ALIYUN::RAM::ManagedPolicy is used to create a RAM policy.

Syntax

{
  "Type": "ALIYUN::RAM::ManagedPolicy",
  "Properties": {
    "PolicyName": String,
    "Description": String,
    "Roles": List,
    "PolicyDocumentUnchecked": Map,
    "PolicyDocument": Map,
    "Groups": List,
    "Users": List
  }
}

Properties

Property Type Required Editable Description Constraint
PolicyName String Yes No The name of the policy. The name can be up to 128 characters in length.
Description String No No The description of the policy. The description can be up to 1,024 characters in length.
PolicyDocument Map No Yes The policy details. None
Users List No No The users to whom the policy is to be applied. None
Groups List No No The groups to which the policy is to be applied. None
Roles List No No The roles to which the policy is to be applied. None
PolicyDocumentUnchecked Map No Yes The policy document that describes what actions are allowed on which resources. If this parameter is set, the PolicyDocument parameter is ignored. None

PolicyDocument syntax

"PolicyDocument": {
  "Version": String,
  "Statement": [
    {
      "Effect": String,
      "Action": List,
      "Resource": List
    }
  ]
}

PolicyDocument properties

Property Type Required Editable Description Constraint
Version String No No The version of the policy. None
Statement List No No The rules of the policy. None
Action list No No The specific operations to which the policy is applied. None
Resource List No No The specific resources to which the policy is applied. None
Effect String No No Specifies whether operations defined by the Action parameter can be performed on the resources defined by the Resource parameter. None

Response parameters

Fn::GetAtt

PolicyName: the name of the policy.

Examples

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Resources": {
    "RamPolicy": {
      "Type": "ALIYUN::RAM::ManagedPolicy",
      "Properties": {
        "PolicyName": "RosTest",
        "Description": "createdByRos",
        "PolicyDocument": {
          "Version": "1",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [ "oss:*" ],
              "Resource": ["acs:oss:*:*:*"]
            }
          ]
        },
        "Roles": ["RosRole"],
        "Groups": ["RosGroup"],
        "Users": ["RosUser"]
      }
    }
  },
  "Outputs": {
    "PolicyName": {
      "Value": {
        "Fn::GetAtt": ["RamPolicy","PolicyName"]
      }
    }
  }
}