Creating the IAM role in IAM - MediaConvert
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Creating the IAM role in IAM

Working directly with IAM, you can do actions that aren't available in the MediaConvert console. You can either do this when you create your role in IAM, or you can create your role in MediaConvert and then use IAM to refine it later.

The following procedure explains how to set up the role using the IAM console. For information about accessing IAM programmatically, see the appropriate document in the IAM documentation set.

To set up your MediaConvert role in IAM (console)
  1. Sign in to the Amazon Web Services Management Console and open the IAM console at

  2. In the navigation pane of the IAM console, choose Roles, and then choose Create role.

  3. Choose the Amazon service role type, and then choose the MediaConvert service.

  4. Choose the MediaConvert use case for your service. Then choose Next: Permissions. The service has already defined the permissions used by the role. These permissions grant MediaConvert the following permissions:

    • Full access to your Amazon S3 resources

    • API Gateway invoke full access

    The only entity that can assume this role is the MediaConvert service.

  5. Choose Next: Review.

  6. For Role name, enter a name that describes the purpose of the role. If you use the name MediaConvert_Default_Role, then the MediaConvert console will use this role by default when you run jobs.

    Role names must be unique within your Amazon account. You can use up to 64 characters that are letters, numbers, or any of the following: + = , . @ - _

    Because various entities might reference the role, you can't edit the name of the role after it has been created.

  7. (Optional) For Role description, edit the description for the new service role.

  8. Review the role, and then choose Create role.