ALIYUN::RAM::Role - Resource Types| Alibaba Cloud Documentation Center

Syntax

{
	"Type" : "ALIYUN::RAM::Role",
    "Properties" : {
    	"RoleName" : String,
		"Description": String,
        "AssumeRolePolicyDocument" : Map,
		"Policies " : List
    }
}

Properties


Name	Type	Required	Description	Constraint
RoleName	string	Yes	Role name	The role name can contain a maximum of 64 characters
Description	string	No	Role description	The description can contain a maximum of 1,024 characters
AssumeRolePolicyDocument	map	Yes	Identity that can assume this role	N/A
Policies	list	No	Policy applied to the role	N/A

AssumeRolePolicyDocument syntax

"AssumeRolePolicyDocument" : {
	"Version": String,
	"Statement" : [
		{
			"Effect" : String,
			"Action" : List,
			"Principal" : {
			    "Service": List
			}
		}
	]
}

AssumeRolePolicyDocument properties


Name	Type	Required	Description	Constraint
Version	string	No	Policy version	N/A
Statement	list	No	Policy rules	N/A
Action	list	No	Policy-specific operation	N/A
Principal	map	No	Service to which the policy is applied	N/A
Effect	string	No	Whether the operation defined by the Action parameter can be performed on the service defined by the Principal parameter	N/A
Service	list	No	Specific service	N/A

Policies syntax

"Policies" : [
    {
       "PolicyName" : String,
       "PolicyDocument" : {
           "Version": String,
           "Statement" : [
		       {
                   "Effect" : String,
                   "Action" : List,
                   "Resource" : List
               }
			]
        }
    }
]

Policies properties


Name	Type	Required	Description	Constraint
PolicyName	string	Yes	Policy name	The policy name can contain a maximum of 128 characters
PolicyDocument	map	No	Policy details	N/A
Version	string	No	Policy version	N/A
Statement	list	No	Policy rules	N/A
Action	list	No	Policy-specific operation	N/A
Resource	list	No	Resource to which the policy is applied	N/A
Effect	string	No	Whether the operation defined by the Action parameter can be performed on the resource defined by the Resource parameter	N/A

Response value

Fn::GetAtt

RoleId: role ID
RoleName: role name
Arn: resource descriptor of the role

Example

{
	"ROSTemplateFormatVersion" : "2015-09-01",
	"Resources" : {
		"RamRole": {
			"Type": "ALIYUN::RAM::Role",
			"Properties": {
				"RoleName": "RosRole",
				"Description": "createdByRos",
				"AssumeRolePolicyDocument": {
					"Statement" : [
						{
							"Action": "sts:AssumeRole",
							"Effect": "Allow",
							"Principal":{
								"Service":["actiontrail.aliyuncs.com"]
							}
						}
					],
					"Version": "1"
				},
				"Policies" : [
					{
						"PolicyName" : "RosRolePolicy",
						"PolicyDocument" : 
						{
							"Version": "1",
							"Statement" : [
								{
									"Effect" : "Allow",
									"Action" : [ "oss:*" ],
									"Resource" : ["acs:oss:*:*:*"]
								}
							]
						}
					}
				]
			}
		}
	},
	"Outputs": {
		"RoleName": {
			"Value": {
				"Fn::GetAtt": ["RamRole","RoleName"]
			}
		},
		"Arn": {
			"Value": {
				"Fn::GetAtt": ["RamRole","Arn"]
			}
		}
	}
}