Approle long-lived tokens minimum policy

Hi all, approle help please.
Short-lived token setup successfully. However, my problem is I’m using root token to create role-id, secret-id, and short-lived token themselves.
How do I create a long-lived token to create the short ones?
What’s the minimum policy to attach to that long-lived token?

Ignore this. Apparently, no such thing as long-lived token except the root ones. I needed to renew the token monthly automatically. Then create short-lived ones out of it.