ALIYUN::RAM::User is used to create a RAM user.

Syntax

{
  "Type": "ALIYUN::RAM::User",
  "Properties": {
    "UserName": String,
    "DisplayName": String,
    "LoginProfile": Map,
    "Groups": List,
    "MobilePhone": String,
    "Policies": List
  }
}

Properties

Property Type Required Editable Description Constraint
UserName String Yes No The name of the RAM user. The name can be up to 64 characters in length.
DisplayName String No No The display name of the RAM user. The name can be up to 12 characters in length.
LoginProfile Map No No The logon configurations of the RAM user. For more information, see LoginProfile properties.
Groups List No No The groups to which the RAM user will be added. None
MobilePhone String No No The mobile phone number of the RAM user. None
Policies List No No The policies to be applied to the RAM user. For more information, see Policies properties.

LoginProfile syntax

"LoginProfile": {
  "MFABindRequired": Boolean,
  "Password": String,
  "PasswordResetRequired": Boolean
}            

LoginProfile properties

Property Type Required Editable Description Constraint
MFABindRequired Boolean No No Specifies whether the RAM user must bind a multi-factor authentication (MFA) device upon the next logon. None
Password String No No The logon password. The password must be 8 to 32 characters in length and must comply with the password strength requirements.
PasswordResetRequired Boolean No No Specifies whether the RAM user has to change the password upon logon. None

Policies syntax

"Policies": [
  {
    "PolicyName": String,
    "PolicyDocument": {
      "Version": String,
      "Statement": [
        {
          "Effect": String,
          "Action": List,
          "Resource": List
        }
      ]
    }
  }
]            

Policies properties

Property Type Required Editable Description Constraint
PolicyName String Yes No The name of the policy. The name can be up to 128 characters in length.
PolicyDocument Map No No The details of the policy. None
Version String No No The version of the policy. None
Statement List No No The rules of the policy. None
Action List No No The specific operations to which the policy is applied. None
Resource List No No The specific resources to which the policy is applied. None
Effect String No No Specifies whether operations defined by the Action parameter can be performed on the resources defined by the Resource parameter. None

Response parameters

Fn::GetAtt

  • UserName: the name of the RAM user.
  • UserId: the ID of the RAM user.
  • CreateDate: the date when the RAM user was created.
  • LastLoginDate: the last logon time of the RAM user.

Examples

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "UserName": {
      "Type": "String",
      "Description": "Specifies the user name, containing up to 64 characters."
    },
    "Policies": {
      "Type": "Json",
      "Description": "Describes what actions are allowed on what resources."
    },
    "Groups": {
      "Type": "CommaDelimitedList",
      "Description": "A name of a group to which you want to add the user."
    },
    "DisplayName": {
      "Type": "String",
      "Description": "Display name, up to 12 characters or Chinese characters."
    },
    "LoginProfile": {
      "Type": "Json",
      "Description": "Creates a login profile for users so that they can access the AliCloud Management Console."
    },
    "MobilePhone": {
      "Type": "String",
      "Description": "Phone number of ram user."
    }
  },
  "Resources": {
    "User": {
      "Type": "ALIYUN::RAM::User",
      "Properties": {
        "UserName": {
          "Ref": "UserName"
        },
        "Policies": {
          "Ref": "Policies"
        },
        "Groups": {
          "Ref": "Groups"
        },
        "DisplayName": {
          "Ref": "DisplayName"
        },
        "LoginProfile": {
          "Ref": "LoginProfile"
        },
        "MobilePhone": {
          "Ref": "MobilePhone"
        }
      }
    }
  },
  "Outputs": {
    "UserName": {
      "Description": "Name of ram user.",
      "Value": {
        "Fn::GetAtt": [
          "User",
          "UserName"
        ]
      }
    },
    "UserId": {
      "Description": "Id of ram user.",
      "Value": {
        "Fn::GetAtt": [
          "User",
          "UserId"
        ]
      }
    },
    "LastLoginDate": {
      "Description": "Last login date of ram user.",
      "Value": {
        "Fn::GetAtt": [
          "User",
          "LastLoginDate"
        ]
      }
    },
    "CreateDate": {
      "Description": "Create date of ram user.",
      "Value": {
        "Fn::GetAtt": [
          "User",
          "CreateDate"
        ]
      }
    }
  }
}

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  UserName:
    Type: String
    Description: 'Specifies the user name, containing up to 64 characters.'
  Policies:
    Type: Json
    Description: Describes what actions are allowed on what resources.
  Groups:
    Type: CommaDelimitedList
    Description: A name of a group to which you want to add the user.
  DisplayName:
    Type: String
    Description: 'Display name, up to 12 characters or Chinese characters.'
  LoginProfile:
    Type: Json
    Description: >-
      Creates a login profile for users so that they can access the AliCloud
      Management Console.
  MobilePhone:
    Type: String
    Description: Phone number of ram user.
Resources:
  User:
    Type: 'ALIYUN::RAM::User'
    Properties:
      UserName:
        Ref: UserName
      Policies:
        Ref: Policies
      Groups:
        Ref: Groups
      DisplayName:
        Ref: DisplayName
      LoginProfile:
        Ref: LoginProfile
      MobilePhone:
        Ref: MobilePhone
Outputs:
  UserName:
    Description: Name of ram user.
    Value:
      'Fn::GetAtt':
        - User
        - UserName
  UserId:
    Description: Id of ram user.
    Value:
      'Fn::GetAtt':
        - User
        - UserId
  LastLoginDate:
    Description: Last login date of ram user.
    Value:
      'Fn::GetAtt':
        - User
        - LastLoginDate
  CreateDate:
    Description: Create date of ram user.
    Value:
      'Fn::GetAtt':
        - User
        - CreateDate