接口描述

创建角色

请求参数

Action
  • 类型:String
  • 必须:是
  • 描述:操作接口名,系统规定参数,取值:CreateRole
RoleName
  • 类型:String
  • 必须:是
  • 描述:指定角色名,最多包含64个字符
  • 格式:
    ^[a-zA-Z0-9\.@\-]+$
Description
  • 类型:String
  • 必须:否
  • 描述:角色描述,最大长度1024字字符
AssumeRolePolicyDocument
  • 类型:String
  • 必须:是
  • 描述:一个策略文本,指定受信任的允许扮演该角色的一个或多个主体(Principal),这个主体可以是RAM用户或阿里云服务。
  • 样例说明:
    • 如下策略表示允许扮演该角色的受信主体为云账号(AccountID=123456789012345678)下被授权的RAM用户:
      {
      "Statement": [
      {
        "Action": "sts:AssumeRole",
        "Effect": "Allow",
        "Principal": {
          "RAM": [
            "acs:ram::123456789012345678:root"
          ]
        }
      }
      ],
      "Version": "1"
      }
    • 如下策略表示允许扮演该角色的受信主体为当前租户下的ECS实例(用户创建ECS实例时可以指定使用该RAM角色,实例启动后将能获得该RAM角色的STS-Token):
      {
      "Statement": [
      {
        "Action": "sts:AssumeRole",
        "Effect": "Allow",
        "Principal": {
          "Service": [
            "ecs.aliyuncs.com"
          ]
        }
      }
      ],
      "Version": "1"
      }

返回参数

Role
  • 类型:Role
  • 描述:角色信息

需要的权限

Action
ram:CreateRole
Resource
acs:ram:*:${AccountId}:role/*

错误信息

InvalidParameter.RoleName.InvalidChars
  • HTTP Status:400
  • Error Message:The parameter - “RoleName” contains invalid chars.
InvalidParameter.RoleName.Length
  • HTTP Status:400
  • Error Message:The parameter - “RoleName” beyond the length limit.
InvalidParameter.AssumeRolePolicyDocument.Length
  • HTTP Status:400
  • Error Message:The parameter - “AssumeRolePolicyDocument” beyond the length limit.
EntityAlreadyExists.Role
  • HTTP Status:409
  • Error Message:The role does already EXIST.
MalformedPolicyDocument
  • HTTP Status:400
  • Error Message:{The error details}
LimitExceeded.Role
  • HTTP Status:409
  • Error Message:The count of roles beyond the current limits.

操作示例

请求示例
https://ram.aliyuncs.com/?Action=CreateRole
&RoleName=ECSAdmin
&AssumeRolePolicyDocument={ "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "RAM": "acs:ram::123456789012345678:root" } } ], "Version": "1" }
&Description=ECS管理角色
&<公共请求参数>
返回示例
  • XML格式
    <CreateRoleResponse>
        <RequestId>04F0F334-1335-436C-A1D7-6C044FE73368</RequestId>
        <Role>
            <RoleId>901234567890123</RoleId>
            <RoleName>ECSAdmin</RoleName>
            <Arn>acs:ram::1234567890123456:role/ECSAdmin</Arn>
            <Description>ECS管理角色</Description>
            <AssumeRolePolicyDocument>{ "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "RAM": "acs:ram::123456789012345678:root" } } ], "Version": "1" }</AssumeRolePolicyDocument>
            <CreateDate>2015-01-23T12:33:18Z</CreateDate>
        </Role>
    </CreateRoleResponse>
  • JSON格式
    {
        "RequestId": "04F0F334-1335-436C-A1D7-6C044FE73368",
        "Role": {
            "RoleId": "901234567890123",
            "RoleName": "ECSAdmin",
            "Arn": "acs:ram::1234567890123456:role/ECSAdmin",
            "Description": "ECS管理角色",
            "AssumeRolePolicyDocument": "{ \"Statement\": [ { \"Action\": \"sts:AssumeRole\", \"Effect\": \"Allow\", \"Principal\": { \"RAM\": \"acs:ram::123456789012345678:root\" } } ], \"Version\": \"1\" }",
            "CreateDate": "2015-01-23T12:33:18Z"
        }
    }