Creates a custom control policy.

For more information about Alibaba Cloud services that support custom control policies, see Alibaba Cloud services that support control policies.

In this example, a custom control policy named ExampleControlPolicy is created to prohibit modifications to the ResourceDirectoryAccountAccessRole role and its permissions.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateControlPolicy

The operation that you want to perform. Set the value to CreateControlPolicy.

EffectScope String Yes RAM

The effective scope of the control policy.

The value RAM indicates that the control policy is in effect for RAM users and RAM roles.

PolicyDocument String Yes {"Version":"1","Statement":[{"Effect":"Deny","Action":["ram:UpdateRole","ram:DeleteRole","ram:AttachPolicyToRole","ram:DetachPolicyFromRole"],"Resource":"acs:ram:*:*:role/ResourceDirectoryAccountAccessRole"}]}

The document of the control policy.

The document can be a maximum of 2,048 characters in length.

For more information about the languages of control policies, see Control policy languages.

For more information about the examples of control policies, see Examples of custom control policies.

PolicyName String Yes ExampleControlPolicy

The name of the control policy.

The name must be 1 to 128 characters in length and can contain letters, digits, and hyphens (-). It must start with a letter.

Description String No ExampleControlPolicy

The description of the control policy.

The description must be 1 to 1,024 characters in length and can contain letters, digits, underscores (_), and hyphens (-). It must start with a letter.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter Type Example Description
ControlPolicy Struct

The details of the control policy.

AttachmentCount String 0

The number of times that the control policy is referenced.

CreateDate String 2021-03-18T09:24:19Z

The time when the control policy was created.

Description String ExampleControlPolicy

The description of the control policy.

EffectScope String RAM

The effective scope of the control policy.

The value RAM indicates that the control policy is in effect for RAM users and RAM roles.

PolicyId String cp-jExXAqIYkwHN****

The ID of the control policy.

PolicyName String ExampleControlPolicy

The name of the control policy.

PolicyType String Custom

The type of the control policy. Valid values:

  • System: system control policy
  • Custom: custom control policy
UpdateDate String 2021-03-18T09:24:19Z

The time when the control policy was updated.

RequestId String 776B05B3-A0B0-464B-A191-F4E1119A94B2

The ID of the request.

Examples

Sample requests

https://resourcemanager.aliyuncs.com/?Action=CreateControlPolicy
&EffectScope=RAM
&PolicyDocument={"Version":"1","Statement":[{"Effect":"Deny","Action":["ram:UpdateRole","ram:DeleteRole","ram:AttachPolicyToRole","ram:DetachPolicyFromRole"],"Resource":"acs:ram:*:*:role/ResourceDirectoryAccountAccessRole"}]}
&PolicyName=ExampleControlPolicy
&Description=ExampleControlPolicy
&<Common request parameters>

Sample success responses

XML format

<CreateControlPolicyResponse>
	  <ControlPolicy>
		    <PolicyType>Custom</PolicyType>
		    <UpdateDate>2021-03-18T09:24:19Z</UpdateDate>
		    <Description>ExampleControlPolicy</Description>
		    <AttachmentCount>0</AttachmentCount>
		    <PolicyName>ExampleControlPolicy</PolicyName>
		    <CreateDate>2021-03-18T09:24:19Z</CreateDate>
		    <PolicyId>cp-jExXAqIYkwHN****</PolicyId>
		    <EffectScope>RAM</EffectScope>
	  </ControlPolicy>
	  <RequestId>776B05B3-A0B0-464B-A191-F4E1119A94B2</RequestId>
</CreateControlPolicyResponse>

JSON format

{
  "ControlPolicy": {
    "PolicyType": "Custom",
    "UpdateDate": "2021-03-18T09:24:19Z",
    "Description": "ExampleControlPolicy",
    "AttachmentCount": 0,
    "PolicyName": "ExampleControlPolicy",
    "CreateDate": "2021-03-18T09:24:19Z",
    "PolicyId": "cp-jExXAqIYkwHN****",
    "EffectScope": "RAM"
  },
  "RequestId": "776B05B3-A0B0-464B-A191-F4E1119A94B2"
}

Error codes

For a list of error codes, visit the API Error Center.