All Products
Search
Document Center

Resource Orchestration Service:ALIYUN::ECS::RamRoleAttachment

Last Updated:Jun 18, 2026

Assigns an instance RAM role to one or more ECS instances.

Syntax

{
  "Type": "ALIYUN::ECS::RamRoleAttachment",
  "Properties": {
    "Policy": String,
    "RamRoleName": String,
    "InstanceIds": List
  }
}

Properties

Property name

Type

Required

Updatable

Description

Constraints

Policy

String

No

No

The access policy.

Must be 1 to 1,024 characters in length. Specifies an additional access policy to further limit the permissions of the RAM role. For more information, see Access policy overview.

RamRoleName

String

Yes

No

The name of the instance RAM role.

Use the RAM API ListRoles to query the instance RAM roles that you created.

InstanceIds

List

Yes

No

A list of instance IDs.

A JSON array of instance IDs. You can specify up to 100 instances.

Return values

Fn::GetAtt

  • RamRoleName: The name of the instance RAM role.

  • InstanceIds: A list of instance IDs.

Examples

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  Policy:
    Type: String
    Description: |-
      The access policy. When you grant the instance RAM role to ECS instances, you can specify this additional policy to further limit the permissions of the RAM role.
      The policy can be 1 to 1,024 characters in length.
    MinLength: 1
    MaxLength: 1024
    Default:
      Statement:
        - Action:
            - '*'
          Effect: Allow
          Resource:
            - '*'
      Version: '1'
  RamRoleName:
    Type: String
    Description: The name of the instance RAM role.
    Default: testRamRoleName
  InstanceIds:
    Type: Json
    Description: The IDs of the ECS instances to which you want to grant the instance RAM role.
    MinLength: 1
    MaxLength: 100
    Default:
      - i-***
      - i-***
Resources:
  RamRoleAttachment:
    Type: ALIYUN::ECS::RamRoleAttachment
    Properties:
      Policy:
        Ref: Policy
      RamRoleName:
        Ref: RamRoleName
      InstanceIds:
        Ref: InstanceIds
Outputs:
  RamRoleName:
    Description: The name of the instance RAM role.
    Value:
      Fn::GetAtt:
        - RamRoleAttachment
        - RamRoleName
  InstanceIds:
    Description: A list of the ECS instance IDs.
    Value:
      Fn::GetAtt:
        - RamRoleAttachment
        - InstanceIds

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "Policy": {
      "Type": "String",
      "Description": "The access policy. When you grant the instance RAM role to ECS instances, you can specify this additional policy to further limit the permissions of the RAM role.\nThe policy can be 1 to 1,024 characters in length.",
      "MinLength": 1,
      "MaxLength": 1024,
      "Default": {"Statement": [{"Action": ["*"],"Effect": "Allow","Resource": ["*"]}],"Version":"1"}
    },
    "RamRoleName": {
      "Type": "String",
      "Description": "The name of the instance RAM role.",
      "Default": "testRamRoleName"
    },
    "InstanceIds": {
      "Type": "Json",
      "Description": "The IDs of the ECS instances to which you want to grant the instance RAM role.",
      "MinLength": 1,
      "MaxLength": 100,
      "Default": ["i-***", "i-***"]
    }
  },
  "Resources": {
    "RamRoleAttachment": {
      "Type": "ALIYUN::ECS::RamRoleAttachment",
      "Properties": {
        "Policy": {
          "Ref": "Policy"
        },
        "RamRoleName": {
          "Ref": "RamRoleName"
        },
        "InstanceIds": {
          "Ref": "InstanceIds"
        }
      }
    }
  },
  "Outputs": {
    "RamRoleName": {
      "Description": "The name of the instance RAM role.",
      "Value": {
        "Fn::GetAtt": [
          "RamRoleAttachment",
          "RamRoleName"
        ]
      }
    },
    "InstanceIds": {
      "Description": "A list of the ECS instance IDs.",
      "Value": {
        "Fn::GetAtt": [
          "RamRoleAttachment",
          "InstanceIds"
        ]
      }
    }
  }
}