ALIYUN::RAM::Role is used to create a RAM role.
Syntax
{
"Type": "ALIYUN::RAM::Role",
"Properties": {
"RoleName": String,
"Description": String,
"AssumeRolePolicyDocument": Map,
"Policies": List
}
}Properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| RoleName | String | Yes | No | The name of the RAM role. | The name can be up to 64 characters in length and can contain letters, digits, periods (.), underscores (_), and hyphens (-). |
| Description | String | No | No | The description of the RAM role. | The description can be up to 1,024 characters in length. |
| AssumeRolePolicyDocument | Map | Yes | No | The identity that can assume the RAM role. | For more information, see AssumeRolePolicyDocument properties. |
| Policies | List | No | No | The policies that are to be applied to the RAM role. | For more information, see Policies properties. |
AssumeRolePolicyDocument syntax
"AssumeRolePolicyDocument": {
"Version": String,
"Statement": [
{
"Effect": String,
"Action": List,
"Principal": {
"Service": List
}
}
]
} AssumeRolePolicyDocument properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| Version | String | No | No | The version of the policy. | None |
| Statement | List | No | No | The rules of the policy. | None |
| Action | List | No | No | The specific operations to which the policy is applied. | None |
| Principal | Map | No | No | The specific services to which the policy is applied. | None |
| Effect | String | No | No | Specifies whether operations defined by the Action parameter can be performed on the services defined by the Principal parameter. | None |
| Service | List | No | No | The specific services. | None |
Policies syntax
"Policies": [
{
"PolicyName": String,
"PolicyDocument": {
"Version": String,
"Statement": [
{
"Effect": String,
"Action": List,
"Resource": List
}
]
}
}
] Policies properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| PolicyName | String | Yes | No | The name of the policy. | The name can be up to 128 characters in length. |
| PolicyDocument | Map | No | No | The details of the policy. | None |
| Version | String | No | No | The version of the policy. | None |
| Statement | List | No | No | The rules of the policy. | None |
| Action | List | No | No | The specific operations to which the policy is applied. | None |
| Resource | List | No | No | The specific resources to which the policy is applied. | None |
| Effect | String | No | No | Specifies whether operations defined by the Action parameter can be performed on the resources defined by the Resource parameter. | None |
| Condition | Map | No | No | The restrictions. | None |
Response parameters
Fn::GetAtt
- RoleId: the ID of the role.
- RoleName: the name of the role.
- Arn: the resource descriptor of the role.
Examples
JSON format
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"RoleName": {
"Type": "String",
"Description": "Specifies the role name, containing up to 64 characters."
},
"Description": {
"Type": "String",
"Description": "Remark information, up to 1024 characters or Chinese characters.",
"MaxLength": 1024
},
"Policies": {
"Type": "Json",
"Description": "Describes what actions are allowed on what resources."
},
"AssumeRolePolicyDocument": {
"Type": "Json",
"Description": "The RAM assume role policy that is associated with this role."
}
},
"Resources": {
"Role": {
"Type": "ALIYUN::RAM::Role",
"Properties": {
"RoleName": {
"Ref": "RoleName"
},
"Description": {
"Ref": "Description"
},
"Policies": {
"Ref": "Policies"
},
"AssumeRolePolicyDocument": {
"Ref": "AssumeRolePolicyDocument"
}
}
}
},
"Outputs": {
"RoleName": {
"Description": "Name of ram role.",
"Value": {
"Fn::GetAtt": [
"Role",
"RoleName"
]
}
},
"Arn": {
"Description": "Name of alicloud resource.",
"Value": {
"Fn::GetAtt": [
"Role",
"Arn"
]
}
},
"RoleId": {
"Description": "Id of ram role.",
"Value": {
"Fn::GetAtt": [
"Role",
"RoleId"
]
}
}
}
}YAML format
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
RoleName:
Type: String
Description: 'Specifies the role name, containing up to 64 characters.'
Description:
Type: String
Description: 'Remark information, up to 1024 characters or Chinese characters.'
MaxLength: 1024
Policies:
Type: Json
Description: Describes what actions are allowed on what resources.
AssumeRolePolicyDocument:
Type: Json
Description: The RAM assume role policy that is associated with this role.
Resources:
Role:
Type: 'ALIYUN::RAM::Role'
Properties:
RoleName:
Ref: RoleName
Description:
Ref: Description
Policies:
Ref: Policies
AssumeRolePolicyDocument:
Ref: AssumeRolePolicyDocument
Outputs:
RoleName:
Description: Name of ram role.
Value:
'Fn::GetAtt':
- Role
- RoleName
Arn:
Description: Name of alicloud resource.
Value:
'Fn::GetAtt':
- Role
- Arn
RoleId:
Description: Id of ram role.
Value:
'Fn::GetAtt':
- Role
- RoleId