次のコマンドを使用して、必要な権限を持つ「vmimport」という名前のロールを作成します。

aws iam create-role --role-name vmimport --assume-role-policy-document file://vmimport-role-trust.json 

aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://vmimport-role-policy.json 

aws iam put-role-policy --role-name vmimport --policy-name AviController-vmimport-KMS-Policy --policy-document file://avicontroller-kms-vmimport.json 

AviController-Refined-Role は、インスタンス プロファイルを使用してコントローラに適用されるロールです。次のコマンドを実行します。

aws iam create-role --role-name AviController-Refined-Role --assume-role-policy-document file://avicontroller-role-trust.json 

aws iam create-policy --policy-name AviController-EC2-Policy --policy-document file://avicontroller-ec2-policy.json 

aws iam create-policy --policy-name AviController-S3-Policy --policy-document file://avicontroller-s3-policy.json 

aws iam create-policy --policy-name AviController-IAM-Policy --policy-document file://avicontroller-iam-policy.json 

aws iam create-policy --policy-name AviController-R53-Policy --policy-document file://avicontroller-r53-policy.json 

aws iam create-policy --policy-name AviController-ASG-Policy --policy-document file://avicontroller-asg-policy.json 

aws iam create-policy --policy-name AviController-SQS-SNS-Policy --policy-document file://avicontroller-sqs-sns-policy.json 

aws iam create-policy --policy-name AviController-KMS-Policy --policy-document file://avicontroller-kms-policy.json 

ポリシー（AviController-EC2-Policy、AviController-R53-Policy、AviController-IAM-Policy など）が作成されると（手順 2）、AviController-Refined-Role に適用します。

aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-EC2-Policy" aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-R53-Policy" aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-AutoScalingGroup-Policy" aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-SNS-Policy" aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-SQS-Policy" aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-ASG-Notification" aws iam attach-role-policy --role-name AviController-Refined-Role --policy-arn "arn:aws:iam::123456789012:policy/AviController-KMS-Policy"

aws iam create-role --role-name AviController-Refined-Role --assume-role-policy-document file://avicontroller-role-trust.json 

aws iam create-policy --policy-name AviController-EC2-Policy --policy-document file://avicontroller-ec2-policy.json 

aws iam create-policy --policy-name AviController-S3-Policy --policy-document file://avicontroller-s3-policy.json 

aws iam create-policy --policy-name AviController-IAM-Policy --policy-document file://avicontroller-iam-policy.json 

aws iam create-policy --policy-name AviController-R53-Policy --policy-document file://avicontroller-r53-policy.json 

aws iam create-policy --policy-name AviController-ASG-Policy --policy-document file://avicontroller-asg-policy.json 

aws iam create-policy --policy-name AviController-SQS-SNS-Policy --policy-document file://avicontroller-sqs-sns-policy.json 

aws iam create-policy --policy-name AviController-KMS-Policy --policy-document file://avicontroller-kms-policy.json