上QQ阅读APP看书，第一时间看更新

Creating a role

The following command creates the IAM role under your AWS account:

    aws iam create-role ^
    --role-name "AmazonS3FullAccessRole" ^
    --description "Amazon S3 Full Access Role" ^
    --path "/" ^
    --assume-role-policy-document file://Trust-Relationships.json

The following is the trust relationship policy document used to create a role named Trust-Relationships.json:

{ 
  "Version": "2012-10-17", 
  "Statement": [ 
    { 
      "Effect": "Allow", 
      "Principal": { 
        "Service": "ec2.amazonaws.com" 
      }, 
      "Action": "sts:AssumeRole" 
    } 
  ] 
}

The following are the options which can be used with create-role:

Parameters	Optional	Description
`--role-name`	False	This is a friendly name of the role.
`--description`	True	This is a friendly description of the role.
`--path`	True	This is the path of the role. If the path is not provided, the default `/` (slash) is considered.
`--assume-role-policy-document`	False	This is the trust relationship policy document that defines permissions to the service to assume the role.