Amazon IAM · Capability
Amazon IAM API — Roles
Amazon IAM API — Roles. 5 operations. Lead operation: Amazon IAM Assume an IAM Role. Self-contained Naftiko capability covering one Amazon Iam business surface.
What You Can Do
GET
Assumerole
— Amazon IAM Assume an IAM Role
/v1/action-assumerole
GET
Createrole
— Amazon IAM Create a New IAM Role
/v1/action-createrole
GET
Deleterole
— Amazon IAM Delete an IAM Role
/v1/action-deleterole
GET
Getrole
— Amazon IAM Get Information About an IAM Role
/v1/action-getrole
GET
Listroles
— Amazon IAM List IAM Roles
/v1/action-listroles
MCP Tools
amazon-iam-assume-iam-role
Amazon IAM Assume an IAM Role
read-only
idempotent
amazon-iam-create-new-iam
Amazon IAM Create a New IAM Role
read-only
idempotent
amazon-iam-delete-iam-role
Amazon IAM Delete an IAM Role
read-only
idempotent
amazon-iam-get-information-about
Amazon IAM Get Information About an IAM Role
read-only
idempotent
amazon-iam-list-iam-roles
Amazon IAM List IAM Roles
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Amazon IAM API — Roles
description: 'Amazon IAM API — Roles. 5 operations. Lead operation: Amazon IAM Assume an IAM Role. Self-contained Naftiko
capability covering one Amazon Iam business surface.'
tags:
- Amazon Iam
- Roles
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
AMAZON_IAM_API_KEY: AMAZON_IAM_API_KEY
capability:
consumes:
- type: http
namespace: amazon-iam-roles
baseUri: https://iam.amazonaws.com
description: Amazon IAM API — Roles business capability. Self-contained, no shared references.
resources:
- name: ?Action=AssumeRole
path: /?Action=AssumeRole
operations:
- name: assumerole
method: GET
description: Amazon IAM Assume an IAM Role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: Action
in: query
type: string
required: true
- name: Version
in: query
type: string
required: true
- name: RoleArn
in: query
type: string
description: The ARN of the role to assume.
required: true
- name: RoleSessionName
in: query
type: string
description: An identifier for the assumed role session.
required: true
- name: DurationSeconds
in: query
type: integer
description: Duration of the role session in seconds.
- name: ExternalId
in: query
type: string
description: A unique identifier used by third parties.
- name: ?Action=CreateRole
path: /?Action=CreateRole
operations:
- name: createrole
method: GET
description: Amazon IAM Create a New IAM Role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: Action
in: query
type: string
required: true
- name: Version
in: query
type: string
required: true
- name: RoleName
in: query
type: string
description: The name of the role to create.
required: true
- name: AssumeRolePolicyDocument
in: query
type: string
description: The trust relationship policy document (JSON).
required: true
- name: Path
in: query
type: string
description: The path to the role.
- name: Description
in: query
type: string
description: A description of the role.
- name: MaxSessionDuration
in: query
type: integer
description: Maximum session duration in seconds.
- name: ?Action=DeleteRole
path: /?Action=DeleteRole
operations:
- name: deleterole
method: GET
description: Amazon IAM Delete an IAM Role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: Action
in: query
type: string
required: true
- name: Version
in: query
type: string
required: true
- name: RoleName
in: query
type: string
description: The name of the role to delete.
required: true
- name: ?Action=GetRole
path: /?Action=GetRole
operations:
- name: getrole
method: GET
description: Amazon IAM Get Information About an IAM Role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: Action
in: query
type: string
required: true
- name: Version
in: query
type: string
required: true
- name: RoleName
in: query
type: string
description: The name of the role to retrieve.
required: true
- name: ?Action=ListRoles
path: /?Action=ListRoles
operations:
- name: listroles
method: GET
description: Amazon IAM List IAM Roles
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: Action
in: query
type: string
required: true
- name: Version
in: query
type: string
required: true
- name: PathPrefix
in: query
type: string
description: The path prefix for filtering the results.
- name: Marker
in: query
type: string
- name: MaxItems
in: query
type: integer
authentication:
type: apikey
key: Authorization
value: '{{env.AMAZON_IAM_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: amazon-iam-roles-rest
port: 8080
description: REST adapter for Amazon IAM API — Roles. One Spectral-compliant resource per consumed operation, prefixed
with /v1.
resources:
- path: /v1/action-assumerole
name: action-assumerole
description: REST surface for ?Action=AssumeRole.
operations:
- method: GET
name: assumerole
description: Amazon IAM Assume an IAM Role
call: amazon-iam-roles.assumerole
with:
Action: rest.Action
Version: rest.Version
RoleArn: rest.RoleArn
RoleSessionName: rest.RoleSessionName
DurationSeconds: rest.DurationSeconds
ExternalId: rest.ExternalId
outputParameters:
- type: object
mapping: $.
- path: /v1/action-createrole
name: action-createrole
description: REST surface for ?Action=CreateRole.
operations:
- method: GET
name: createrole
description: Amazon IAM Create a New IAM Role
call: amazon-iam-roles.createrole
with:
Action: rest.Action
Version: rest.Version
RoleName: rest.RoleName
AssumeRolePolicyDocument: rest.AssumeRolePolicyDocument
Path: rest.Path
Description: rest.Description
MaxSessionDuration: rest.MaxSessionDuration
outputParameters:
- type: object
mapping: $.
- path: /v1/action-deleterole
name: action-deleterole
description: REST surface for ?Action=DeleteRole.
operations:
- method: GET
name: deleterole
description: Amazon IAM Delete an IAM Role
call: amazon-iam-roles.deleterole
with:
Action: rest.Action
Version: rest.Version
RoleName: rest.RoleName
outputParameters:
- type: object
mapping: $.
- path: /v1/action-getrole
name: action-getrole
description: REST surface for ?Action=GetRole.
operations:
- method: GET
name: getrole
description: Amazon IAM Get Information About an IAM Role
call: amazon-iam-roles.getrole
with:
Action: rest.Action
Version: rest.Version
RoleName: rest.RoleName
outputParameters:
- type: object
mapping: $.
- path: /v1/action-listroles
name: action-listroles
description: REST surface for ?Action=ListRoles.
operations:
- method: GET
name: listroles
description: Amazon IAM List IAM Roles
call: amazon-iam-roles.listroles
with:
Action: rest.Action
Version: rest.Version
PathPrefix: rest.PathPrefix
Marker: rest.Marker
MaxItems: rest.MaxItems
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: amazon-iam-roles-mcp
port: 9090
transport: http
description: MCP adapter for Amazon IAM API — Roles. One tool per consumed operation, routed inline through this capability's
consumes block.
tools:
- name: amazon-iam-assume-iam-role
description: Amazon IAM Assume an IAM Role
hints:
readOnly: true
destructive: false
idempotent: true
call: amazon-iam-roles.assumerole
with:
Action: tools.Action
Version: tools.Version
RoleArn: tools.RoleArn
RoleSessionName: tools.RoleSessionName
DurationSeconds: tools.DurationSeconds
ExternalId: tools.ExternalId
outputParameters:
- type: object
mapping: $.
- name: amazon-iam-create-new-iam
description: Amazon IAM Create a New IAM Role
hints:
readOnly: true
destructive: false
idempotent: true
call: amazon-iam-roles.createrole
with:
Action: tools.Action
Version: tools.Version
RoleName: tools.RoleName
AssumeRolePolicyDocument: tools.AssumeRolePolicyDocument
Path: tools.Path
Description: tools.Description
MaxSessionDuration: tools.MaxSessionDuration
outputParameters:
- type: object
mapping: $.
- name: amazon-iam-delete-iam-role
description: Amazon IAM Delete an IAM Role
hints:
readOnly: true
destructive: false
idempotent: true
call: amazon-iam-roles.deleterole
with:
Action: tools.Action
Version: tools.Version
RoleName: tools.RoleName
outputParameters:
- type: object
mapping: $.
- name: amazon-iam-get-information-about
description: Amazon IAM Get Information About an IAM Role
hints:
readOnly: true
destructive: false
idempotent: true
call: amazon-iam-roles.getrole
with:
Action: tools.Action
Version: tools.Version
RoleName: tools.RoleName
outputParameters:
- type: object
mapping: $.
- name: amazon-iam-list-iam-roles
description: Amazon IAM List IAM Roles
hints:
readOnly: true
destructive: false
idempotent: true
call: amazon-iam-roles.listroles
with:
Action: tools.Action
Version: tools.Version
PathPrefix: tools.PathPrefix
Marker: tools.Marker
MaxItems: tools.MaxItems
outputParameters:
- type: object
mapping: $.