ALIYUN::RAM::ManagedPolicy is used to create a management policy for RAM users.
Syntax
{
"Type": "ALIYUN::RAM::ManagedPolicy",
"Properties": {
"PolicyName": String,
"Description": String,
"Roles": List,
"PolicyDocumentUnchecked": Map,
"PolicyDocument": Map,
"Groups": List,
"Users": List
}
}
Properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
PolicyName | String | Yes | No | The name of the policy. | The name can be up to 128 characters in length. |
Description | String | No | No | The description of the policy. | The description can be up to 1,024 characters in length. |
PolicyDocument | Map | No | Yes | The details of the policy. | For more information, see PolicyDocument properties. |
Users | List | No | No | The users to whom the policy is to be applied. | None |
Groups | List | No | No | The user groups to which the policy is to be applied. | None |
Roles | List | No | No | The roles to which the policy is to be applied. | None |
PolicyDocumentUnchecked | Map | No | Yes | The policy document that describes what actions are allowed on which resources. | If you specify this parameter, the PolicyDocument parameter is ignored. |
PolicyDocument syntax
"PolicyDocument": {
"Version": String,
"Statement": List
}
PolicyDocument properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
Version | String | Yes | No | The version of the policy. | None |
Statement | List | Yes | No | The rules of the policy. | For more information, see Statement properties. |
Statement syntax
"Statement": [
{
"Condition": Map,
"Action": List,
"Resource": List,
"Effect": String
}
]
Statement properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
Condition | Map | No | No | The restrictions that are required for the permission policy to take effect. | None |
Action | List | No | No | The operations to which the permission policy is applied. | None |
Resource | List | No | No | The resources to which the permission policy is applied. | None |
Effect | String | No | No | The permission effect. | Valid values:
|
Response parameters
Fn::GetAtt
PolicyName: the name of the policy.
Examples
JSON
format{ "ROSTemplateFormatVersion": "2015-09-01", "Description": "Test RAM ManagedPolicy", "Parameters": { "User": { "Type": "String", "AssociationProperty": "ALIYUN::RAM::User" } }, "Resources": { "ManagePolicy": { "Type": "ALIYUN::RAM::ManagedPolicy", "Properties": { "PolicyName": "TestPolicy", "PolicyDocument": { "Version": "1", "Statement": [ { "Action": [ "*" ], "Resource": [ "*" ], "Effect": "Allow" } ] }, "Users": [ { "Ref": "User" } ] } } }, "Outputs": { } }