edit-icon download-icon

ALIYUN::RAM::Role

Last Updated: Jun 13, 2018

The ALIYUN::RAM::Role type is used to create a RAM role.

Syntax

  1. {
  2. "Type" : "ALIYUN::RAM::Role",
  3. "Properties" : {
  4. "RoleName" : String,
  5. "Description": String,
  6. "AssumeRolePolicyDocument" : Map,
  7. "Policies " : List
  8. }
  9. }

Attributes

Attribute name Type Required Description Constraint
RoleName string Yes Role name The role name can contain a maximum of 64 characters
Description string No Role description The description can contain a maximum of 1,024 characters
AssumeRolePolicyDocument map Yes Identity that can assume this role N/A
Policies list No Policy applied to the role N/A

AssumeRolePolicyDocument syntax

  1. "AssumeRolePolicyDocument" : {
  2. "Version": String,
  3. "Statement" : [
  4. {
  5. "Effect" : String,
  6. "Action" : List,
  7. "Principal" : {
  8. "Service": List
  9. }
  10. }
  11. ]
  12. }

AssumeRolePolicyDocument attributes

Attribute name Type Required Description Constraint
Version string No Policy version N/A
Statement list No Policy rules N/A
Action list No Policy-specific operationN/A
Principal map No Service to which the policy is applied N/A
Effect string No Whether the operation defined by the Action parameter can be performed on the service defined by the Principal parameterN/A
Service list No Specific service N/A

Policies syntax

  1. "Policies" : [
  2. {
  3. "PolicyName" : String,
  4. "PolicyDocument" : {
  5. "Version": String,
  6. "Statement" : [
  7. {
  8. "Effect" : String,
  9. "Action" : List,
  10. "Resource" : List
  11. }
  12. ]
  13. }
  14. }
  15. ]

Policies attributes

Attribute name Type Required Description Constraint
PolicyName string Yes Policy name The policy name can contain a maximum of 128 characters
PolicyDocument map No Policy details N/A
Version string No Policy version N/A
Statement list No Policy rulesN/A
Action list No Policy-specific operation N/A
Resource list No Resource to which the policy is appliedN/A
Effect string No Whether the operation defined by the Action parameter can be performed on the resource defined by the Resource parameterN/A

Return values

Fn::GetAtt

  • RoleId: role ID
  • RoleName: role name
  • Arn: resource descriptor of the role

Example

  1. {
  2. "ROSTemplateFormatVersion" : "2015-09-01",
  3. "Resources" : {
  4. "RamRole": {
  5. "Type": "ALIYUN::RAM::Role",
  6. "Properties": {
  7. "RoleName": "RosRole",
  8. "Description": "createdByRos",
  9. "AssumeRolePolicyDocument": {
  10. "Statement" : [
  11. {
  12. "Action": "sts:AssumeRole",
  13. "Effect": "Allow",
  14. "Principal":{
  15. "Service":["actiontrail.aliyuncs.com"]
  16. }
  17. }
  18. ],
  19. "Version": "1"
  20. },
  21. "Policies" : [
  22. {
  23. "PolicyName" : "RosRolePolicy",
  24. "PolicyDocument" :
  25. {
  26. "Version": "1",
  27. "Statement" : [
  28. {
  29. "Effect" : "Allow",
  30. "Action" : [ "oss:*" ],
  31. "Resource" : ["acs:oss:*:*:*"]
  32. }
  33. ]
  34. }
  35. }
  36. ]
  37. }
  38. }
  39. },
  40. "Outputs": {
  41. "RoleName": {
  42. "Value": {
  43. "Fn::GetAtt": ["RamRole","RoleName"]
  44. }
  45. },
  46. "Arn": {
  47. "Value": {
  48. "Fn::GetAtt": ["RamRole","Arn"]
  49. }
  50. }
  51. }
  52. }
Thank you! We've received your feedback.