Creates a RAM role.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateRole

The operation that you want to perform. Set the value to CreateRole.
AssumeRolePolicyDocument String Yes { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "RAM": "acs:ram::12345678901234****:root" } } ], "Version": "1" }

The document of the policy that specifies one or more trusted entities to assume the RAM role. The trusted entities can be Alibaba Cloud accounts, Alibaba Cloud services, or identity providers (IdPs).

Note RAM users cannot assume the RAM roles of trusted Alibaba Cloud services.
RoleName String Yes ECSAdmin

The name of the RAM role.

The name must be 1 to 64 characters in length and can contain letters, digits, periods (.), and hyphens (-).

Description String No ECS administrator

The description of the RAM role.

The description must be 1 to 1,024 characters in length.
MaxSessionDuration Long No 3600

The maximum session duration of the RAM role.

Unit: seconds. Valid values: 3600 to 43200. Default value: 3600.

If you do not specify this parameter, the default value is used.

Response parameters

Parameter Type Example Description
RequestId String 04F0F334-1335-436C-A1D7-6C044FE73368

The ID of the request.
Role Struct

The information of the RAM role.
Arn String acs:ram::123456789012****:role/ECSAdmin

The Alibaba Cloud Resource Name (ARN) of the RAM role.
AssumeRolePolicyDocument String { \"Statement\": [ { \"Action\": \"sts:AssumeRole\", \"Effect\": \"Allow\", \"Principal\": { \"RAM\": \"acs:ram::12345678901234****:root\" } } ], \"Version\": \"1\" }

The document of the policy that specifies the trusted entity to assume the RAM role.
CreateDate String 2015-01-23T12:33:18Z

The time when the RAM role was created.
Description String ECS administrator

The description of the RAM role.
MaxSessionDuration Long 3600

The maximum session duration of the RAM role.
RoleId String 90123456789****

The ID of the RAM role.
RoleName String ECSAdmin

The name of the RAM role.
RolePrincipalName String ECSAdmin@role.123456.onaliyunservice.com

The name of the RAM role after authorization.

Examples

Sample requests

https://resourcemanager.aliyuncs.com/?Action=CreateRole
&AssumeRolePolicyDocument={ "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "RAM": "acs:ram::12345678901234****:root" } } ], "Version": "1" }
&RoleName=ECSAdmin
&<Common request parameters>

Sample success responses

XML format 

<CreateRoleResponse>
      <RequestId>04F0F334-1335-436C-A1D7-6C044FE73368</RequestId>
      <Role>
            <RoleId>90123456789****</RoleId>
            <RoleName>ECSAdmin</RoleName>
            <RolePrincipalName>ECSAdmin@role.123456.onaliyunservice.com</RolePrincipalName>
            <Arn>acs:ram::123456789012****:role/ECSAdmin</Arn>
            <Description>ECS administrator</Description>
            <MaxSessionDuration>3600</MaxSessionDuration>
            <AssumeRolePolicyDocument>{ "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "RAM": "acs:ram::12345678901234****:root" } } ], "Version": "1" }</AssumeRolePolicyDocument>
            <CreateDate>2015-01-23T12:33:18Z</CreateDate>
      </Role>
</CreateRoleResponse>

JSON format 

{
    "RequestId": "04F0F334-1335-436C-A1D7-6C044FE73368",
    "Role": {
        "RoleId": "90123456789****",
        "RoleName": "ECSAdmin",
        "RolePrincipalName": "ECSAdmin@role.123456.onaliyunservice.com",
        "Arn": "acs:ram::123456789012****:role/ECSAdmin",
        "Description": "ECS administrator",
        "MaxSessionDuration": 3600,
        "AssumeRolePolicyDocument": "{ \"Statement\": [ { \"Action\": \"sts:AssumeRole\", \"Effect\": \"Allow\", \"Principal\": { \"RAM\": \"acs:ram::12345678901234****:root\" } } ], \"Version\": \"1\" }",
        "CreateDate": "2015-01-23T12:33:18Z"
    }
}

Error codes

HTTP status code Error code Error message Description
400 InvalidParameter.RoleName.InvalidChars The specified role name contains invalid characters. The error message returned because the RAM role name contains invalid characters.
400 InvalidParameter.RoleName.Length The maximum length of the role name is exceeded. The error message returned because the length of the RAM role name has exceeded the upper limit.
400 InvalidParameter.AssumeRolePolicyDocument.Length The maximum length of the trust policy document of the role is exceeded. The error message returned because the length of the value specified for the AssumeRolePolicyDocument parameter has exceeded the upper limit.
409 EntityAlreadyExists.Role The role already exists. The error message returned because the RAM role already exists.
409 MalformedPolicyDocument The policy format is invalid. The error message returned because the format of the policy document is invalid.
409 LimitExceeded.Role The maximum number of roles is exceeded. The error message returned because the maximum number of RAM roles has been reached.

For a list of error codes, visit the API Error Center.