# Create the Amazon IoT role alias
<a name="gs-create-role-alias"></a>

Follow these procedures to create an Amazon IoT role alias for the IAM role that you created in [Create an IAM role](gs-create-role.md). A role alias is an alternate data model that points to the IAM role. An Amazon IoT credentials provider request must include a role alias to indicate which IAM role to assume in order to obtain temporary credentials from the Amazon Security Token Service (Amazon STS). For more information, see [How to use a certificate to get a security token](https://docs.amazonaws.cn//iot/latest/developerguide/authorizing-direct-aws.html#authorizing-direct-aws.walkthrough).

**Create the Amazon IoT role alias**

1. Sign in to the Amazon Web Services Management Console and open the Amazon IoT Core console at [https://console.amazonaws.cn/iot/](https://console.amazonaws.cn/iot/).

1. Verify that the appropriate Region is selected.

1. On the left navigation, select **Security** and then choose **Role Aliases**.

1. Choose **Create role alias**.

1. Enter a name for your role alias.  
**Example**  

   **Example:** `KvsEdgeAgentRoleAlias`

1. In the **Role** dropdown, select the IAM role you created in [Create an IAM role](gs-create-role.md).

1. Choose **Create**. On the next page, you see a note that your role alias was successfully created.

1. Search for and select the newly created role alias. Make note of the **Role alias ARN**. You need this for the Amazon IoT policy in the next step.