ALIYUN::RAM::ManagedPolicy is used to create a management policy for RAM users.
Syntax
{
"Type": "ALIYUN::RAM::ManagedPolicy",
"Properties": {
"PolicyName": String,
"Description": String,
"Roles": List,
"PolicyDocumentUnchecked": Map,
"PolicyDocument": Map,
"Groups": List,
"Users": List
}
}Properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| PolicyName | String | Yes | No | The name of the policy. | The name can be up to 128 characters in length. |
| Description | String | No | No | The description of the policy. | The description can be up to 1,024 characters in length. |
| PolicyDocument | Map | No | Yes | The details of the policy. | For more information, see PolicyDocument properties. |
| Users | List | No | No | The users to whom the policy is to be applied. | None |
| Groups | List | No | No | The user groups to which the policy is to be applied. | None |
| Roles | List | No | No | The roles to which the policy is to be applied. | None |
| PolicyDocumentUnchecked | Map | No | Yes | The policy document that describes what actions are allowed on which resources. | If this parameter is set, the PolicyDocument parameter is ignored. |
PolicyDocument syntax
"PolicyDocument": {
"Version": String,
"Statement": [
{
"Effect": String,
"Action": List,
"Resource": List
}
]
}PolicyDocument properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| Version | String | No | No | The version of the policy. | None |
| Statement | List | No | No | The rules of the policy. | None |
| Action | List | No | No | The specific operations to which the policy is applied. | None |
| Resource | List | No | No | The specific resources to which the policy is applied. | None |
| Effect | String | No | No | Specifies whether operations defined by the Action parameter can be performed on the resources defined by the Resource parameter. | None |
Response parameters
Fn::GetAtt
PolicyName: the name of the policy.
Examples
JSON format
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"Description": {
"Type": "String",
"Description": "Specifies the authorization policy description, containing up to 1024 characters.",
"MaxLength": 1024
},
"Groups": {
"Type": "CommaDelimitedList",
"Description": "The names of groups to attach to this policy."
},
"PolicyName": {
"Type": "String",
"Description": "Specifies the authorization policy name, containing up to 128 characters."
},
"PolicyDocumentUnchecked": {
"Type": "Json",
"Description": "A policy document that describes what actions are allowed on which resources. If it is specified, PolicyDocument will be ignored."
},
"PolicyDocument": {
"Type": "Json",
"Description": "A policy document that describes what actions are allowed on which resources."
},
"Roles": {
"Type": "CommaDelimitedList",
"Description": "The names of roles to attach to this policy."
},
"Users": {
"Type": "CommaDelimitedList",
"Description": "The names of users to attach to this policy."
}
},
"Resources": {
"Policy": {
"Type": "ALIYUN::RAM::ManagedPolicy",
"Properties": {
"Description": {
"Ref": "Description"
},
"Groups": {
"Ref": "Groups"
},
"PolicyName": {
"Ref": "PolicyName"
},
"PolicyDocumentUnchecked": {
"Ref": "PolicyDocumentUnchecked"
},
"PolicyDocument": {
"Ref": "PolicyDocument"
},
"Roles": {
"Ref": "Roles"
},
"Users": {
"Ref": "Users"
}
}
}
},
"Outputs": {
"PolicyName": {
"Description": "When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the ARN.",
"Value": {
"Fn::GetAtt": [
"Policy",
"PolicyName"
]
}
}
}
}YAML format
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
Description:
Type: String
Description: >-
Specifies the authorization policy description, containing up to 1024
characters.
MaxLength: 1024
Groups:
Type: CommaDelimitedList
Description: The names of groups to attach to this policy.
PolicyName:
Type: String
Description: 'Specifies the authorization policy name, containing up to 128 characters.'
PolicyDocumentUnchecked:
Type: Json
Description: >-
A policy document that describes what actions are allowed on which
resources. If it is specified, PolicyDocument will be ignored.
PolicyDocument:
Type: Json
Description: >-
A policy document that describes what actions are allowed on which
resources.
Roles:
Type: CommaDelimitedList
Description: The names of roles to attach to this policy.
Users:
Type: CommaDelimitedList
Description: The names of users to attach to this policy.
Resources:
Policy:
Type: 'ALIYUN::RAM::ManagedPolicy'
Properties:
Description:
Ref: Description
Groups:
Ref: Groups
PolicyName:
Ref: PolicyName
PolicyDocumentUnchecked:
Ref: PolicyDocumentUnchecked
PolicyDocument:
Ref: PolicyDocument
Roles:
Ref: Roles
Users:
Ref: Users
Outputs:
PolicyName:
Description: >-
When the logical ID of this resource is provided to the Ref intrinsic
function, Ref returns the ARN.
Value:
'Fn::GetAtt':
- Policy
- PolicyName