CreateServiceLinkedRole - Amazon Identity and Access Management
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Creates an IAM role that is linked to a specific Amazon service. The service controls the attached policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly changed or deleted role, which could put your Amazon resources into an unknown state. Allowing the service to control the role helps improve service stability and proper cleanup when a service and its role are no longer needed. For more information, see Using service-linked roles in the IAM User Guide.

To attach a policy to this service-linked role, you must make the request using the Amazon service that depends on this role.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.


The service principal for the Amazon service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example:

Service principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see Amazon services that work with IAM in the IAM User Guide. Look for the services that have Yes in the Service-Linked Role column. Choose the Yes link to view the service-linked role documentation for that service.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=,.@-]+

Required: Yes


A string that you provide, which is combined with the service-provided prefix to form the complete role name. If you make multiple requests for the same service, then you must supply a different CustomSuffix for each request. Otherwise the request fails with a duplicate role name error. For example, you could add -1 or -debug to the suffix.

Some services do not support the CustomSuffix parameter. If you provide an optional suffix and the operation fails, try the operation again without the suffix.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [\w+=,.@-]+

Required: No


The description of the role.

Type: String

Length Constraints: Maximum length of 1000.

Pattern: [\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]*

Required: No

Response Elements

The following element is returned by the service.


A Role object that contains details about the newly created role.

Type: Role object


For information about the errors that are common to all actions, see Common Errors.


The request was rejected because an invalid or out-of-range value was supplied for an input parameter.

HTTP Status Code: 400


The request was rejected because it attempted to create resources beyond the current Amazon Web Services account limits. The error message describes the limit exceeded.

HTTP Status Code: 409


The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

HTTP Status Code: 404


The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: