Create service linked roles for service with multiple service linked roles

0

In looking at AWS backup: https://docs.aws.amazon.com/aws-backup/latest/devguide/using-service-linked-roles.html

It seems to have four different and unique service linked roles. How would I use the IAM API CreateServiceLinkedRole action to create these? When I pass in backup.amazonaws.com to CreateServiceLinkedRole it creates AWSServiceRoleForBackup, and not the other three like AWSBackupDefaultServiceRole, AWSServiceRoleForBackupReports, or AWSServiceRolePolicyForBackupRestoreTesting.

2回答
1
承認された回答

To create multiple service-linked roles for a service that has more than one, you need to use the CreateServiceLinkedRole action multiple times, specifying the different service principal names.

Here's an example of how you can use the AWS SDK (in this case, the AWS CLI) to create all four service-linked roles for AWS Backup:

# Create AWSServiceRoleForBackup
aws iam create-service-linked-role --aws-service-name backup.amazonaws.com

# Create AWSBackupDefaultServiceRole
aws iam create-service-linked-role --aws-service-name backup.amazonaws.com --description "AWSBackupDefaultServiceRole"

# Create AWSServiceRoleForBackupReports
aws iam create-service-linked-role --aws-service-name backup-reports.amazonaws.com --description "AWSServiceRoleForBackupReports"

# Create AWSServiceRolePolicyForBackupRestoreTesting
aws iam create-service-linked-role --aws-service-name backup-restore.amazonaws.com --description "AWSServiceRolePolicyForBackupRestoreTesting"

Here's a breakdown of what each command does:

  1. aws iam create-service-linked-role --aws-service-name backup.amazonaws.com: This creates the AWSServiceRoleForBackup service-linked role, which is the default service-linked role for AWS Backup.

  2. aws iam create-service-linked-role --aws-service-name backup.amazonaws.com --description "AWSBackupDefaultServiceRole": This creates the AWSBackupDefaultServiceRole service-linked role, which is used for backup operations.

  3. aws iam create-service-linked-role --aws-service-name backup-reports.amazonaws.com --description "AWSServiceRoleForBackupReports": This creates the AWSServiceRoleForBackupReports service-linked role, which is used for backup reporting.

  4. aws iam create-service-linked-role --aws-service-name backup-restore.amazonaws.com --description "AWSServiceRolePolicyForBackupRestoreTesting": This creates the AWSServiceRolePolicyForBackupRestoreTesting service-linked role, which is used for backup restore testing.

Note that the service principal names (backup.amazonaws.com, backup-reports.amazonaws.com, and backup-restore.amazonaws.com) are specific to the AWS Backup service. For other AWS services that use multiple service-linked roles, you would need to use the appropriate service principal names.

Also, be aware that the CreateServiceLinkedRole action can only be used to create new service-linked roles. If you need to update or delete existing service-linked roles, you'll need to use the appropriate IAM actions, such as UpdateServiceLinkedRole or DeleteServiceLinkedRole.

AWS
JonQ
回答済み 5ヶ月前
0

Hello, per here, looks you would need to add specific three service linked role prefixes to you IAM user/role policy being used to create the service linked roles.

psp
回答済み 5ヶ月前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ