ALIYUN::RAM::Group is used to create a RAM user group.
Syntax
{
"Type": "ALIYUN::RAM::Group",
"Properties": {
"GroupName": String,
"Comments": String,
"Policies": List,
"PolicyAttachments": Map,
"DeletionForce": Boolean
}
}Properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| GroupName | String | Yes | No | The name of the RAM user group. | The name must be 1 to 64 characters in length, and can contain letters, digits, and hyphens (-). |
| Comments | String | No | No | The comments on the RAM user group. | The comments must be 1 to 128 characters in length. |
| Policies | List | No | Yes | The details of the policies. | For more information, see Policies properties. |
| PolicyAttachments | Map | No | Yes | The details of the system and custom policies that you want to attach to the RAM user group. | For more information, see PolicyAttachments properties. |
| DeletionForce | Boolean | No | Yes | Specifies whether to forcefully detach the policy from the RAM user group. | Default value: false. Valid values:
|
Policies syntax
"Policies": [
{
"Description": String,
"PolicyName": String,
"PolicyDocument": Map
}
]Policies properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| Description | String | No | No | The description of the policy. | The description must be 1 to 1,024 characters in length. |
| PolicyName | String | Yes | No | The name of the policy. | The name must be 1 to 128 characters in length, and can contain letters, digits, and hyphens (-). |
| PolicyDocument | Map | Yes | Yes | The content of the policy. | The content can be up to 2,048 characters in length. For more information, see PolicyDocument properties. |
PolicyDocument syntax
"PolicyDocument": {
"Version": String,
"Statement": List
}PolicyDocument properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| Version | String | Yes | No | The version of the policy. | None |
| Statement | List | Yes | No | The statement of the policy. | For more information, see Statement properties. |
Statement syntax
"Statement": [
{
"Condition": Map,
"Action": List,
"Resource": List,
"Effect": String
}
]Statement properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| Condition | Map | No | No | The condition that is required for the policy to take effect. | None |
| Action | List | No | No | The action that you want to perform based on the policy. | None |
| Resource | List | No | No | The resource to which you want to apply the policy. | None |
| Effect | String | No | No | The effect of the statement. | Valid values:
|
PolicyAttachments syntax
"PolicyDocument": {
"Version": String,
"Statement": List
}PolicyAttachments properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| Custom | List | No | Yes | The list of custom policy names. | You can attach up to five custom policies. |
| System | List | No | Yes | The list of system policy names. | You can attach up to 20 system policies. |
Return value
Fn::GetAtt
GroupName: the name of the RAM user group.
Examples
JSONformat{ "ROSTemplateFormatVersion": "2015-09-01", "Parameters": { }, "Resources": { "Group": { "Type": "ALIYUN::RAM::Group", "Properties": { "GroupName": "TestGroup", "Policies": [ { "PolicyName": { "Fn::Sub": "GroupPolicy-${ALIYUN::StackId}" }, "PolicyDocument": { "Version": "1", "Statement": [ { "Action": [ "oss:Get*" ], "Resource": [ "*" ], "Effect": "Allow" } ] } } ] } } }, "Outputs": { "GroupName": { "Description": "Id of ram group.", "Value": { "Fn::GetAtt": [ "Group", "GroupName" ] } } } }
For more examples, visit User.json and User.yml. In the examples, the following resource types are used: ALIYUN::RAM::User, ALIYUN::RAM::Group, ALIYUN::RAM::AttachPolicyToUser, and ALIYUN::RAM::UserToGroupAddition.