ALIYUN::RAM::ManagedPolicy - Resource Types| Alibaba Cloud Documentation Center

ALIYUN::RAM::ManagedPolicy

Edit in GitHub

Last Updated: Jul 03, 2020 Edit in GitHub

ALIYUN::RAM::ManagedPolicy is used to create a RAM policy.

Syntax

{
  "Type": "ALIYUN::RAM::ManagedPolicy",
  "Properties": {
    "PolicyName": String,
    "Description": String,
    "Roles": List,
    "PolicyDocumentUnchecked": Map,
    "PolicyDocument": Map,
    "Groups": List,
    "Users": List
  }
}

Properties


Property	Type	Required	Editable	Description	Constraint
PolicyName	String	Yes	No	The name of the policy.	The name can be up to 128 characters in length.
Description	String	No	No	The description of the policy.	The description can be up to 1,024 characters in length.
PolicyDocument	Map	No	Yes	The policy details.	None
Users	List	No	No	The users to whom the policy is to be applied.	None
Groups	List	No	No	The groups to which the policy is to be applied.	None
Roles	List	No	No	The roles to which the policy is to be applied.	None
PolicyDocumentUnchecked	Map	No	Yes	The policy document that describes what actions are allowed on which resources. If this parameter is set, the PolicyDocument parameter is ignored.	None

PolicyDocument syntax

"PolicyDocument": {
  "Version": String,
  "Statement": [
    {
      "Effect": String,
      "Action": List,
      "Resource": List
    }
  ]
}

PolicyDocument properties


Property	Type	Required	Editable	Description	Constraint
Version	String	No	No	The version of the policy.	None
Statement	List	No	No	The rules of the policy.	None
Action	list	No	No	The specific operations to which the policy is applied.	None
Resource	List	No	No	The specific resources to which the policy is applied.	None
Effect	String	No	No	Specifies whether operations defined by the Action parameter can be performed on the resources defined by the Resource parameter.	None

Response parameters

Fn::GetAtt

PolicyName: the name of the policy.

Examples

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Resources": {
    "RamPolicy": {
      "Type": "ALIYUN::RAM::ManagedPolicy",
      "Properties": {
        "PolicyName": "RosTest",
        "Description": "createdByRos",
        "PolicyDocument": {
          "Version": "1",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [ "oss:*" ],
              "Resource": ["acs:oss:*:*:*"]
            }
          ]
        },
        "Roles": ["RosRole"],
        "Groups": ["RosGroup"],
        "Users": ["RosUser"]
      }
    }
  },
  "Outputs": {
    "PolicyName": {
      "Value": {
        "Fn::GetAtt": ["RamPolicy","PolicyName"]
      }
    }
  }
}