CreateRole - Resource Management - Alibaba Cloud Documentation Center

Creates a RAM role.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
RoleName	string	Yes	The name of the role. The name must be 1 to 64 characters in length, and can contain letters, digits, periods (.), and hyphens (-).	ECSAdmin
Description	string	No	The description of the role. The description must be 1 to 1,024 characters in length.	ECS administrator
AssumeRolePolicyDocument	string	Yes	The document of the policy that specifies one or more trusted entities to assume the role. The trusted entities can be Alibaba Cloud accounts, Alibaba Cloud services, or identity providers (IdPs). Note RAM users cannot assume the RAM roles of trusted Alibaba Cloud services.	{ "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "RAM": "acs:ram::12345678901234****:root" } } ], "Version": "1" }
MaxSessionDuration	long	No	The maximum session duration of the role. Valid values: 3600 to 43200. Unit: seconds. Default value: 3600. If you do not specify this parameter, the default value is used.	3600

Response parameters

Parameter	Type	Description	Example
	object
RequestId	string	The request ID.	04F0F334-1335-436C-A1D7-6C044FE73368
Role	object	The information about the role.
Arn	string	The Alibaba Cloud Resource Name (ARN) of the role.	acs:ram::123456789012****:role/ECSAdmin
AssumeRolePolicyDocument	string	The document of the policy in which the entity that can assume the role is specified.	{ \"Statement\": [ { \"Action\": \"sts:AssumeRole\", \"Effect\": \"Allow\", \"Principal\": { \"RAM\": \"acs:ram::12345678901234****:root\" } } ], \"Version\": \"1\" }
CreateDate	string	The time when the role was created.	2015-01-23T12:33:18Z
Description	string	The description of the role.	ECS administrator
MaxSessionDuration	long	The maximum session duration of the role.	3600
RoleId	string	The ID of the role.	90123456789****
RoleName	string	The name of the role.	ECSAdmin
RolePrincipalName	string	The name of the role after authorization.	ECSAdmin@role.123456.onaliyunservice.com

Examples

Sample success responses

JSONformat

{
  "RequestId": "04F0F334-1335-436C-A1D7-6C044FE73368",
  "Role": {
    "Arn": "acs:ram::123456789012****:role/ECSAdmin",
    "AssumeRolePolicyDocument": "{ \\\"Statement\\\": [ { \\\"Action\\\": \\\"sts:AssumeRole\\\", \\\"Effect\\\": \\\"Allow\\\", \\\"Principal\\\": { \\\"RAM\\\": \\\"acs:ram::12345678901234****:root\\\" } } ], \\\"Version\\\": \\\"1\\\" }",
    "CreateDate": "2015-01-23T12:33:18Z",
    "Description": "ECS administrator",
    "MaxSessionDuration": 3600,
    "RoleId": "90123456789****",
    "RoleName": "ECSAdmin",
    "RolePrincipalName": "ECSAdmin@role.123456.onaliyunservice.com"
  }
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidParameter.RoleName.InvalidChars	The specified role name contains invalid characters.	The specified role name contains invalid characters.
400	InvalidParameter.RoleName.Length	The maximum length of the role name is exceeded.	The maximum length of the role name is exceeded.
400	InvalidParameter.AssumeRolePolicyDocument.Length	The maximum length of the trust policy document of the role is exceeded.	The maximum length of the trust policy document of the role is exceeded.
409	EntityAlreadyExists.Role	The role already exists.	The role already exists.
409	MalformedPolicyDocument	The policy format is invalid.	The policy format is invalid.
409	LimitExceeded.Role	The maximum number of roles is exceeded.	The maximum number of roles is exceeded.

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation

No change history