ALIYUN::RAM::User is used to create a RAM user.
Syntax
{
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": String,
"DisplayName": String,
"LoginProfile": Map,
"Groups": List,
"MobilePhone": String,
"Policies": List
}
}Properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| UserName | String | Yes | No | The name of the RAM user. | The name can be up to 64 characters in length. |
| DisplayName | String | No | No | The display name of the RAM user. | The name can be up to 12 characters in length. |
| LoginProfile | Map | No | No | The logon configurations of the RAM user. | For more information, see LoginProfile properties. |
| Groups | List | No | No | The groups to which the RAM user will be added. | None |
| MobilePhone | String | No | No | The mobile phone number of the RAM user. | None |
| Policies | List | No | No | The policies to be applied to the RAM user. | For more information, see Policies properties. |
LoginProfile syntax
"LoginProfile": {
"MFABindRequired": Boolean,
"Password": String,
"PasswordResetRequired": Boolean
} LoginProfile properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| MFABindRequired | Boolean | No | No | Specifies whether the RAM user must bind a multi-factor authentication (MFA) device upon the next logon. | None |
| Password | String | No | No | The logon password. | The password must be 8 to 32 characters in length and must comply with the password strength requirements. |
| PasswordResetRequired | Boolean | No | No | Specifies whether the RAM user has to change the password upon logon. | None |
Policies syntax
"Policies": [
{
"PolicyName": String,
"PolicyDocument": {
"Version": String,
"Statement": [
{
"Effect": String,
"Action": List,
"Resource": List
}
]
}
}
] Policies properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| PolicyName | String | Yes | No | The name of the policy. | The name can be up to 128 characters in length. |
| PolicyDocument | Map | No | No | The details of the policy. | None |
| Version | String | No | No | The version of the policy. | None |
| Statement | List | No | No | The rules of the policy. | None |
| Action | List | No | No | The specific operations to which the policy is applied. | None |
| Resource | List | No | No | The specific resources to which the policy is applied. | None |
| Effect | String | No | No | Specifies whether operations defined by the Action parameter can be performed on the resources defined by the Resource parameter. | None |
Response parameters
Fn::GetAtt
- UserName: the name of the RAM user.
- UserId: the ID of the RAM user.
- CreateDate: the date when the RAM user was created.
- LastLoginDate: the last logon time of the RAM user.
Examples
JSON format
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"UserName": {
"Type": "String",
"Description": "Specifies the user name, containing up to 64 characters."
},
"Policies": {
"Type": "Json",
"Description": "Describes what actions are allowed on what resources."
},
"Groups": {
"Type": "CommaDelimitedList",
"Description": "A name of a group to which you want to add the user."
},
"DisplayName": {
"Type": "String",
"Description": "Display name, up to 12 characters or Chinese characters."
},
"LoginProfile": {
"Type": "Json",
"Description": "Creates a login profile for users so that they can access the AliCloud Management Console."
},
"MobilePhone": {
"Type": "String",
"Description": "Phone number of ram user."
}
},
"Resources": {
"User": {
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": {
"Ref": "UserName"
},
"Policies": {
"Ref": "Policies"
},
"Groups": {
"Ref": "Groups"
},
"DisplayName": {
"Ref": "DisplayName"
},
"LoginProfile": {
"Ref": "LoginProfile"
},
"MobilePhone": {
"Ref": "MobilePhone"
}
}
}
},
"Outputs": {
"UserName": {
"Description": "Name of ram user.",
"Value": {
"Fn::GetAtt": [
"User",
"UserName"
]
}
},
"UserId": {
"Description": "Id of ram user.",
"Value": {
"Fn::GetAtt": [
"User",
"UserId"
]
}
},
"LastLoginDate": {
"Description": "Last login date of ram user.",
"Value": {
"Fn::GetAtt": [
"User",
"LastLoginDate"
]
}
},
"CreateDate": {
"Description": "Create date of ram user.",
"Value": {
"Fn::GetAtt": [
"User",
"CreateDate"
]
}
}
}
}YAML format
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
UserName:
Type: String
Description: 'Specifies the user name, containing up to 64 characters.'
Policies:
Type: Json
Description: Describes what actions are allowed on what resources.
Groups:
Type: CommaDelimitedList
Description: A name of a group to which you want to add the user.
DisplayName:
Type: String
Description: 'Display name, up to 12 characters or Chinese characters.'
LoginProfile:
Type: Json
Description: >-
Creates a login profile for users so that they can access the AliCloud
Management Console.
MobilePhone:
Type: String
Description: Phone number of ram user.
Resources:
User:
Type: 'ALIYUN::RAM::User'
Properties:
UserName:
Ref: UserName
Policies:
Ref: Policies
Groups:
Ref: Groups
DisplayName:
Ref: DisplayName
LoginProfile:
Ref: LoginProfile
MobilePhone:
Ref: MobilePhone
Outputs:
UserName:
Description: Name of ram user.
Value:
'Fn::GetAtt':
- User
- UserName
UserId:
Description: Id of ram user.
Value:
'Fn::GetAtt':
- User
- UserId
LastLoginDate:
Description: Last login date of ram user.
Value:
'Fn::GetAtt':
- User
- LastLoginDate
CreateDate:
Description: Create date of ram user.
Value:
'Fn::GetAtt':
- User
- CreateDate