I've searched quite a bit but cannot find a policy to allow a user to create IAM Roles from both the management console (AWS website), and from AWS CLI.
Any help is greatly appreciated
EDIT: More clarification, the end-goal is to allow the user to create an Instance IAM Role.
I've been using a policy like this to allow cloudformation templates to attach roles to ec2
If this isn't enough permissions then there is a list here
http://docs.aws.amazon.com/IAM/latest/UserGuide/list_iam.html
of all the available, allowable iam permissions and you can add as much as you like
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"iam:CreateInstanceProfile",
"iam:RemoveRoleFromInstanceProfile",
"iam:AddRoleToInstanceProfile",
"iam:PassRole",
"iam:DeleteInstanceProfile"
],
"Effect": "Allow",
"Resource": "*"
}
]
}