AWS step-by-step guide on how to create an IAM role through the console

1. Open the IAM console

2. Choose Roles and then choose Create role

3. Choose AWS account

4. To create a role for your account, choose This Account.

To create a role for another account, choose Another AWS account and ender the Account ID

7. Choose Next

8. Select the policy to use for the permissions policy or choose Create policy to open a new browser tab and create a new policy from scratch.

9. Enter a Role name

10. (Optional) For Description, enter a description for the new role
11. Choose Edit in Step 1: Select trusted entities or Step 2: Add permissions sections to edit the use cases and permissions for the role

12. Create Role

AWS step-by-step guide on how to create an IAM role through the CLI

1. Create a role: aws iam create-role
2. Attach a managed permissions policy to the role: aws iam attach-role-policy or Create an inline permissions policy for the role: aws iam put-role-policy
3. (Optional) Add custom attributes to the role by attaching tags: aws iam tag-role For more information, see Managing tags on IAM roles (AWS CLI or AWS API)
4. (Optional) Set the permissions boundary for the role: aws iam put-role-permissions-boundary A permissions boundary controls the maximum permissions that a role can have. Permissions boundaries are an advanced AWS feature

Example Code

{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Principal": { "AWS": "arn:aws:iam::123456789012:root" },
          "Action": "sts:AssumeRole",
          "Condition": { "Bool": { "aws:MultiFactorAuthPresent": "true" } }
      }
  ]
}

CLI Commands

aws iam create-role --role-name Test-UserAccess-Role --assume-role-policy-document file://C:\policies\trustpolicyforacct123456789012.json

aws iam attach-role-policy --role-name Test-UserAccess-Role --policy-arn arn:aws:iam::123456789012:role/PolicyForRole