全部产品
访问控制

CreateRole

更新时间:2017-06-07 13:26:11   分享:   

创建角色(CreateRole)

接口描述

 创建角色

请求参数

Action

  • 类型:String
  • 必须:是
  • 描述:操作接口名,系统规定参数,取值:CreateRole

RoleName

  • 类型:String
  • 必须:是
  • 描述:指定角色名,最多包含64个字符
  • 格式:^[a-zA-Z0-9\.@\-]+$

Description

  • 类型:String
  • 必须:否
  • 描述:角色描述,最大长度1024字字符

AssumeRolePolicyDocument

  • 类型:String
  • 必须:是
  • 描述:一个策略文本,指定受信任的允许扮演该角色的一个或多个主体(Principal),这个主体可以是RAM用户或阿里云服务。
  • 样例说明:
    • 如下策略表示允许扮演该角色的受信主体为云账号(AccountID=123456789012345678)下被授权的RAM用户:
      1. {
      2. "Statement": [
      3. {
      4. "Action": "sts:AssumeRole",
      5. "Effect": "Allow",
      6. "Principal": {
      7. "RAM": [
      8. "acs:ram::123456789012345678:root"
      9. ]
      10. }
      11. }
      12. ],
      13. "Version": "1"
      14. }
    • 如下策略表示允许扮演该角色的受信主体为当前租户下的ECS实例(用户创建ECS实例时可以指定使用该RAM角色,实例启动后将能获得该RAM角色的STS-Token):
      1. {
      2. "Statement": [
      3. {
      4. "Action": "sts:AssumeRole",
      5. "Effect": "Allow",
      6. "Principal": {
      7. "Service": [
      8. "ecs.aliyuncs.com"
      9. ]
      10. }
      11. }
      12. ],
      13. "Version": "1"
      14. }

需要的权限

Action

ram:CreateRole

Resource

acs:ram:*:${AccountId}:role/*

返回参数

Role

错误信息

InvalidParameter.RoleName.InvalidChars
  • HTTP Status:400
  • Error Message:The parameter - “RoleName” contains invalid chars.
InvalidParameter.RoleName.Length
  • HTTP Status:400
  • Error Message:The parameter - “RoleName” beyond the length limit.
InvalidParameter.AssumeRolePolicyDocument.Length
  • HTTP Status:400
  • Error Message:The parameter - “AssumeRolePolicyDocument” beyond the length limit.
EntityAlreadyExists.Role
  • HTTP Status:409
  • Error Message:The role does already EXIST.
MalformedPolicyDocument
  • HTTP Status:400
  • Error Message:{The error details}
LimitExceeded.Role
  • HTTP Status:409
  • Error Message:The count of roles beyond the current limits.

操作示例

请求示例

  1. https://ram.aliyuncs.com/?Action=CreateRole
  2. &RoleName=ECSAdmin
  3. &AssumeRolePolicyDocument={ "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "RAM": "acs:ram::123456789012345678:root" } } ], "Version": "1" }
  4. &Description=ECS管理角色
  5. &<公共请求参数>

返回示例

XML格式

  1. <CreateRoleResponse>
  2. <RequestId>04F0F334-1335-436C-A1D7-6C044FE73368</RequestId>
  3. <Role>
  4. <RoleId>901234567890123</RoleId>
  5. <RoleName>ECSAdmin</RoleName>
  6. <Arn>acs:ram::1234567890123456:role/ECSAdmin</Arn>
  7. <Description>ECS管理角色</Description>
  8. <AssumeRolePolicyDocument>{ "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "RAM": "acs:ram::123456789012345678:root" } } ], "Version": "1" }</AssumeRolePolicyDocument>
  9. <CreateDate>2015-01-23T12:33:18Z</CreateDate>
  10. </Role>
  11. </CreateRoleResponse>

JSON格式

  1. {
  2. "RequestId": "04F0F334-1335-436C-A1D7-6C044FE73368",
  3. "Role": {
  4. "RoleId": "901234567890123",
  5. "RoleName": "ECSAdmin",
  6. "Arn": "acs:ram::1234567890123456:role/ECSAdmin",
  7. "Description": "ECS管理角色",
  8. "AssumeRolePolicyDocument": "{ \"Statement\": [ { \"Action\": \"sts:AssumeRole\", \"Effect\": \"Allow\", \"Principal\": { \"RAM\": \"acs:ram::123456789012345678:root\" } } ], \"Version\": \"1\" }",
  9. "CreateDate": "2015-01-23T12:33:18Z"
  10. }
  11. }
本文导读目录
本文导读目录
以上内容是否对您有帮助?