Hello ,

Thank you for posting your question on the AWS Repost, my name is Rochak and it will be a pleasure assisting you with this today.

I understand y are getting an error while trying to send message on email and you received the error message you shared. Please, let me know if my understanding is incorrect.

As we can see in the error message the user is not authorized to perform that action because no identity-based policy allows the action iam: CreateRole.

This falls under the Access denied due to identity-based policy as shown here in the documentation [1] This is an implicit denial and for the error, please check for a missing Allow statement for iam:CreateRole in identity-based policies attached to user. Once you add the Allow statement for the iam user to CreateRole, you will be able to perform the action.

For your future reference, I am also attaching the “Troubleshooting access denied error messages” here [2]

I hope this helps. If you need further info, let me know in the comments; otherwise I'd appreciate if you mark my answer as "accepted".

Kind regards, Rochak from AWS

References:

[1] Access denied due to identity-based policies https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_access-denied.html#access-denied-identity-based-policy-examples

[2] Troubleshooting access denied error messages https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_access-denied.html