File: //usr/local/aws-cli/v2/current/current/dist/awscli/examples/iam/create-role.rst
**To create an IAM role**
The following ``create-role`` command creates a role named ``Test-Role`` and attaches a trust policy to it::
  aws iam create-role --role-name Test-Role --assume-role-policy-document file://Test-Role-Trust-Policy.json
Output::
  {
    "Role": {
        "AssumeRolePolicyDocument": "<URL-encoded-JSON>",
        "RoleId": "AKIAIOSFODNN7EXAMPLE",
        "CreateDate": "2013-06-07T20:43:32.821Z",
        "RoleName": "Test-Role",
        "Path": "/",
        "Arn": "arn:aws:iam::123456789012:role/Test-Role"
    }
  }
The trust policy is defined as a JSON document in the *Test-Role-Trust-Policy.json* file. (The file name and extension do not have significance.) The trust policy must specify a principal.
To attach a permissions policy to a role, use the ``put-role-policy`` command.
For more information, see `Creating a Role`_ in the *Using IAM* guide.
.. _`Creating a Role`: http://docs.aws.amazon.com/IAM/latest/UserGuide/creating-role.html