'default', 'region' => 'us-west-2', 'version' => '2010-05-08' ]); $roleName = 'AmazonCSM'; $description = 'An Instance role that has permission for Amazon EC2 Systems Manager and SDK Metric Monitoring.'; $AmazonCSMPolicy = '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sdkmetrics-beta:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ssm:GetParameter" ], "Resource": "arn:aws:ssm:*:*:parameter/AmazonCSM*" } ] }'; $rolePolicy = '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }'; try { $iamPolicy = $client->createPolicy([ 'PolicyName' => $roleName . 'policy', 'PolicyDocument' => $AmazonCSMPolicy ]); if ($iamPolicy['@metadata']['statusCode'] == 200) { $policyArn = $iamPolicy['Policy']['Arn']; echo('

Your IAM Policy has been created. Arn - '); echo($policyArn); echo('

'); $role = $client->createRole([ 'RoleName' => $roleName, 'Description' => $description, 'AssumeRolePolicyDocument' => $rolePolicy, ]); echo('

Your IAM User Role has been created. Arn: '); echo($role['Role']['Arn']); echo('

'); if ($role['@metadata']['statusCode'] == 200) { $result = $client->attachRolePolicy([ 'PolicyArn' => $policyArn, 'RoleName' => $roleName, ]); var_dump($result); } else { echo('

There was an error creating your IAM User Role

'); var_dump($role); } } else { echo('

There was an error creating your IAM Policy

'); var_dump($iamPolicy); } } catch (AwsException $e) { // output error message if fails echo $e; error_log($e->getMessage()); } // snippet-end:[iam.php.create_role.main] // snippet-end:[iam.php.create_role.complete] // snippet-sourceauthor:[jschwarzwalder (AWS)]