The ALIYUN::RAM::ManagedPolicy type is used to create a RAM management policy.
Syntax
{"Type" : "ALIYUN::RAM::ManagedPolicy","Properties" : {"PolicyName" : String,"Description": String,"PolicyDocument" : Map,"Users" : List,"Groups" : List,"Roles" : List}}
Attributes
| Attribute name | Type | Required | Description | Constraint |
|---|---|---|---|---|
| PolicyName | string | Yes | Policy name | The policy name can contain a maximum of 128 characters |
| Description | string | No | Policy description | The description can contain a maximum of 1,024 characters |
| PolicyDocument | map | Yes | Policy details | N/A |
| Users | list | No | Users to which the policy is applied | N/A |
| Groups | list | No | Groups to which the policy is applied | N/A |
| Roles | list | No | Roles to which the policy is applied | N/A |
PolicyDocument syntax
"PolicyDocument" : {"Version": String,"Statement" : [{"Effect" : String,"Action" : List,"Resource" : List}]}
PolicyDocument attributes
| Attribute name | Type | Required? | Description | Constraint |
|---|---|---|---|---|
| Version | string | No | Policy version | N/A |
| Statement | list | No | Policy rules | N/A |
| Action | list | No | Policy-specific operation | N/A |
| Resource | list | No | Resource to which the policy is applied | N/A |
| Effect | string | No | Whether the operation defined by the Action parameter can be performed on the resource defined by the Resource parameter | N/A |
Return values
Fn::GetAtt
PolicyName: policy name.
Example
{"ROSTemplateFormatVersion" : "2015-09-01","Resources" : {"RamPolicy": {"Type": "ALIYUN::RAM::ManagedPolicy","Properties": {"PolicyName": "RosTest","Description": "createdByRos","PolicyDocument" : {"Version": "1","Statement" : [{"Effect" : "Allow","Action" : [ "oss:*" ],"Resource" : ["acs:oss:*:*:*"]}]},"Roles": ["RosRole"],"Groups": ["RosGroup"],"Users": ["RosUser"]}}},"Outputs": {"PolicyName": {"Value": {"Fn::GetAtt": ["RamPolicy","PolicyName"]}}}}