The ALIYUN::RAM::Role type is used to create a RAM role.
Syntax
{
"Type" : "ALIYUN::RAM::Role",
"Properties" : {
"RoleName" : String,
"Description": String,
"AssumeRolePolicyDocument" : Map,
"Policies " : List
}
}
Attributes
Attribute name | Type | Required | Description | Constraint |
---|
RoleName | string | Yes | Role name | The role name can contain a maximum of 64 characters |
Description | string | No | Role description | The description can contain a maximum of 1,024 characters |
AssumeRolePolicyDocument | map | Yes | Identity that can assume this role | N/A |
Policies | list | No | Policy applied to the role | N/A |
AssumeRolePolicyDocument syntax
"AssumeRolePolicyDocument" : {
"Version": String,
"Statement" : [
{
"Effect" : String,
"Action" : List,
"Principal" : {
"Service": List
}
}
]
}
AssumeRolePolicyDocument attributes
Attribute name | Type | Required | Description | Constraint |
---|
Version | string | No | Policy version | N/A |
Statement | list | No | Policy rules | N/A |
Action | list | No | Policy-specific operation | N/A |
Principal | map | No | Service to which the policy is applied | N/A |
Effect | string | No | Whether the operation defined by the Action parameter can be performed on the service defined by the Principal parameter | N/A |
Service | list | No | Specific service | N/A |
Policies syntax
"Policies" : [
{
"PolicyName" : String,
"PolicyDocument" : {
"Version": String,
"Statement" : [
{
"Effect" : String,
"Action" : List,
"Resource" : List
}
]
}
}
]
Policies attributes
Attribute name | Type | Required | Description | Constraint |
---|
PolicyName | string | Yes | Policy name | The policy name can contain a maximum of 128 characters |
PolicyDocument | map | No | Policy details | N/A |
Version | string | No | Policy version | N/A |
Statement | list | No | Policy rules | N/A |
Action | list | No | Policy-specific operation | N/A |
Resource | list | No | Resource to which the policy is applied | N/A |
Effect | string | No | Whether the operation defined by the Action parameter can be performed on the resource defined by the Resource parameter | N/A |
Return values
Fn::GetAtt
- RoleId: role ID
- RoleName: role name
- Arn: resource descriptor of the role
Example
{
"ROSTemplateFormatVersion" : "2015-09-01",
"Resources" : {
"RamRole": {
"Type": "ALIYUN::RAM::Role",
"Properties": {
"RoleName": "RosRole",
"Description": "createdByRos",
"AssumeRolePolicyDocument": {
"Statement" : [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal":{
"Service":["actiontrail.aliyuncs.com"]
}
}
],
"Version": "1"
},
"Policies" : [
{
"PolicyName" : "RosRolePolicy",
"PolicyDocument" :
{
"Version": "1",
"Statement" : [
{
"Effect" : "Allow",
"Action" : [ "oss:*" ],
"Resource" : ["acs:oss:*:*:*"]
}
]
}
}
]
}
}
},
"Outputs": {
"RoleName": {
"Value": {
"Fn::GetAtt": ["RamRole","RoleName"]
}
},
"Arn": {
"Value": {
"Fn::GetAtt": ["RamRole","Arn"]
}
}
}
}
Thank you! We've received your feedback.
Thank you for your rating!
Thank you for your rating!
Comments or suggestions?
What might be the problems? (Select all that apply)
How can we make it better? (Select all that apply)