ALIYUN::RAM::User is used to create a RAM user.
Syntax
{
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": String,
"DisplayName": String,
"LoginProfile": Map,
"Groups": List,
"MobilePhone": String,
"Email": String,
"Comments": String,
"Policies": List,
"PolicyAttachments": Map,
"DeletionForce": Boolean
}
}
Properties
| Property |
Type |
Required |
Editable |
Description |
Constraint |
| UserName |
String |
Yes |
No |
The username of the RAM user. |
The username must be 1 to 64 characters in length, and can contain letters, digits, periods (.), hyphens (-), and underscores (_). |
| DisplayName |
String |
No |
No |
The display name of the RAM user. |
The display name must be 1 to 128 characters in length. |
| LoginProfile |
Map |
No |
No |
The logon configurations of the RAM user. |
For more information, see LoginProfile properties. |
| Groups |
List |
No |
No |
The groups to which you want to add the RAM user. |
None |
| MobilePhone |
String |
No |
No |
The mobile number of the RAM user. |
None |
| Email |
String |
No |
No |
The email address of the RAM user. |
None |
| Comments |
String |
No |
No |
The comments on the RAM user. |
The comments must be 1 to 128 characters in length. |
| Policies |
List |
No |
Yes |
The policies that you want to attach to the RAM user. |
For more information, see Policies properties. |
| PolicyAttachments |
Map |
No |
Yes |
The system and custom policies that you want to attach to the RAM user. |
For more information, see PolicyAttachments properties. |
| DeletionForce |
Boolean |
No |
Yes |
Specifies whether to forcefully detach the policy from the RAM user. |
Default value: false. Valid values:
|
LoginProfile syntax
"LoginProfile": {
"MFABindRequired": Boolean,
"Password": String,
"PasswordResetRequired": Boolean
}
LoginProfile properties
| Property |
Type |
Required |
Editable |
Description |
Constraint |
| MFABindRequired |
Boolean |
No |
No |
Specifies whether to forcefully enable multi-factor authentication (MFA). |
Valid values:
- true: enables MFA. The RAM user must bind an MFA device at the next logon.
- false: does not enable MFA.
|
| Password |
String |
No |
No |
The new password that the RAM user uses to log on to the Resource Access Management (RAM) console. |
The password must be 8 to 32 characters in length, and must comply with the strong password requirements. |
| PasswordResetRequired |
Boolean |
No |
No |
Specifies whether the RAM user is required to reset the password at the next logon. |
Valid values:
|
Policies syntax
"Policies": [
{
"PolicyName": String,
"PolicyDocument": Map,
"Description": String
}
]
Policies properties
| Property |
Type |
Required |
Editable |
Description |
Constraint |
| Description |
String |
No |
No |
The description of the policy. |
The description must be 1 to 1,024 characters in length. |
| PolicyName |
String |
Yes |
No |
The name of the policy. |
The name must be 1 to 128 characters in length, and can contain letters, digits, and hyphens (-). |
| PolicyDocument |
Map |
Yes |
Yes |
The content of the policy. |
The content can be up to 2,048 characters in length. For more information, see PolicyDocument properties. |
PolicyDocument syntax
"PolicyDocument": {
"Version": String,
"Statement": List
}
PolicyDocument properties
| Property |
Type |
Required |
Editable |
Description |
Constraint |
| Version |
String |
Yes |
No |
The version of the policy. |
None |
| Statement |
List |
Yes |
No |
The statement of the policy. |
For more information, see Statement properties. |
Statement syntax
"Statement": [
{
"Condition": Map,
"Action": List,
"Resource": List,
"Effect": String
}
]
Statement properties
| Property |
Type |
Required |
Editable |
Description |
Constraint |
| Condition |
Map |
No |
No |
The condition that is required for the policy to take effect. |
None |
| Action |
List |
No |
No |
The action that you want to perform based on the policy. |
None |
| Resource |
List |
No |
No |
The resource to which you want to apply the policy. |
None |
| Effect |
String |
No |
No |
The effect of the statement. |
Valid values:
|
PolicyAttachments properties
| Property |
Type |
Required |
Editable |
Description |
Constraint |
| Custom |
List |
No |
Yes |
The list of custom policy names. |
You can attach up to five custom policies. |
| System |
List |
No |
Yes |
The list of system policy names. |
You can attach up to 20 system policies. |
Return values
Fn::GetAtt
- UserName: the name of the RAM user.
- UserId: the ID of the RAM user.
- CreateDate: the time when the RAM user was created.
- LastLoginDate: the last logon time of the RAM user.
Examples
YAMLformat
ROSTemplateFormatVersion: '2015-09-01'
Description: Test RAM User
Parameters: {}
Resources:
User:
Type: ALIYUN::RAM::User
Properties:
UserName: dev
Policies:
- PolicyName:
Fn::Join:
- '-'
- - StackId
- Ref: ALIYUN::StackId
PolicyDocument:
Statement:
- Action:
- oss:*
Effect: Allow
Resource:
- '*'
Version: '1'
Outputs: {}
JSONformat
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": "Test RAM User",
"Parameters": {
},
"Resources": {
"User": {
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": "dev",
"Policies": [
{
"PolicyName": {
"Fn::Join": [
"-",
[
"StackId",
{
"Ref": "ALIYUN::StackId"
}
]
]
},
"PolicyDocument": {
"Statement": [
{
"Action": [
"oss:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "1"
}
}
]
}
}
},
"Outputs": {
}
}
For more examples, visit User.json and User.yml. In the examples, the following resource types are used: ALIYUN::RAM::User, ALIYUN::RAM::Group, ALIYUN::RAM::AttachPolicyToUser, and ALIYUN::RAM::UserToGroupAddition.