The ALIYUN::RAM::User type is used to create a RAM user.
Syntax
{ "Type" : "ALIYUN::RAM::Role", "Properties" : { "UserName" : String, "DisplayName": String, "LoginProfile" : Map, "Groups" : List, "MobilePhone" : String, "Policies " : List }}
Attributes
| Attribute name | Type | Required | Description | Constraint |
|---|
| UserName | string | Yes | User name | The role name can contain a maximum of 64 characters |
| DisplayName | string | No | Displayed name of the user | The name can contain a maximum of 12 characters |
| LoginProfile | map | No | User logon configuration | N/A |
| Groups | list | No | Group to which the user is added | N/A |
| MobilePhone | string | No | Mobile number of the user | N/A |
| Policies | list | No | Policy applied to the user | N/A |
LoginProfile syntax
"LoginProfile" : { "MFABindRequired": Boolean, "Password" : String, "PasswordResetRequired" : Boolean}
LoginProfile attributes
| Attribute name | Type | Required | Description | Constraint |
|---|
| MFABindRequired | boolean | No | Whether the user must bind an MFA device upon next logon | N/A |
| Password | string | No | Logon password | The logon password is a string of 8 to 32 characters and must comply with the password strength requirements |
| PasswordResetRequired | boolean | No | Whether the user have to change the password upon logon | N/A |
Policies syntax
"Policies" : [ { "PolicyName" : String, "PolicyDocument" : { "Version": String, "Statement" : [ { "Effect" : String, "Action" : List, "Resource" : List } ] } }]
Policies attributes
| Attribute name | Type | Required | Description | Constraint |
|---|
| PolicyName | string | Yes | Policy name | The policy name can contain a maximum of 128 characters |
| PolicyDocument | map | No | Policy details | N/A |
| Version | string | No | Policy version | N/A |
| Statement | list | No | Policy rules | N/A |
| Action | list | No | Policy-specific operation | N/A |
| Resource | list | No | Resource to which the policy is applied | N/A |
| Effect | string | No | Whether the operation defined by the Action parameter can be performed on the resource defined by the Resource parameter | N/A |
Return values
Fn::GetAtt
- UserName: RAM user name.
- UserId: RAM user ID.
- CreateDate: RAM user creation time.
- LastLoginDate: last logon time of the RAM user.
Example
{ "ROSTemplateFormatVersion" : "2015-09-01", "Resources" : { "RamUser": { "Type": "ALIYUN::RAM::User", "Properties": { "UserName": "RosUser", "DisplayName": "createdByRos", "MobilePhone": "13800998833", "LoginProfile": { "Password": "RosUser1234", "PasswordResetRequired": false, "MFABindRequired": true }, "Policies" : [ { "PolicyName" : "RosUserPolicy", "PolicyDocument" : { "Version": "1", "Statement" : [ { "Effect" : "Allow", "Action" : [ "oss:*" ], "Resource" : ["acs:oss:*:*:*"] } ] } } ], "Groups": ["RosGroup"] } } }, "Outputs": { "UserName": { "Value": { "Fn::GetAtt": ["RamUser", "UserName"] } }, "UserId": { "Value": { "Fn::GetAtt": ["RamUser", "UserId"] } } }}
Thank you! We've received your feedback.
Thank you for your rating!
Thank you for your rating!
Comments or suggestions?
What might be the problems? (Select all that apply)
How can we make it better? (Select all that apply)