ALIYUN::RAM::ManagedPolicy is used to create a management policy for RAM users.

Syntax

{
  "Type": "ALIYUN::RAM::ManagedPolicy",
  "Properties": {
    "PolicyName": String,
    "Description": String,
    "Roles": List,
    "PolicyDocumentUnchecked": Map,
    "PolicyDocument": Map,
    "Groups": List,
    "Users": List
  }
}

Properties

Property Type Required Editable Description Constraint
PolicyName String Yes No The name of the policy. The name can be up to 128 characters in length.
Description String No No The description of the policy. The description can be up to 1,024 characters in length.
PolicyDocument Map No Yes The details of the policy. For more information, see PolicyDocument properties.
Users List No No The users to whom the policy is to be applied. None
Groups List No No The user groups to which the policy is to be applied. None
Roles List No No The roles to which the policy is to be applied. None
PolicyDocumentUnchecked Map No Yes The policy document that describes what actions are allowed on which resources. If you specify this parameter, the PolicyDocument parameter is ignored.

PolicyDocument syntax

"PolicyDocument": {
  "Version": String,
  "Statement": List
}

PolicyDocument properties

Property Type Required Editable Description Constraint
Version String Yes No The version of the policy. None
Statement List Yes No The rules of the policy. For more information, see Statement properties.

Statement syntax

"Statement": [
  {
    "Condition": Map,
    "Action": List,
    "Resource": List,
    "Effect": String
  }
]

Statement properties

Property Type Required Editable Description Constraint
Condition Map No No The restrictions that are required for the permission policy to take effect. None
Action List No No The operations to which the permission policy is applied. None
Resource List No No The resources to which the permission policy is applied. None
Effect String No No The permission effect. Valid values:
  • Allow: Access is allowed.
  • Deny: Access is denied.

Response parameters

Fn::GetAtt

PolicyName: the name of the policy.

Examples

  • YAMLformat

    ROSTemplateFormatVersion: '2015-09-01'
    Description: Test RAM ManagedPolicy
    Parameters:
      User:
        Type: String
        AssociationProperty: ALIYUN::RAM::User
    Resources:
      ManagePolicy:
        Type: ALIYUN::RAM::ManagedPolicy
        Properties:
          PolicyName: TestPolicy
          PolicyDocument:
            Version: '1'
            Statement:
              - Action:
                  - '*'
                Resource:
                  - '*'
                Effect: Allow
          Users:
            - Ref: User
    Outputs: {}
  • JSONformat

    {
      "ROSTemplateFormatVersion": "2015-09-01",
      "Description": "Test RAM ManagedPolicy",
      "Parameters": {
        "User": {
          "Type": "String",
          "AssociationProperty": "ALIYUN::RAM::User"
        }
      },
      "Resources": {
        "ManagePolicy": {
          "Type": "ALIYUN::RAM::ManagedPolicy",
          "Properties": {
            "PolicyName": "TestPolicy",
            "PolicyDocument": {
              "Version": "1",
              "Statement": [
                {
                  "Action": [
                    "*"
                  ],
                  "Resource": [
                    "*"
                  ],
                  "Effect": "Allow"
                }
              ]
            },
            "Users": [
              {
                "Ref": "User"
              }
            ]
          }
        }
      },
      "Outputs": {
      }
    }