roles
Used to retrieve a list of roles
in a region or create a roles
resource, use role
to operate on an individual resource.
Overview
Name | roles |
Type | Resource |
Description | Creates a new role for your AWS-account.<br/> For more information about roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *IAM User Guide*. For information about quotas for role names and the number of roles you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*. |
Id | aws.iam.roles |
Fields
Name | Datatype | Description |
---|---|---|
role_name | string | A name for the IAM role, up to 64 characters in length. For valid values, see the ``RoleName`` parameter for the [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *User Guide*.<br/> This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1".<br/> If you don't specify a name, CFN generates a unique physical ID and uses that ID for the role name.<br/> If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/Use |
region | string | AWS region. |
Methods
Name | Accessible by | Required Params |
---|---|---|
create_resource | INSERT | data__DesiredState, region |
list_resource | SELECT | region |
SELECT
Example
SELECT
region,
role_name
FROM aws.iam.roles
Permissions
To operate on the roles
resource, the following permissions are required:
Create
iam:CreateRole,
iam:PutRolePolicy,
iam:AttachRolePolicy,
iam:GetRolePolicy,
iam:TagRole,
iam:UntagRole,
iam:GetRole
List
iam:ListRoles