ALIYUN::RAM::Role is used to create a RAM role.
Syntax
{
"Type": "ALIYUN::RAM::Role",
"Properties": {
"RoleName": String,
"Description": String,
"AssumeRolePolicyDocument": Map,
"MaxSessionDuration": Integer,
"Policies": List
}
}
Properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
RoleName | String | Yes | No | The name of the RAM role. | The name must be 0 to 64 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-). |
Description | String | No | No | The description of the RAM role. | The description can be up to 1,024 characters in length. |
AssumeRolePolicyDocument | Map | Yes | Yes | The identity to which the RAM role can be assigned. | For more information, see AssumeRolePolicyDocument properties. |
MaxSessionDuration | Integer | No | Yes | The maximum session duration of the RAM role. | Valid values: 3600 to 43200. Unit: seconds. Default value: 3600. |
Policies | List | No | Yes | The policies that are applied to the RAM role. | For more information, see Policies properties. |
AssumeRolePolicyDocument syntax
"AssumeRolePolicyDocument": {
"Version": String,
"Statement": List
}
AssumeRolePolicyDocument properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
Version | String | Yes | No | The version of the policy. | None. |
Statement | List | Yes | No | The statement of the policy. | None. |
Statement syntax
"Statement": [
{
"Condition": Map,
"Action": String,
"Effect": String,
"Principal": Map
}
]
Statement properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
Condition | Map | No | No | The condition element in a statement. The condition element specifies the conditions under which the principal can perform actions on resources. | None. |
Action | String | No | No | The action element in a statement. The action element specifies the actions that the principal can perform on resources under specific conditions. | None. |
Effect | String | No | No | The effect element in a statement. The effect element specifies whether the principal can perform actions on resources under specific conditions. | Valid values:
|
Principal | Map | No | No | The type of the trusted entity. | For more information, see Principal properties. |
Principal syntax
"Principal": {
"Service": List,
"Federated": List,
"RAM": List
}
Principal properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
Service | List | No | No | The name of an Alibaba Cloud service. | None. |
Federated | List | No | No | The identity provider (IdP). | None. |
RAM | List | No | No | The RAM user. | None. |
Policies syntax
"Policies": [
{
"Description": String,
"PolicyName": String,
"PolicyDocument": Map
}
]
Policies properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
Description | String | No | No | The description of the policy. | The description must be 1 to 1,024 characters in length. |
PolicyName | String | Yes | No | The name of the policy. | The name must be 1 to 128 characters in length, and can contain letters, digits, and hyphens (-). |
PolicyDocument | Map | Yes | Yes | The content of the policy. | The document can be up to 2,048 characters in length. For more information, see PolicyDocument properties. |
PolicyDocument syntax
"PolicyDocument": {
"Version": String,
"Statement": List
}
PolicyDocument properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
Version | String | Yes | No | The version of the policy. | None. |
Statement | List | Yes | No | The statement of the policy. | None. |
Statement syntax
"Statement": [
{
"Condition": Map,
"Action": List,
"Resource": List,
"Effect": String
}
]
Statement properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
Condition | Map | No | No | The condition that is required for the policy to take effect. | None. |
Action | List | No | No | The action that you want to perform based on the policy. | None. |
Resource | List | No | No | The resource to which you want to apply the policy. | None. |
Effect | String | No | No | The effect of the statement. | Valid values:
|
Return values
Fn::GetAtt
- RoleId: the ID of the role.
- RoleName: the name of the role.
- Arn: the Alibaba Cloud Resource Name (ARN) of the role.
Examples
JSON
format{ "ROSTemplateFormatVersion": "2015-09-01", "Description": "Test RAM Role", "Parameters": { }, "Resources": { "Role": { "Type": "ALIYUN::RAM::Role", "Properties": { "RoleName": "TestRole", "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": [ "actiontrail.aliyuncs.com" ] } } ], "Version": "1" } } } }, "Outputs": { "RoleId": { "Description": "Id of ram role.", "Value": { "Fn::GetAtt": [ "Role", "RoleId" ] } }, "Arn": { "Description": "Name of alicloud resource.", "Value": { "Fn::GetAtt": [ "Role", "Arn" ] } }, "RoleName": { "Description": "Name of ram role.", "Value": { "Fn::GetAtt": [ "Role", "RoleName" ] } } } }