Creates a RAM role.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | CreateRole |
The operation that you want to perform. Set the value to CreateRole. |
RoleName | String | Yes | ECSAdmin |
The name of the RAM role. The name must be 1 to 64 characters in length, and can contain letters, digits, periods (.), and hyphens (-). |
AssumeRolePolicyDocument | String | Yes | {"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"RAM":"acs:ram::123456789012****:root"}}],"Version":"1"} |
The content of the policy that specifies one or more entities entrusted to assume the RAM role. A trusted entity can be an Alibaba Cloud account, Alibaba Cloud service, or identity provider (IdP). Note RAM users cannot assume the RAM roles of trusted Alibaba Cloud services.
|
Description | String | No | ECS administrator |
The description of the RAM role. The description must be 1 to 1,024 characters in length. |
MaxSessionDuration | Long | No | 3600 |
The maximum session duration of the RAM role. Valid values: 3600 to 43200. Unit: seconds. Default value: 3600. The default value is used if the parameter is not specified. |
- The following policy allows the RAM role to be assumed by all RAM users of the Alibaba
Cloud account whose ID is
123456789012****
.{ "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "RAM": [ "acs:ram::123456789012****:root" ] } } ], "Version": "1" }
-
The following policy allows the RAM role to be assumed by the RAM user named testuser of the trusted Alibaba Cloud account whose ID is
123456789012****
.Note Before creating the RAM role, you must ensure that you have created a RAM user namedtestuser
whose UPN istestuser@123456789012****.onaliyun.com
.{ "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "RAM": [ "acs:ram::123456789012****:user/testuser" ] } } ], "Version": "1" }
- The following policy allows the RAM role to be assumed by the Elastic Compute Service
(ECS) service of the current Alibaba cloud account.
{ "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": [ "ecs.aliyuncs.com" ] } } ], "Version": "1" }
- The following policy allows the RAM role to be assumed by all users of the IdP named
testprovider. The IdP is configured under the Alibaba Cloud account whose ID is
123456789012****
.{ "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Federated": [ "acs:ram::123456789012****:saml-provider/testprovider" ] }, "Condition":{ "StringEquals":{ "saml:recipient":"https://signin.aliyun.com/saml-role/sso" } } } ], "Version": "1" }
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
RequestId | String | 04F0F334-1335-436C-A1D7-6C044FE73368 |
The ID of the request. |
Role | Struct |
The information of the RAM role. |
|
Arn | String | acs:ram::123456789012****:role/ECSAdmin |
The Alibaba Cloud Resource Name (ARN) of the RAM role. |
AssumeRolePolicyDocument | String | { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "RAM": "acs:ram::123456789012****:root" } } ], "Version": "1" } |
The content of the policy that specifies one or more entities entrusted to assume the RAM role. |
CreateDate | String | 2015-01-23T12:33:18Z |
The time when the RAM role was created. |
Description | String | ECS administrator |
The description of the RAM role. |
MaxSessionDuration | Long | 3600 |
The maximum session duration of the RAM role. |
RoleId | String | 901234567890**** |
The ID of the RAM role. |
RoleName | String | ECSAdmin |
The name of the RAM role. |
Examples
Sample requests
https://ram.aliyuncs.com/?Action=CreateRole
&RoleName=ECSAdmin
&AssumeRolePolicyDocument={"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"RAM":"acs:ram::123456789012****:root"}}],"Version":"1"}
&Description=ECS administrator
&<Common request parameters>
Sample success responses
XML
format
<CreateRoleResponse>
<RequestId>04F0F334-1335-436C-A1D7-6C044FE73368</RequestId>
<Role>
<RoleId>901234567890****</RoleId>
<RoleName>ECSAdmin</RoleName>
<Arn>acs:ram::123456789012****:role/ECSAdmin</Arn>
<Description>ECS administrator</Description>
<MaxSessionDuration>3600</MaxSessionDuration>
<AssumeRolePolicyDocument>{ "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "RAM": "acs:ram::123456789012****:root" } } ], "Version": "1" }</AssumeRolePolicyDocument>
<CreateDate>2015-01-23T12:33:18Z</CreateDate>
</Role>
</CreateRoleResponse>
JSON
format
{
"RequestId": "04F0F334-1335-436C-A1D7-6C044FE73368",
"Role": {
"RoleId": "901234567890****",
"RoleName": "ECSAdmin",
"Arn": "acs:ram::123456789012****:role/ECSAdmin",
"Description": "ECS administrator",
"MaxSessionDuration": 3600,
"AssumeRolePolicyDocument": "{ \"Statement\": [ { \"Action\": \"sts:AssumeRole\", \"Effect\": \"Allow\", \"Principal\": { \"RAM\": \"acs:ram::123456789012****:root\" } } ], \"Version\": \"1\" }",
"CreateDate": "2015-01-23T12:33:18Z"
}
}
Error codes
For a list of error codes, visit the API Error Center.