ALIYUN::RAM::User is used to create a RAM user.

Syntax

{
  "Type": "ALIYUN::RAM::User",
  "Properties": {
    "UserName": String,
    "DisplayName": String,
    "LoginProfile": Map,
    "Groups": List,
    "MobilePhone": String,
    "Email": String,
    "Comments": String,
    "Policies": List,
    "PolicyAttachments": Map,
    "DeletionForce": Boolean
  }
}

Properties

Property Type Required Editable Description Constraint
UserName String Yes No The username of the RAM user. The username must be 1 to 64 characters in length, and can contain letters, digits, periods (.), hyphens (-), and underscores (_).
DisplayName String No No The display name of the RAM user. The display name must be 1 to 128 characters in length.
LoginProfile Map No No The logon configurations of the RAM user. For more information, see LoginProfile properties.
Groups List No No The groups to which you want to add the RAM user. None
MobilePhone String No No The mobile number of the RAM user. None
Email String No No The email address of the RAM user. None
Comments String No No The comments on the RAM user. The comments must be 1 to 128 characters in length.
Policies List No Yes The policies that you want to attach to the RAM user. For more information, see Policies properties.
PolicyAttachments Map No Yes The system and custom policies that you want to attach to the RAM user. For more information, see PolicyAttachments properties.
DeletionForce Boolean No Yes Specifies whether to forcefully detach the policy from the RAM user. Default value: false. Valid values:
  • true
  • false

LoginProfile syntax

"LoginProfile": {
  "MFABindRequired": Boolean,
  "Password": String,
  "PasswordResetRequired": Boolean
}            

LoginProfile properties

Property Type Required Editable Description Constraint
MFABindRequired Boolean No No Specifies whether to forcefully enable multi-factor authentication (MFA). Valid values:
  • true: enables MFA. The RAM user must bind an MFA device at the next logon.
  • false: does not enable MFA.
Password String No No The new password that the RAM user uses to log on to the Resource Access Management (RAM) console. The password must be 8 to 32 characters in length, and must comply with the strong password requirements.
PasswordResetRequired Boolean No No Specifies whether the RAM user is required to reset the password at the next logon. Valid values:
  • true
  • false

Policies syntax

"Policies": [
  {
    "PolicyName": String,
    "PolicyDocument": Map,
    "Description": String
  }
]            

Policies properties

Property Type Required Editable Description Constraint
Description String No No The description of the policy. The description must be 1 to 1,024 characters in length.
PolicyName String Yes No The name of the policy. The name must be 1 to 128 characters in length, and can contain letters, digits, and hyphens (-).
PolicyDocument Map Yes Yes The content of the policy. The content can be up to 2,048 characters in length.

For more information, see PolicyDocument properties.

PolicyDocument syntax

"PolicyDocument": {
  "Version": String,
  "Statement": List
}

PolicyDocument properties

Property Type Required Editable Description Constraint
Version String Yes No The version of the policy. None
Statement List Yes No The statement of the policy. For more information, see Statement properties.

Statement syntax

"Statement": [
  {
    "Condition": Map,
    "Action": List,
    "Resource": List,
    "Effect": String
  }
]

Statement properties

Property Type Required Editable Description Constraint
Condition Map No No The condition that is required for the policy to take effect. None
Action List No No The action that you want to perform based on the policy. None
Resource List No No The resource to which you want to apply the policy. None
Effect String No No The effect of the statement. Valid values:
  • Allow
  • Deny

PolicyAttachments properties

Property Type Required Editable Description Constraint
Custom List No Yes The list of custom policy names. You can attach up to five custom policies.
System List No Yes The list of system policy names. You can attach up to 20 system policies.

Return values

Fn::GetAtt

  • UserName: the name of the RAM user.
  • UserId: the ID of the RAM user.
  • CreateDate: the time when the RAM user was created.
  • LastLoginDate: the last logon time of the RAM user.

Examples

  • YAMLformat

    ROSTemplateFormatVersion: '2015-09-01'
    Description: Test RAM User
    Parameters: {}
    Resources:
      User:
        Type: ALIYUN::RAM::User
        Properties:
          UserName: dev
          Policies:
            - PolicyName:
                Fn::Join:
                  - '-'
                  - - StackId
                    - Ref: ALIYUN::StackId
              PolicyDocument:
                Statement:
                  - Action:
                      - oss:*
                    Effect: Allow
                    Resource:
                      - '*'
                Version: '1'
    Outputs: {}
  • JSONformat

    {
      "ROSTemplateFormatVersion": "2015-09-01",
      "Description": "Test RAM User",
      "Parameters": {
      },
      "Resources": {
        "User": {
          "Type": "ALIYUN::RAM::User",
          "Properties": {
            "UserName": "dev",
            "Policies": [
              {
                "PolicyName": {
                  "Fn::Join": [
                    "-",
                    [
                      "StackId",
                      {
                        "Ref": "ALIYUN::StackId"
                      }
                    ]
                  ]
                },
                "PolicyDocument": {
                  "Statement": [
                    {
                      "Action": [
                        "oss:*"
                      ],
                      "Effect": "Allow",
                      "Resource": [
                        "*"
                      ]
                    }
                  ],
                  "Version": "1"
                }
              }
            ]
          }
        }
      },
      "Outputs": {
      }
    }

For more examples, visit User.json and User.yml. In the examples, the following resource types are used: ALIYUN::RAM::User, ALIYUN::RAM::Group, ALIYUN::RAM::AttachPolicyToUser, and ALIYUN::RAM::UserToGroupAddition.