ALIYUN::RAM::User is used to call the CreateUser operation to create a RAM user.

Syntax

{
  "Type": "ALIYUN::RAM::User",
  "Properties": {
    "UserName": String,
    "DisplayName": String,
    "Groups": List,
    "LoginProfile": Map,
    "Policies": List,
    "MobilePhone": String
  }
}

Properties

Name Type Required Editable Description Validity
UserName String Yes No The name of the RAM user. The name can be up to 64 characters in length. Format: ^[a-zA-Z0-9\. @\-_]+$. None
DisplayName String No No The display name of the RAM user. The name can be up to 128 characters in length. Format: ^[a-zA-Z0-9\.@\-\u4e00-\u9fa5]+$. None
Groups List No No The groups to which you want to add the RAM user. None
LoginProfile Map No No The logon configurations that allow the RAM user to access the Alibaba Cloud console. None
Policies List No No The authorization policies that describe what actions are allowed on what resources. None
MobilePhone String No No The mobile phone number of the RAM user. Format: country code - phone number. None

LoginProfile syntax

"LoginProfile": {
  "PasswordResetRequired": Boolean,
  "Password": String,
  "MFABindRequired": Boolean
}

LoginProfile properties

Name Type Required Editable Description Validity
PasswordResetRequired Boolean No No Specifies whether the RAM user has to change the password upon logon. Default value: false. None
Password String No No The logon password of the RAM user. The password must comply with the password strength requirements. For more information about the API operation for setting password strength, see t12447.dita#doc_api_Ram_GetPasswordPolicy. None
MFABindRequired Boolean No No Specifies whether the user must bind a multi-factor authentication device the next time that the user logs on. Default value: false. None

Policies syntax

"Policies": [
  {
    "PolicyName": String,
    "PolicyDocument": Map,
    "Description": String
  }
]

Policies properties

Name Type Required Editable Description Validity
PolicyName String Yes No The name of the authorization policy. The name can be up to 128 characters in length. Format: ^[a-zA-Z0-9\-]+$. None
PolicyDocument Map Yes No The content of the authorization policy. None
Description String No No The description of the authorization policy. The description can be up to 1,024 characters in length. None

Response parameters

Fn::GetAtt

  • UserName: the name of the RAM user.
  • CreateDate: the date on which the RAM user is created.
  • UserId: the ID of the RAM user.
  • LastLoginDate: the last logon date of the RAM user.

Examples

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Resources": {
    "User": {
      "Type": "ALIYUN::RAM::User",
      "Properties": {
        "UserName": {
          "Ref": "UserName"
        },
        "DisplayName": {
          "Ref": "DisplayName"
        },
        "Groups": {
          "Fn::Split": [
            ",",
            {
              "Ref": "Groups"
            }
          ]
        },
        "LoginProfile": {
          "Ref": "LoginProfile"
        },
        "Policies": {
          "Ref": "Policies"
        },
        "MobilePhone": {
          "Ref": "MobilePhone"
        }
      }
    }
  },
  "Parameters": {
    "UserName": {
      "Type": "String",
      "Description": "Specifies the user name, containing up to 64 characters."
    },
    "DisplayName": {
      "Type": "String",
      "Description": "Display name, up to 12 characters or Chinese characters."
    },
    "Groups": {
      "Type": "CommaDelimitedList",
      "Description": "A name of a group to which you want to add the user."
    },
    "LoginProfile": {
      "Type": "Json",
      "Description": "Creates a login profile for users so that they can access the AliCloud Management Console."
    },
    "Policies": {
      "Type": "Json",
      "Description": "Describes what actions are allowed on what resources."
    },
    "MobilePhone": {
      "Type": "String",
      "Description": "Phone number of ram user."
    }
  },
  "Outputs": {
    "UserName": {
      "Description": "Name of ram user.",
      "Value": {
        "Fn::GetAtt": [
          "User",
          "UserName"
        ]
      }
    },
    "CreateDate": {
      "Description": "Create date of ram user.",
      "Value": {
        "Fn::GetAtt": [
          "User",
          "CreateDate"
        ]
      }
    },
    "UserId": {
      "Description": "Id of ram user.",
      "Value": {
        "Fn::GetAtt": [
          "User",
          "UserId"
        ]
      }
    },
    "LastLoginDate": {
      "Description": "Last login date of ram user.",
      "Value": {
        "Fn::GetAtt": [
          "User",
          "LastLoginDate"
        ]
      }
    }
  }
}