The trust relationship policy document that grants an entity permission to assume the role.

The [regex pattern] used to validate this parameter is a string of characters consisting of the following:

  • Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range

  • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)

  • The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)

[1]: wikipedia.org/wiki/regex

Returns:

  • (String)


1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
# File 'lib/aws-sdk-iam/types.rb', line 1198

class CreateRoleRequest < Struct.new(
  :path,
  :role_name,
  :assume_role_policy_document,
  :description,
  :max_session_duration,
  :permissions_boundary,
  :tags)
  include Aws::Structure
end

#descriptionString

A description of the role.

Returns:

  • (String)


1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
# File 'lib/aws-sdk-iam/types.rb', line 1198

class CreateRoleRequest < Struct.new(
  :path,
  :role_name,
  :assume_role_policy_document,
  :description,
  :max_session_duration,
  :permissions_boundary,
  :tags)
  include Aws::Structure
end

#max_session_durationInteger

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.

Anyone who assumes the role from the AWS CLI or API can use the ‘DurationSeconds` API parameter or the `duration-seconds` CLI parameter to request a longer session. The `MaxSessionDuration` setting determines the maximum duration that can be requested using the `DurationSeconds` parameter. If users don’t specify a value for the ‘DurationSeconds` parameter, their security credentials are valid for one hour by default. This applies when you use the `AssumeRole*` API operations or the `assume-role*` CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM Roles] in the *IAM User Guide*.

[1]: docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html

Returns:

  • (Integer)


1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
# File 'lib/aws-sdk-iam/types.rb', line 1198

class CreateRoleRequest < Struct.new(
  :path,
  :role_name,
  :assume_role_policy_document,
  :description,
  :max_session_duration,
  :permissions_boundary,
  :tags)
  include Aws::Structure
end

#pathString

The path to the role. For more information about paths, see [IAM Identifiers] in the *IAM User Guide*.

This parameter is optional. If it is not included, it defaults to a slash (/).

This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

[1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html [2]: wikipedia.org/wiki/regex

Returns:

  • (String)


1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
# File 'lib/aws-sdk-iam/types.rb', line 1198

class CreateRoleRequest < Struct.new(
  :path,
  :role_name,
  :assume_role_policy_document,
  :description,
  :max_session_duration,
  :permissions_boundary,
  :tags)
  include Aws::Structure
end

#permissions_boundaryString

The ARN of the policy that is used to set the permissions boundary for the role.

Returns:

  • (String)


1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
# File 'lib/aws-sdk-iam/types.rb', line 1198

class CreateRoleRequest < Struct.new(
  :path,
  :role_name,
  :assume_role_policy_document,
  :description,
  :max_session_duration,
  :permissions_boundary,
  :tags)
  include Aws::Structure
end

#role_nameString

The name of the role to create.

This parameter allows (through its [regex pattern]) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

Role names are not distinguished by case. For example, you cannot create roles named both “PRODROLE” and “prodrole”.

[1]: wikipedia.org/wiki/regex

Returns:

  • (String)


1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
# File 'lib/aws-sdk-iam/types.rb', line 1198

class CreateRoleRequest < Struct.new(
  :path,
  :role_name,
  :assume_role_policy_document,
  :description,
  :max_session_duration,
  :permissions_boundary,
  :tags)
  include Aws::Structure
end

#tagsArray<Types::Tag>

A list of tags that you want to attach to the newly created role. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM Identities] in the *IAM User Guide*.

<note markdown=“1”> If any one of the tags is invalid or if you exceed the allowed number of tags per role, then the entire request fails and the role is not created.

</note>

[1]: docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html

Returns:



1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
# File 'lib/aws-sdk-iam/types.rb', line 1198

class CreateRoleRequest < Struct.new(
  :path,
  :role_name,
  :assume_role_policy_document,
  :description,
  :max_session_duration,
  :permissions_boundary,
  :tags)
  include Aws::Structure
end