Latest Content

How to Create a Role

Updated on 01 June, 2026

Create an IAM role on Vultr with assignable or assumable type. Define a reusable permission set by attaching policies that control access to cloud resources.

Roles in Vultr's IAM system define a set of permissions that can be assigned to users or groups. Roles contain policies that specify what actions are allowed or denied on which resources.

There are two types of roles:

  • Assignable roles provide permanent access and are attached directly to users or groups. Use assignable roles for day-to-day permissions that users need continuously.
  • Assumable roles provide temporary, elevated access through time-bound sessions. Assumable roles support IP restrictions and trust-based assumption (by user, group, organization, or OIDC issuer). Use assumable roles for privileged operations that follow the principle of least privilege.

Follow this guide to create a role using the Vultr Console, the Vultr API, or Terraform.

  • Vultr Console
  • Vultr API
  • Terraform

  1. Log in to the Vultr Console.

  2. Click the organization name in the top navigation bar.

  3. Click Manage Organization.

  4. Click the Roles tab.

  5. Click the + button to add a new role.

  6. Select Assignable Role or Assumable Role based on your requirement.

  7. Enter a Name and optional Description for the role.

  8. For an assumable role, configure the Trusted Entity (User, Group, or OIDC Issuer) and set the assumption schedule (Always, Specific times or Specific days).

  9. In the Permission Policies section, search for and select the policies to attach to this role.

  10. Click Add Role.

    The new role appears in the Roles list.

  1. Send a POST request to the Create Role endpoint to create a new role. Replace ROLE-NAME and ROLE-DESCRIPTION with your values. Set role_type to assignable for permanent access or assumable for temporary, time-bound access. The max_session_duration is specified in seconds.

    console 
    $ curl "https://api.vultr.com/v2/roles" \
    -X POST \
    -H "Authorization: Bearer ${VULTR_API_KEY}" \
    -H "Content-Type: application/json" \
    -d '{
        "name": "ROLE-NAME",
        "description": "ROLE-DESCRIPTION",
        "role_type": "assignable",
        "max_session_duration": 3600
    }'

    A successful request returns an HTTP 201 Created response.

    Note the id of the role for future operations.

  2. Send a GET request to the Read Role endpoint to retrieve the role details. Replace {role-id} with the id returned from the creation request.

    console 
    $ curl "https://api.vultr.com/v2/roles/{role-id}" \
    -X GET \
    -H "Authorization: Bearer ${VULTR_API_KEY}"

    The response contains the resource details.

  1. Ensure the Vultr Terraform provider is configured in your Terraform project.

  2. Define the role resource. Replace ROLE-NAME and ROLE-DESCRIPTION with your values. Set type to "assignable" for permanent access or "assumable" for temporary, time-bound sessions. The max_session_duration is in seconds.

    hcl 
    resource "vultr_organization_role" "my_role" {
  name                 = "ROLE-NAME"
  description          = "ROLE-DESCRIPTION"
  type                 = "assignable"
  max_session_duration = 3600
}

  3. Apply the configuration.

    console 
    $ terraform apply

    Verify that the output shows vultr_organization_role.my_role: Creation complete. Note the role ID from the Terraform state for use in attachment resources.

Comments