Update a service-linked role - Amazon Identity and Access Management
Editing a service-linked role description (console)Editing a service-linked role description (Amazon CLI)Editing a service-linked role description (Amazon API)
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Update a service-linked role

The method that you use to edit a service-linked role depends on the service. Some services might allow you to edit the permissions for a service-linked role from the service console, API, or CLI. However, after you create a service-linked role, you cannot change the name of the role because various entities might reference the role. You can edit the description of any role from the IAM console, API, or CLI.

For information about which services support using service-linked roles, see Amazon services that work with IAM and look for the services that have Yes in the Service-Linked Role column. To learn whether the service supports editing the service-linked role, choose the Yes link to view the service-linked role documentation for that service.

Editing a service-linked role description (console)

You can use the IAM console to edit the description of a service-linked role.

To edit the description of a service-linked role (console)

  1. In the navigation pane of the IAM console, choose Roles.

  2. Choose the name of the role to modify.

  3. To the far right of Role description, choose Edit.

  4. Enter a new description in the box and choose Save.

Editing a service-linked role description (Amazon CLI)

You can use IAM commands from the Amazon CLI to edit the description of a service-linked role.

To change the description of a service-linked role (Amazon CLI)

  1. (Optional) To view the current description for a role, run the following commands:

    aws iam get-role --role-name ROLE-NAME

    Use the role name, not the ARN, to refer to roles with the CLI commands. For example, if a role has the following ARN: arn:aws-cn:iam::123456789012:role/myrole, you refer to the role as myrole.

  2. To update a service-linked role's description, run the following command:

    aws iam update-role --role-name ROLE-NAME --description OPTIONAL-DESCRIPTION

Editing a service-linked role description (Amazon API)

You can use the Amazon API to edit the description of a service-linked role.

To change the description of a service-linked role (Amazon API)

  1. (Optional) To view the current description for a role, call the following operation, and specify the name of the role:

    Amazon API: GetRole

  2. To update a role's description, call the following operation, and specify the name (and optional description) of the role:

    Amazon API: UpdateRole