ALIYUN::ResourceManager::PolicyAttachment is used to attach a policy to a specified object. After you attach a policy to an object, the object has the operation permissions on the current resource group or the resources within the current Alibaba Cloud account.
Syntax
{
"Type": "ALIYUN::ResourceManager::PolicyAttachment",
"Properties": {
"PolicyType": String,
"ResourceGroupId": String,
"PolicyName": String,
"PrincipalName": String,
"PrincipalType": String
}
}Properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| PolicyType | String | Yes | No | The type of the policy. | Valid values:
|
| ResourceGroupId | String | Yes | No | The ID of the resource group or the ID of the Alibaba Cloud account. | This parameter specifies the resource group or the Alibaba Cloud account for which you want to grant permissions. |
| PolicyName | String | Yes | No | The name of the policy. | The name must be 1 to 128 characters in length and can contain letters, digits, and hyphens (-). |
| PrincipalName | String | Yes | No | The name of the object to which the policy is to be attached. | None |
| PrincipalType | String | Yes | No | The type of the object to which the policy is to be attached. | Valid values:
|
Response parameters
Fn::GetAtt
- PolicyType: the type of the object to which the policy is attached.
- Description: the description of the policy.
- ResourceGroupId: the ID of the resource group or the ID of the Alibaba Cloud account. This parameter indicates the resource group or Alibaba Cloud account for which you want to grant permissions.
- AttachDate: the time when the policy was attached.
- PolicyName: the name of the policy.
- PrincipalName: the name of the object to which the policy is attached.
- PrincipalType: the type of the object to which the policy is attached.
Examples
JSON format
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"PolicyType": {
"Type": "String",
"Description": "The type of the policy"
},
"ResourceGroupId": {
"Type": "String",
"Description": "The ID of the resource group or the ID of the Alibaba Cloud account to which the resource group belongs."
},
"PolicyName": {
"Type": "String",
"Description": "The name of the policy"
},
"PrincipalName": {
"Type": "String",
"Description": "The name of the object to which you want to attach the policy"
},
"PrincipalType": {
"Type": "String",
"Description": "The type of the object to which you want to attach the policy. Valid values: IMSUser: RAM user, IMSGroup: RAM user group, ServiceRole: RAM role"
}
},
"Resources": {
"ResourceManagerPolicyAttachment": {
"Type": "ALIYUN::ResourceManager::PolicyAttachment",
"Properties": {
"PolicyType": {
"Ref": "PolicyType"
},
"ResourceGroupId": {
"Ref": "ResourceGroupId"
},
"PolicyName": {
"Ref": "PolicyName"
},
"PrincipalName": {
"Ref": "PrincipalName"
},
"PrincipalType": {
"Ref": "PrincipalType"
}
}
}
},
"Outputs": {
"PolicyType": {
"Description": "The type of the policy",
"Value": {
"Fn::GetAtt": [
"ResourceManagerPolicyAttachment",
"PolicyType"
]
}
},
"Description": {
"Description": "Policy description",
"Value": {
"Fn::GetAtt": [
"ResourceManagerPolicyAttachment",
"Description"
]
}
},
"ResourceGroupId": {
"Description": "The ID of the resource group or the ID of the Alibaba Cloud account to which the resource group belongs.",
"Value": {
"Fn::GetAtt": [
"ResourceManagerPolicyAttachment",
"ResourceGroupId"
]
}
},
"AttachDate": {
"Description": "Authorization time",
"Value": {
"Fn::GetAtt": [
"ResourceManagerPolicyAttachment",
"AttachDate"
]
}
},
"PolicyName": {
"Description": "The name of the policy",
"Value": {
"Fn::GetAtt": [
"ResourceManagerPolicyAttachment",
"PolicyName"
]
}
},
"PrincipalName": {
"Description": "The name of the object to which you want to attach the policy",
"Value": {
"Fn::GetAtt": [
"ResourceManagerPolicyAttachment",
"PrincipalName"
]
}
},
"PrincipalType": {
"Description": "The type of the object to which you want to attach the policy. Valid values: IMSUser: RAM user, IMSGroup: RAM user group, ServiceRole: RAM role",
"Value": {
"Fn::GetAtt": [
"ResourceManagerPolicyAttachment",
"PrincipalType"
]
}
}
}
}YAML format
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
PolicyName:
Description: The name of the policy
Type: String
PolicyType:
Description: The type of the policy
Type: String
PrincipalName:
Description: The name of the object to which you want to attach the policy
Type: String
PrincipalType:
Description: 'The type of the object to which you want to attach the policy. Valid
values: IMSUser: RAM user, IMSGroup: RAM user group, ServiceRole: RAM role'
Type: String
ResourceGroupId:
Description: The ID of the resource group or the ID of the Alibaba Cloud account
to which the resource group belongs.
Type: String
Resources:
ResourceManagerPolicyAttachment:
Properties:
PolicyName:
Ref: PolicyName
PolicyType:
Ref: PolicyType
PrincipalName:
Ref: PrincipalName
PrincipalType:
Ref: PrincipalType
ResourceGroupId:
Ref: ResourceGroupId
Type: ALIYUN::ResourceManager::PolicyAttachment
Outputs:
AttachDate:
Description: Authorization time
Value:
Fn::GetAtt:
- ResourceManagerPolicyAttachment
- AttachDate
Description:
Description: Policy description
Value:
Fn::GetAtt:
- ResourceManagerPolicyAttachment
- Description
PolicyName:
Description: The name of the policy
Value:
Fn::GetAtt:
- ResourceManagerPolicyAttachment
- PolicyName
PolicyType:
Description: The type of the policy
Value:
Fn::GetAtt:
- ResourceManagerPolicyAttachment
- PolicyType
PrincipalName:
Description: The name of the object to which you want to attach the policy
Value:
Fn::GetAtt:
- ResourceManagerPolicyAttachment
- PrincipalName
PrincipalType:
Description: 'The type of the object to which you want to attach the policy. Valid
values: IMSUser: RAM user, IMSGroup: RAM user group, ServiceRole: RAM role'
Value:
Fn::GetAtt:
- ResourceManagerPolicyAttachment
- PrincipalType
ResourceGroupId:
Description: The ID of the resource group or the ID of the Alibaba Cloud account
to which the resource group belongs.
Value:
Fn::GetAtt:
- ResourceManagerPolicyAttachment
- ResourceGroupId