Create an IAM role on Vultr with assignable or assumable type. Define a reusable permission set by attaching policies that control access to cloud resources.
Roles in Vultr's IAM system define a set of permissions that can be assigned to users or groups. Roles contain policies that specify what actions are allowed or denied on which resources.
There are two types of roles:
This guide explains how to create a role using the Vultr Console and the Vultr API.
Log in to the Vultr Console.
Click the organization name in the top navigation bar.
Click Manage Organization.
Click the Roles tab.
Click the + button to add a new role.
Select Assignable Role or Assumable Role based on your requirement.
Enter a Name and optional Description for the role.
For an assumable role, configure the Trusted Entity (User, Group, or OIDC Issuer) and set the assumption schedule (Always, Specific times or Specific days).
In the Permission Policies section, search for and select the policies to attach to this role.
Click Add Role.
The new role appears in the Roles list.
Send a POST request to the Create Role endpoint to create a new role. Replace ROLE-NAME and ROLE-DESCRIPTION with your values. Set role_type to assignable for permanent access or assumable for temporary, time-bound access. The max_session_duration is specified in seconds.
$ curl "https://api.vultr.com/v2/roles" \
-X POST \
-H "Authorization: Bearer ${VULTR_API_KEY}" \
-H "Content-Type: application/json" \
-d '{
"name": "ROLE-NAME",
"description": "ROLE-DESCRIPTION",
"role_type": "assignable",
"max_session_duration": 3600
}'
A successful request returns an HTTP 201 Created response.
Note the id of the role for future operations.
Send a GET request to the Read Role endpoint to retrieve the role details. Replace {role-id} with the id returned from the creation request.
$ curl "https://api.vultr.com/v2/roles/{role-id}" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
The response contains the resource details.