You can create trust policies in two ways:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com"}, "Action": "sts:AssumeRole" } ] }
# euare-rolecreate --role-name describe-instances -f role-trust-policy.json # euare-rolelistbypath arn:aws:iam::408396244283:role/describe-instances
The other way to create the role is to use the command line options to specify the trust policy:
# euare-rolecreate --role-name describe-instances --service http://compute.acme.eucalyptus-systems.com:8773/ # euare-rolelistbypath arn:aws:iam::408396244283:role/describe-instances
{ "Statement": [ { "Action": [ "s3:ListBucket" ], "Effect": "Allow", "Resource": "arn:aws:s3:::mybucket" } ] }