Create service linked roles for service with multiple service linked roles

0

In looking at AWS backup: https://docs.aws.amazon.com/aws-backup/latest/devguide/using-service-linked-roles.html

It seems to have four different and unique service linked roles. How would I use the IAM API CreateServiceLinkedRole action to create these? When I pass in backup.amazonaws.com to CreateServiceLinkedRole it creates AWSServiceRoleForBackup, and not the other three like AWSBackupDefaultServiceRole, AWSServiceRoleForBackupReports, or AWSServiceRolePolicyForBackupRestoreTesting.

2 個答案
1
已接受的答案

To create multiple service-linked roles for a service that has more than one, you need to use the CreateServiceLinkedRole action multiple times, specifying the different service principal names.

Here's an example of how you can use the AWS SDK (in this case, the AWS CLI) to create all four service-linked roles for AWS Backup:

# Create AWSServiceRoleForBackup
aws iam create-service-linked-role --aws-service-name backup.amazonaws.com

# Create AWSBackupDefaultServiceRole
aws iam create-service-linked-role --aws-service-name backup.amazonaws.com --description "AWSBackupDefaultServiceRole"

# Create AWSServiceRoleForBackupReports
aws iam create-service-linked-role --aws-service-name backup-reports.amazonaws.com --description "AWSServiceRoleForBackupReports"

# Create AWSServiceRolePolicyForBackupRestoreTesting
aws iam create-service-linked-role --aws-service-name backup-restore.amazonaws.com --description "AWSServiceRolePolicyForBackupRestoreTesting"

Here's a breakdown of what each command does:

  1. aws iam create-service-linked-role --aws-service-name backup.amazonaws.com: This creates the AWSServiceRoleForBackup service-linked role, which is the default service-linked role for AWS Backup.

  2. aws iam create-service-linked-role --aws-service-name backup.amazonaws.com --description "AWSBackupDefaultServiceRole": This creates the AWSBackupDefaultServiceRole service-linked role, which is used for backup operations.

  3. aws iam create-service-linked-role --aws-service-name backup-reports.amazonaws.com --description "AWSServiceRoleForBackupReports": This creates the AWSServiceRoleForBackupReports service-linked role, which is used for backup reporting.

  4. aws iam create-service-linked-role --aws-service-name backup-restore.amazonaws.com --description "AWSServiceRolePolicyForBackupRestoreTesting": This creates the AWSServiceRolePolicyForBackupRestoreTesting service-linked role, which is used for backup restore testing.

Note that the service principal names (backup.amazonaws.com, backup-reports.amazonaws.com, and backup-restore.amazonaws.com) are specific to the AWS Backup service. For other AWS services that use multiple service-linked roles, you would need to use the appropriate service principal names.

Also, be aware that the CreateServiceLinkedRole action can only be used to create new service-linked roles. If you need to update or delete existing service-linked roles, you'll need to use the appropriate IAM actions, such as UpdateServiceLinkedRole or DeleteServiceLinkedRole.

AWS
JonQ
已回答 5 個月前
0

Hello, per here, looks you would need to add specific three service linked role prefixes to you IAM user/role policy being used to create the service linked roles.

psp
已回答 5 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南