Aliyun::Serverless::Service is used to create a service in Function Compute (FC).

Syntax

{
  "Type": "Aliyun::Serverless::Service",
  "Properties": {
    "Role": String,
    "Policies": List,
    "Description": String,
    "InternetAccess": Boolean,
    "VpcConfig": Map,
    "LogConfig": Map,
    "NasConfig": Map
  }
}

Properties

Property Type Required Editable Description Constraint
Role String No Yes The Alibaba Cloud Resource Name (ARN) of the RAM role that is used to grant required permissions to FC. None
Policies List No Yes The list of one or more policies that are attached to the default RAM user corresponding to FC. Example:
[
"AliyunOSSFullAccess",
  {
    "Version": "1",
    "Statement": [
      {
        "Effect": "Allow",
        "Action": [
          "oss:Get*",
          "oss:List*"
        ],
        "Resource": "*"
      }
    ]
  }
]

If you specify the Role parameter, the Policies parameter does not take effect and the default RAM user corresponding to FC is not created.

You can set the Policies parameter to a system policy name or a policy document. If you set the Policies parameter to a system policy name, the system creates a default RAM user corresponding to FC and attaches the policy to the default RAM user. If you set the Policies parameter to a policy document, the system creates a policy and a default RAM user corresponding to FC, and then attaches the created policy to the default RAM user.

Description String No Yes The description of the service. None
InternetAccess Boolean No Yes Specifies whether to allow functions to access the Internet. Default value: true. Valid values:
  • true
  • false
VpcConfig Map No Yes The VPC configurations. This parameter allows functions to access the specified VPC. For more information, see VpcConfig properties.
LogConfig Map No Yes The logging configurations. This parameter specifies a Logstore to store function execution logs. For more information, see LogConfig properties.
NasConfig Map No Yes The Apsara File Storage NAS (NAS) file system configurations. This parameter allows functions of the specified service to access the NAS file system. For more information, see NasConfig properties.

VpcConfig syntax

"VpcConfig": {
  "SecurityGroupId": String,
  "VSwitchIds": List,
  "VpcId": String
}

VpcConfig properties

Property Type Required Editable Description Constraint
SecurityGroupId String Yes Yes The ID of the security group. None
VSwitchIds List Yes Yes A list of one or more vSwitch IDs. Example: [vSwitchId, ...]. This list must include at least one vSwitch ID.
VpcId String Yes Yes The ID of the VPC. None

LogConfig syntax

"LogConfig": {
  "Project": String,
  "Logstore": String
}

LogConfig properties

Property Type Required Editable Description Constraint
Project String No Yes The name of the project in LogHub. None
Logstore String No Yes The name of the Logstore in LogHub. None

NasConfig syntax

"NasConfig": {
  "MountPoints": List,
  "UserId": Integer,
  "GroupId": Integer
}

NasConfig properties

Property Type Required Editable Description Constraint
MountPoints List Yes Yes The list of mount points. For more information, see MountPoints properties.
UserId Integer Yes Yes The ID of the user. Valid values: -1 to 65534.
GroupId Integer Yes Yes The ID of the application group. Valid values: -1 to 65534.

MountPoints syntax

"MountPoints": [
  {
    "ServerAddr": String,
    "MountDir": String
  }
]

MountPoints properties

Property Type Required Editable Description Constraint
ServerAddr String Yes Yes The remote directory in the NAS file system. None
MountDir String Yes Yes The directory in the local file system to mount the NAS file system. None

Response parameters

Fn::GetAtt

  • ServiceId: the unique ID generated by the system for each service.
  • ServiceName: the name of the service.

Examples

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Transform": "Aliyun::Serverless-2018-04-03",
  "Resources": {
    "MyService": {
      "Type": "Aliyun::Serverless::Service",
      "Properties": {
        "Policies": [
          "AliyunFCReadOnlyAccess",
          {
            "Version": "1",
            "Statement": [
              {
                "Effect": "Allow",
                "Action": [
                  "oss:GetObject",
                  "oss:GetObjectACL"
                ],
                "Resource": "*"
              }
            ]
          }
        ]
      }
    }
  }
}

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Transform: 'Aliyun::Serverless-2018-04-03'
Resources:
  MyService: # service name
    Type: 'Aliyun::Serverless::Service'
    Properties:
      Policies:
        - AliyunFCReadOnlyAccess # Managed Policy
        - Version: '1' # Policy Document
          Statement:
            - Effect: Allow
              Action:
                - oss:GetObject
                - oss:GetObjectACL
              Resource: '*'