- 최신
- 최다 투표
- 가장 많은 댓글
To create multiple service-linked roles for a service that has more than one, you need to use the CreateServiceLinkedRole action multiple times, specifying the different service principal names.
Here's an example of how you can use the AWS SDK (in this case, the AWS CLI) to create all four service-linked roles for AWS Backup:
# Create AWSServiceRoleForBackup aws iam create-service-linked-role --aws-service-name backup.amazonaws.com # Create AWSBackupDefaultServiceRole aws iam create-service-linked-role --aws-service-name backup.amazonaws.com --description "AWSBackupDefaultServiceRole" # Create AWSServiceRoleForBackupReports aws iam create-service-linked-role --aws-service-name backup-reports.amazonaws.com --description "AWSServiceRoleForBackupReports" # Create AWSServiceRolePolicyForBackupRestoreTesting aws iam create-service-linked-role --aws-service-name backup-restore.amazonaws.com --description "AWSServiceRolePolicyForBackupRestoreTesting"
Here's a breakdown of what each command does:
-
aws iam create-service-linked-role --aws-service-name backup.amazonaws.com: This creates theAWSServiceRoleForBackupservice-linked role, which is the default service-linked role for AWS Backup. -
aws iam create-service-linked-role --aws-service-name backup.amazonaws.com --description "AWSBackupDefaultServiceRole": This creates theAWSBackupDefaultServiceRoleservice-linked role, which is used for backup operations. -
aws iam create-service-linked-role --aws-service-name backup-reports.amazonaws.com --description "AWSServiceRoleForBackupReports": This creates theAWSServiceRoleForBackupReportsservice-linked role, which is used for backup reporting. -
aws iam create-service-linked-role --aws-service-name backup-restore.amazonaws.com --description "AWSServiceRolePolicyForBackupRestoreTesting": This creates theAWSServiceRolePolicyForBackupRestoreTestingservice-linked role, which is used for backup restore testing.
Note that the service principal names (backup.amazonaws.com, backup-reports.amazonaws.com, and backup-restore.amazonaws.com) are specific to the AWS Backup service. For other AWS services that use multiple service-linked roles, you would need to use the appropriate service principal names.
Also, be aware that the CreateServiceLinkedRole action can only be used to create new service-linked roles. If you need to update or delete existing service-linked roles, you'll need to use the appropriate IAM actions, such as UpdateServiceLinkedRole or DeleteServiceLinkedRole.
관련 콘텐츠
- 질문됨 7달 전
AWS 공식업데이트됨 일 년 전- AWS 공식업데이트됨 3년 전
That's about how to allow my user or role to create service linked roles. Once I've done that, how do I use the IAM API action CreateServiceLinkedRole to do that?
My question isn't about authorization, it's about sheer ability through the API.
understood, I am not sure if you have found how to do that via API. If you haven't already noticed, the documentation says, you wouldn't need to create them manually but doesn't give clue on how to create them manually.
https://docs.aws.amazon.com/aws-backup/latest/devguide/using-service-linked-roles-AWSServiceRolePolicyForBackupRestoreTesting.html#create-service-linked-role-AWSServiceRolePolicyForBackupRestoreTesting