ALIYUN::RAM::ManagedPolicy is used to create a management policy for RAM users.
Syntax
{
"Type": "ALIYUN::RAM::ManagedPolicy",
"Properties": {
"PolicyName": String,
"Description": String,
"Roles": List,
"PolicyDocumentUnchecked": Map,
"PolicyDocument": Map,
"Groups": List,
"Users": List
}
}
Properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
PolicyName | String | Yes | No | The name of the policy. | The name can be up to 128 characters in length. |
Description | String | No | No | The description of the policy. | The description can be up to 1,024 characters in length. |
PolicyDocument | Map | No | Yes | The details of the policy. | For more information, see PolicyDocument properties. |
Users | List | No | No | The users to whom the policy is to be applied. | None |
Groups | List | No | No | The user groups to which the policy is to be applied. | None |
Roles | List | No | No | The roles to which the policy is to be applied. | None |
PolicyDocumentUnchecked | Map | No | Yes | The policy document that describes what actions are allowed on which resources. | If you specify this parameter, the PolicyDocument parameter is ignored. |
PolicyDocument syntax
"PolicyDocument": {
"Version": String,
"Statement": List
}
PolicyDocument properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
Version | String | No | No | The version of the policy. | None |
Statement | List | No | No | The rules of the policy. | For more information, see Statement properties. |
Statement syntax
"Statement": [
{
"Condition": Map,
"Action": List,
"Resource": List,
"Effect": String
}
]
Statement properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
Condition | Map | No | No | The restrictions that are required for the permission policy to take effect. | None |
Action | List | No | No | The operations to which the permission policy is applied. | None |
Resource | List | No | No | The resources to which the permission policy is applied. | None |
Effect | String | No | No | The permission effect. | Valid values:
|
Response parameters
Fn::GetAtt
PolicyName: the name of the policy.
Examples
JSON
format
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"Description": {
"Type": "String",
"Description": "Specifies the authorization policy description, containing up to 1024 characters.",
"MaxLength": 1024
},
"Groups": {
"Type": "CommaDelimitedList",
"Description": "The names of groups to attach to this policy."
},
"PolicyName": {
"Type": "String",
"Description": "Specifies the authorization policy name, containing up to 128 characters."
},
"PolicyDocumentUnchecked": {
"Type": "Json",
"Description": "A policy document that describes what actions are allowed on which resources. If it is specified, PolicyDocument will be ignored."
},
"PolicyDocument": {
"Type": "Json",
"Description": "A policy document that describes what actions are allowed on which resources."
},
"Roles": {
"Type": "CommaDelimitedList",
"Description": "The names of roles to attach to this policy."
},
"Users": {
"Type": "CommaDelimitedList",
"Description": "The names of users to attach to this policy."
}
},
"Resources": {
"Policy": {
"Type": "ALIYUN::RAM::ManagedPolicy",
"Properties": {
"Description": {
"Ref": "Description"
},
"Groups": {
"Ref": "Groups"
},
"PolicyName": {
"Ref": "PolicyName"
},
"PolicyDocumentUnchecked": {
"Ref": "PolicyDocumentUnchecked"
},
"PolicyDocument": {
"Ref": "PolicyDocument"
},
"Roles": {
"Ref": "Roles"
},
"Users": {
"Ref": "Users"
}
}
}
},
"Outputs": {
"PolicyName": {
"Description": "When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the ARN.",
"Value": {
"Fn::GetAtt": [
"Policy",
"PolicyName"
]
}
}
}
}
YAML
format
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
Description:
Type: String
Description: >-
Specifies the authorization policy description, containing up to 1024
characters.
MaxLength: 1024
Groups:
Type: CommaDelimitedList
Description: The names of groups to attach to this policy.
PolicyName:
Type: String
Description: 'Specifies the authorization policy name, containing up to 128 characters.'
PolicyDocumentUnchecked:
Type: Json
Description: >-
A policy document that describes what actions are allowed on which
resources. If it is specified, PolicyDocument will be ignored.
PolicyDocument:
Type: Json
Description: >-
A policy document that describes what actions are allowed on which
resources.
Roles:
Type: CommaDelimitedList
Description: The names of roles to attach to this policy.
Users:
Type: CommaDelimitedList
Description: The names of users to attach to this policy.
Resources:
Policy:
Type: 'ALIYUN::RAM::ManagedPolicy'
Properties:
Description:
Ref: Description
Groups:
Ref: Groups
PolicyName:
Ref: PolicyName
PolicyDocumentUnchecked:
Ref: PolicyDocumentUnchecked
PolicyDocument:
Ref: PolicyDocument
Roles:
Ref: Roles
Users:
Ref: Users
Outputs:
PolicyName:
Description: >-
When the logical ID of this resource is provided to the Ref intrinsic
function, Ref returns the ARN.
Value:
'Fn::GetAtt':
- Policy
- PolicyName