iam:CreateServiceLinkedRole
Literal appearances in AWS managed IAM policies. Statements that use wildcards (for example s3:*) are not counted here. This is not an IAM authorization simulation.
Policies (any)
204
Allow (Action)
204
Deny (Action)
0
NotAction
2
Index generated 4/7/2026, 3:29:24 AM. 559 policies include at least one wildcard action string (any service).
Action reference
SAR-style (unofficial)Service: AWS Identity and Access Management (IAM)
Access level
Permissions managementDescription
Grants permission to create an IAM role that allows an AWS service to perform actions on your behalf
Resource types
- role*
Allow (Action)
- AWSAppFabricFullAccess
- AWSAppMeshFullAccess
- AWSAppRunnerFullAccess
- AWSAppSyncAdministrator
- AWSApplicationDiscoveryServiceFullAccess
- AWSArtifactAgreementsFullAccess
- AWSAuditManagerAdministratorAccess
- AWSBackupFullAccess
- AWSBatchFullAccess
- AWSBatchServiceRole
- AWSBedrockAgentCoreGatewayNetworkServiceRolePolicy
- AWSBugBustFullAccess
- AWSCertificateManagerFullAccess
- AWSCloud9Administrator
- AWSCloud9User
- AWSCodeCommitFullAccess
- AWSCodeCommitPowerUser
- AWSCodeStarServiceRole
- AWSConfigMultiAccountSetupPolicy
- AWSControlTowerServiceRolePolicy
- AWSDataPipelineRole
- AWSDataSyncFullAccess
- AWSDeepRacerServiceRolePolicy
- AWSEC2FleetServiceRolePolicy
- AWSElasticBeanstalkFullAccess
- AWSElasticBeanstalkRoleCore
- AWSFMAdminFullAccess
- AWSHealthFullAccess
- AWSIQFullAccess
- AWSImageBuilderFullAccess
- AWSIoTManagedIntegrationsFullAccess
- AWSIoTSiteWiseConsoleFullAccess
- AWSIotRoboRunnerFullAccess
- AWSLambda_FullAccess
- AWSLicenseManagerServiceRolePolicy
- AWSMarketplaceSellerFullAccess
- AWSMigrationHubFullAccess
- AWSMigrationHubOrchestratorConsoleFullAccess
- AWSMigrationHubRefactorSpaces-EnvironmentsWithoutBridgesFullAccess
- AWSMigrationHubRefactorSpacesFullAccess
- AWSMigrationHubStrategyConsoleFullAccess
- AWSNetworkFirewallFullAccess
- AWSNetworkManagerFullAccess
- AWSObservabilityAdminServiceRolePolicy
- AWSObservabilityAdminTelemetryEnablementServiceRolePolicy
- AWSOrganizationsFullAccess
- AWSOrganizationsServiceTrustPolicy
- AWSPanoramaFullAccess
- AWSPrivateMarketplaceAdminFullAccess
- AWSProtonFullAccess
- AWSQuickSetupCFGCPacksPermissionsBoundary
- AWSQuickSetupDeploymentRolePolicy
- AWSQuickSetupDevOpsGuruPermissionsBoundary
- AWSQuickSetupDistributorPermissionsBoundary
- AWSQuickSetupEnableAREXExecutionPolicy
- AWSQuickSetupManageJITNAResourcesExecutionPolicy
- AWSQuickSetupPatchPolicyDeploymentRolePolicy
- AWSQuickSetupPatchPolicyPermissionsBoundary
- AWSQuickSetupSSMDeploymentRolePolicy
- AWSQuickSetupSSMHostMgmtPermissionsBoundary
- AWSQuickSetupSchedulerPermissionsBoundary
- AWSRefactoringToolkitFullAccess
- AWSResourceExplorerFullAccess
- AWSResourceExplorerOrganizationsAccess
- AWSRoboMakerFullAccess
- AWSRoboMaker_FullAccess
- AWSRolesAnywhereFullAccess
- AWSSSMForSAPServiceLinkedRolePolicy
- AWSSSOMasterAccountAdministrator
- AWSSecurityHubFullAccess
- AWSSecurityHubV2ServiceRolePolicy
- AWSSecurityIncidentResponseFullAccess
- AWSServiceCatalogAdminFullAccess
- AWSServiceCatalogAppRegistryFullAccess
- AWSServiceRoleForAIDevOpsPolicy
- AWSServiceRoleForAmazonEKSNodegroup
- AWSServiceRoleForGammaInternalAmazonEKSNodegroup
- AWSServiceRoleForImageBuilder
- AWSServiceRoleForSMS
- AWSSupportAppFullAccess
- AWSSystemsManagerEnableConfigRecordingExecutionPolicy
- AWSSystemsManagerEnableExplorerExecutionPolicy
- AWSSystemsManagerForSAPFullAccess
- AWSThinkboxAWSPortalAdminPolicy
- AWSThinkboxDeadlineResourceTrackerAdminPolicy
- AWSThinkboxDeadlineSpotEventPluginAdminPolicy
- AWSTransformApplicationECSDeploymentPolicy
- AWSTrustedAdvisorPriorityFullAccess
- AdministratorAccess-AWSElasticBeanstalk
- AdministratorAccess-Amplify
- AlexaForBusinessFullAccess
- AmazonAppStreamFullAccess
- AmazonApplicationWizardFullaccess
- AmazonAuroraDSQLConsoleFullAccess
- AmazonAuroraDSQLFullAccess
- AmazonBraketFullAccess
- AmazonChimeServiceRolePolicy
- AmazonCloudWatchRUMFullAccess
- AmazonCodeGuruProfilerFullAccess
- AmazonCodeGuruReviewerFullAccess
- AmazonCognitoPowerUser
- AmazonConnectFullAccess
- AmazonConnect_FullAccess
- AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary
- AmazonDataZoneSageMakerProvisioningRolePolicy
- AmazonDetectiveOrganizationsAccess
- AmazonDevOpsGuruConsoleFullAccess
- AmazonDevOpsGuruFullAccess
- AmazonDocDBConsoleFullAccess
- AmazonDocDBElasticFullAccess
- AmazonDocDBFullAccess
- AmazonDynamoDBFullAccess
- AmazonDynamoDBFullAccess_v2
- AmazonEC2ContainerRegistryFullAccess
- AmazonEC2FullAccess
- AmazonEC2SpotFleetAutoscaleRole
- AmazonECSInfrastructureRolePolicyForManagedInstances
- AmazonECSInfrastructureRoleforExpressGatewayServices
- AmazonECS_FullAccess
- AmazonEKSClusterPolicy
- AmazonEKSComputePolicy
- AmazonEKSLoadBalancingPolicy
- AmazonEKSServicePolicy
- AmazonEMRFullAccessPolicy_v2
- AmazonElastiCacheFullAccess
- AmazonElasticFileSystemFullAccess
- AmazonElasticFileSystemServiceRolePolicy
- AmazonElasticMapReduceFullAccess
- AmazonElasticMapReduceRole
- AmazonEventBridgeFullAccess
- AmazonEventBridgeSchemasFullAccess
- AmazonFSxConsoleFullAccess
- AmazonFSxFullAccess
- AmazonGuardDutyFullAccess
- AmazonGuardDutyFullAccess_v2
- AmazonGuardDutyServiceRolePolicy
- AmazonInspector2FullAccess
- AmazonInspector2FullAccess_v2
- AmazonInspectorFullAccess
- AmazonKeyspacesFullAccess
- AmazonLaunchWizardFullAccessV2
- AmazonLaunchWizardFullaccess
- AmazonLaunchWizard_Fullaccess
- AmazonLexFullAccess
- AmazonMCSFullAccess
- AmazonMQApiFullAccess
- AmazonMQFullAccess
- AmazonMSKFullAccess
- AmazonMacieFullAccess
- AmazonMacieHandshakeRole
- AmazonMemoryDBFullAccess
- AmazonMonitronFullAccess
- AmazonOpenSearchIngestionFullAccess
- AmazonPrometheusFullAccess
- AmazonRDSFullAccess
- AmazonRedshiftDataFullAccess
- AmazonRedshiftFullAccess
- AmazonSSMFullAccess
- AmazonSageMakerCanvasFullAccess
- AmazonSageMakerFullAccess
- AmazonSecurityLakeAdministrator
- AmazonTimestreamInfluxDBFullAccess
- AmazonTimestreamInfluxDBFullAccessWithoutMarketplaceAccess
- AmazonWorkMailFullAccess
- AmazonWorkSpacesThinClientFullAccess
- AutoScalingConsoleFullAccess
- AutoScalingFullAccess
- AutoScalingServiceRolePolicy
- BatchServiceRolePolicy
- BedrockAgentCoreFullAccess
- CloudWatchApplicationInsightsFullAccess
- CloudWatchApplicationSignalsFullAccess
- CloudWatchEventsFullAccess
- CloudWatchFullAccess
- CloudWatchFullAccessV2
- CloudWatchInternetMonitorFullAccess
- CloudWatchOpenSearchDashboardsFullAccess
- ConfigConformsServiceRolePolicy
- CostOptimizationHubAdminAccess
- DBModProvisioningAndMigration
- DynamoDBGlobalTableSettingsManagementServiceRolePolicy
- DynamoDBReplicationServiceRolePolicy
- EC2FastLaunchFullAccess
- ElasticLoadBalancingFullAccess
- FMSServiceRolePolicy
- GlobalAcceleratorFullAccess
- IAMAccessAnalyzerFullAccess
- NeptuneConsoleFullAccess
- NeptuneFullAccess
- NetworkAdministrator
- PowerUserAccess
- ROSANodePoolManagementPolicy
- Route53RecoveryReadinessServiceRolePolicy
- SageMakerStudioAdminIAMDefaultExecutionPolicy
- SageMakerStudioAdminIAMPermissiveExecutionPolicy
- SageMakerStudioProjectProvisioningRolePolicy
- SageMakerStudioProjectRoleMachineLearningPolicy
- SageMakerStudioProjectUserRolePermissionsBoundary
- SageMakerStudioUserIAMDefaultExecutionPolicy
- SageMakerStudioUserIAMPermissiveExecutionPolicy
- ServerMigrationServiceConsoleFullAccess
- ServerMigrationServiceLaunchRole
- ServiceQuotasFullAccess
- VPCLatticeFullAccess
Deny (Action)
None
Thanks to Ian McKay for iam-dataset (MIT), structured data derived from the AWS Service Authorization Reference. Not maintained by AWS and not guaranteed current. IAMTrail's managed policy archive is separate.
Definitions bundle generated 4/7/2026, 3:29:24 AM