0 votes
1 view
in AWS by (18.1k points)

I've searched quite a bit but cannot find a policy to allow a user to create IAM Roles from both the management console (AWS website) and from AWS CLI.

Any help is greatly appreciated

1 Answer

0 votes
by (42.2k points)

You can check out this link to get the list of the IAM permissions

http://docs.aws.amazon.com/IAM/latest/UserGuide/list_iam.html

From the available and acceptable IAM permissions, you can add as much as you can

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Action": [

                "iam:CreateInstanceProfile",

                "iam:RemoveRoleFromInstanceProfile",

                "iam:AddRoleToInstanceProfile",

                "iam:PassRole",

                "iam:DeleteInstanceProfile"

            ],

            "Effect": "Allow",

            "Resource": "*"

        }

    ]

}

...