ALIYUN::RAM::User is used to create a RAM user.
Syntax
{
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": String,
"DisplayName": String,
"LoginProfile": Map,
"Groups": List,
"MobilePhone": String,
"Email": String,
"Comments": String,
"Policies": List
}
}
Properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
UserName | String | Yes | No | The name of the RAM user. | The name can be up to 64 characters in length. |
DisplayName | String | No | No | The display name of the RAM user. | The name can be up to 12 characters in length. |
LoginProfile | Map | No | No | The logon configurations of the RAM user. | For more information, see LoginProfile properties. |
Groups | List | No | No | The groups to which the RAM user is added. | None |
MobilePhone | String | No | No | The mobile phone number of the RAM user. | None |
String | No | No | The email address of the RAM user. | None | |
Comments | String | No | No | The note of the RAM user. | The note must be 1 to 128 characters in length. |
Policies | List | No | Yes | The permission policies to be applied to the RAM user. | For more information, see Policies properties. |
LoginProfile syntax
"LoginProfile": {
"MFABindRequired": Boolean,
"Password": String,
"PasswordResetRequired": Boolean
}
LoginProfile properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
MFABindRequired | Boolean | No | No | Specifies whether the RAM user must bind a multi-factor authentication (MFA) device upon the next logon. | None |
Password | String | No | No | The logon password. | The password must be 8 to 32 characters in length and must comply with the password strength requirements. |
PasswordResetRequired | Boolean | No | No | Specifies whether the RAM user has to change the password upon logon. | None |
Policies syntax
"Policies": [
{
"PolicyName": String,
"PolicyDocument": Map,
"Description": String
}
]
Policies properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
Description | String | No | No | The description of the permission policy. | The description must be 1 to 1,024 characters in length. |
PolicyName | String | Yes | No | The name of the permission policy. | The name must be 1 to 128 characters in length and can contain letters, digits, and hyphens (-). |
PolicyDocument | Map | Yes | Yes | The content of the permission policy. | The content can be up to 2,048 characters in length.
For more information, see PolicyDocument properties. |
PolicyDocument syntax
"PolicyDocument": {
"Version": String,
"Statement": List
}
PolicyDocument properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
Version | String | No | No | The version of the permission policy. | None |
Statement | List | No | No | The rules of the permission policy. | For more information, see Statement properties. |
Statement syntax
"Statement": [
{
"Condition": Map,
"Action": List,
"Resource": List,
"Effect": String
}
]
Statement properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
Condition | Map | No | No | The restrictions that are required for the permission policy to take effect. | None |
Action | List | No | No | The specific operations to which the permission policy is applied. | None |
Resource | List | No | No | The specific resources to which the permission policy is applied. | None |
Effect | String | No | No | The permission effect. | Valid values:
|
Response parameters
Fn::GetAtt
- UserName: the name of the RAM user.
- UserId: the ID of the RAM user.
- CreateDate: the time when the RAM user was created.
- LastLoginDate: the last logon time of the RAM user.
Examples
JSON
format
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"UserName": {
"Type": "String",
"Description": "Specifies the user name, containing up to 64 characters."
},
"Policies": {
"Type": "Json",
"Description": "Describes what actions are allowed on what resources."
},
"Email": {
"Type": "String",
"Description": "Email of ram user."
},
"Comments": {
"Type": "String",
"Description": "Comments of ram user.",
"MinLength": 1,
"MaxLength": 128
},
"Groups": {
"Type": "CommaDelimitedList",
"Description": "A name of a group to which you want to add the user."
},
"DisplayName": {
"Type": "String",
"Description": "Display name, up to 128 characters or Chinese characters."
},
"LoginProfile": {
"Type": "Json",
"Description": "Creates a login profile for users so that they can access the AliCloud Management Console."
},
"MobilePhone": {
"Type": "String",
"Description": "Phone number of ram user."
}
},
"Resources": {
"User": {
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": {
"Ref": "UserName"
},
"Policies": {
"Ref": "Policies"
},
"Email": {
"Ref": "Email"
},
"Comments": {
"Ref": "Comments"
},
"Groups": {
"Ref": "Groups"
},
"DisplayName": {
"Ref": "DisplayName"
},
"LoginProfile": {
"Ref": "LoginProfile"
},
"MobilePhone": {
"Ref": "MobilePhone"
}
}
}
},
"Outputs": {
"UserName": {
"Description": "Name of ram user.",
"Value": {
"Fn::GetAtt": [
"User",
"UserName"
]
}
},
"UserId": {
"Description": "Id of ram user.",
"Value": {
"Fn::GetAtt": [
"User",
"UserId"
]
}
},
"LastLoginDate": {
"Description": "Last login date of ram user.",
"Value": {
"Fn::GetAtt": [
"User",
"LastLoginDate"
]
}
},
"CreateDate": {
"Description": "Create date of ram user.",
"Value": {
"Fn::GetAtt": [
"User",
"CreateDate"
]
}
}
}
}
YAML
format
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
UserName:
Type: String
Description: 'Specifies the user name, containing up to 64 characters.'
Policies:
Type: Json
Description: Describes what actions are allowed on what resources.
Email:
Type: String
Description: Email of ram user.
Comments:
Type: String
Description: Comments of ram user.
MinLength: 1
MaxLength: 128
Groups:
Type: CommaDelimitedList
Description: A name of a group to which you want to add the user.
DisplayName:
Type: String
Description: 'Display name, up to 128 characters or Chinese characters.'
LoginProfile:
Type: Json
Description: >-
Creates a login profile for users so that they can access the AliCloud
Management Console.
MobilePhone:
Type: String
Description: Phone number of ram user.
Resources:
User:
Type: 'ALIYUN::RAM::User'
Properties:
UserName:
Ref: UserName
Policies:
Ref: Policies
Email:
Ref: Email
Comments:
Ref: Comments
Groups:
Ref: Groups
DisplayName:
Ref: DisplayName
LoginProfile:
Ref: LoginProfile
MobilePhone:
Ref: MobilePhone
Outputs:
UserName:
Description: Name of ram user.
Value:
'Fn::GetAtt':
- User
- UserName
UserId:
Description: Id of ram user.
Value:
'Fn::GetAtt':
- User
- UserId
LastLoginDate:
Description: Last login date of ram user.
Value:
'Fn::GetAtt':
- User
- LastLoginDate
CreateDate:
Description: Create date of ram user.
Value:
'Fn::GetAtt':
- User
- CreateDate