When trying to create a role i run into the following error (AccessDenied) when calling the CreateRole operation: User: arn:aws:iam::806409516843:user/<username> is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::806409516843:role/vmimport.
I have tried reading the docs and doing many google searches on the subject but can't seem to find a way to allow my user to create a role. Please help.
2 Answers
If you have root access to your account, you can just write your own policy and attach it to the user (AWS Console => IAM => Users => Add inline policy). Here is an example:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1482712489000", "Effect": "Allow", "Action": [ "iam:CreateRole" ], "Resource": [ "*" ] } ]
}I went with AttachPolicy (to a group but I suppose you could do it to a single user as well) and attached AdministratorAccess. This may later be revealed to be a poor choice but I figured it would cover me for anything else I need to do.
