ALIYUN::RAM::ManagedPolicy - Resource Types| Alibaba Cloud Documentation Center

ALIYUN::RAM::ManagedPolicy

Edit in Github

Last Updated: May 09, 2019 Edit in Github

ALIYUN::RAM::ManagedPolicy is used to create a RAM policy.

Syntax

{
  "Type": "ALIYUN::RAM::ManagedPolicy",
  "Properties": {
    "PolicyName": String,
    "Description": String,
    "PolicyDocument": Map,
    "Users": List,
    "Groups": List,
    "Roles": List
  }
}

Properties


Name	Type	Required	Editable	Description	Validity
PolicyName	String	Yes	No	The name of the policy.	The name can be up to 128 characters in length.
Description	String	No	No	The description of the policy.	The description can be up to 1,024 characters in length.
PolicyDocument	Map	No	No	The policy details.	None
Users	List	No	No	The users to whom the policy is to be applied.	None
Groups	List	No	No	The groups to which the policy is to be applied.	None
Roles	List	No	No	The roles to which the policy is to be applied.	None
PolicyDocumentUnchecked	Map	No	No	The policy document that describes what actions are allowed on which resources. If this parameter is set, the PolicyDocument parameter is ignored.	None

PolicyDocument syntax

"PolicyDocument": {
  "Version": String,
  "Statement": [
    {
      "Effect": String,
      "Action": List,
      "Resource": List
    }
  ]
}

PolicyDocument properties


Name	Type	Required	Editable	Description	Validity
Version	String	No	No	The policy version.	None
Statement	List	No	No	The rules of the policy.	None
Action	List	No	No	The specific operations to apply the policy on.	None
Resource	List	No	No	The resources to which the policy is applied.	None
Effect	String	No	No	Indicates whether operations defined by the Action parameter can be performed on the resources defined by the Resource parameter.	None

Response parameters

Fn::GetAtt

PolicyName: the name of the policy.

Examples

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Resources": {
    "RamPolicy": {
      "Type": "ALIYUN::RAM::ManagedPolicy",
      "Properties": {
        "PolicyName": "RosTest",
        "Description": "createdByRos",
        "PolicyDocument": {
          "Version": "1",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [ "oss:*" ],
              "Resource": ["acs:oss:*:*:*"]
            }
          ]
        },
        "Roles": ["RosRole"],
        "Groups": ["RosGroup"],
        "Users": ["RosUser"]
      }
    }
  },
  "Outputs": {
    "PolicyName": {
      "Value": {
        "Fn::GetAtt": ["RamPolicy","PolicyName"]
      }
    }
  }
}