edit-icon download-icon

ALIYUN::RAM::User

Last Updated: Jun 13, 2018

The ALIYUN::RAM::User type is used to create a RAM user.

Syntax

  1. {
  2. "Type" : "ALIYUN::RAM::Role",
  3. "Properties" : {
  4. "UserName" : String,
  5. "DisplayName": String,
  6. "LoginProfile" : Map,
  7. "Groups" : List,
  8. "MobilePhone" : String,
  9. "Policies " : List
  10. }
  11. }

Attributes

Attribute name Type Required Description Constraint
UserName string Yes User name The role name can contain a maximum of 64 characters
DisplayName string No Displayed name of the user The name can contain a maximum of 12 characters
LoginProfile map No User logon configuration N/A
Groups list No Group to which the user is added N/A
MobilePhone string No Mobile number of the user N/A
Policies list No Policy applied to the user N/A

LoginProfile syntax

  1. "LoginProfile" : {
  2. "MFABindRequired": Boolean,
  3. "Password" : String,
  4. "PasswordResetRequired" : Boolean
  5. }

LoginProfile attributes

Attribute name Type Required Description Constraint
MFABindRequired boolean No Whether the user must bind an MFA device upon next logon N/A
Password string No Logon password The logon password is a string of 8 to 32 characters and must comply with the password strength requirements
PasswordResetRequired boolean No Whether the user have to change the password upon logon N/A

Policies syntax

  1. "Policies" : [
  2. {
  3. "PolicyName" : String,
  4. "PolicyDocument" : {
  5. "Version": String,
  6. "Statement" : [
  7. {
  8. "Effect" : String,
  9. "Action" : List,
  10. "Resource" : List
  11. }
  12. ]
  13. }
  14. }
  15. ]

Policies attributes

Attribute name Type Required Description Constraint
PolicyName string Yes Policy name The policy name can contain a maximum of 128 characters
PolicyDocument map No Policy details N/A
Version string No Policy version N/A
Statement list No Policy rules N/A
Action list No Policy-specific operationN/A
Resource list No Resource to which the policy is applied N/A
Effect string No Whether the operation defined by the Action parameter can be performed on the resource defined by the Resource parameterN/A

Return values

Fn::GetAtt

  • UserName: RAM user name.
  • UserId: RAM user ID.
  • CreateDate: RAM user creation time.
  • LastLoginDate: last logon time of the RAM user.

Example

  1. {
  2. "ROSTemplateFormatVersion" : "2015-09-01",
  3. "Resources" : {
  4. "RamUser": {
  5. "Type": "ALIYUN::RAM::User",
  6. "Properties": {
  7. "UserName": "RosUser",
  8. "DisplayName": "createdByRos",
  9. "MobilePhone": "13800998833",
  10. "LoginProfile": {
  11. "Password": "RosUser1234",
  12. "PasswordResetRequired": false,
  13. "MFABindRequired": true
  14. },
  15. "Policies" : [
  16. {
  17. "PolicyName" : "RosUserPolicy",
  18. "PolicyDocument" : {
  19. "Version": "1",
  20. "Statement" : [
  21. {
  22. "Effect" : "Allow",
  23. "Action" : [ "oss:*" ],
  24. "Resource" : ["acs:oss:*:*:*"]
  25. }
  26. ]
  27. }
  28. }
  29. ],
  30. "Groups": ["RosGroup"]
  31. }
  32. }
  33. },
  34. "Outputs": {
  35. "UserName": {
  36. "Value": {
  37. "Fn::GetAtt": ["RamUser", "UserName"]
  38. }
  39. },
  40. "UserId": {
  41. "Value": {
  42. "Fn::GetAtt": ["RamUser", "UserId"]
  43. }
  44. }
  45. }
  46. }
Thank you! We've received your feedback.