ALIYUN::ECS::RamRoleAttachment - Resource Orchestration Service

ALIYUN::ECS::RamRoleAttachment is used to attach an instance Resource Access Management (RAM) role to Elastic Compute Service (ECS) instances.

Syntax

{
  "Type": "ALIYUN::ECS::RamRoleAttachment",
  "Properties": {
    "Policy": String,
    "RamRoleName": String,
    "InstanceIds": List
  }
}

Properties

Property	Type	Required	Editable	Description	Constraint
Policy	String	No	No	The policy.	The policy must be 1 to 1,024 characters in length. When you attach an instance RAM role to one or more instances, you can specify an additional policy to further limit the permissions of the role. For more information, see Policy overview.
RamRoleName	String	Yes	No	The name of the instance RAM role.	You can call the ListRoles operation provided by RAM to query the instance RAM roles that you created.
InstanceIds	List	Yes	No	The IDs of the ECS instances.	The value can be a JSON array that consists of up to 100 instance IDs.

Return values

Fn::GetAtt

RamRoleName: the name of the instance RAM role.
InstanceIds: the IDs of the ECS instances.

Examples

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  Policy:
    Type: String
    Description: |-
      When granting the instance RAM role to one or more ECS instances, you can specify an additional permission policy to further limit the permissions of the RAM role.
      The length is 1~1024 characters.
    MinLength: 1
    MaxLength: 1024
    Default:
      Statement:
        - Action:
            - '*'
          Effect: Allow
          Resource:
            - '*'
      Version: '1'
  RamRoleName:
    Type: String
    Description: The ram role name.
    Default: testRamRoleName
  InstanceIds:
    Type: Json
    Description: The instance id that needs to be granted the ram role.
    MinLength: 1
    MaxLength: 100
    Default:
      - i-***
      - i-***
Resources:
  RamRoleAttachment:
    Type: ALIYUN::ECS::RamRoleAttachment
    Properties:
      Policy:
        Ref: Policy
      RamRoleName:
        Ref: RamRoleName
      InstanceIds:
        Ref: InstanceIds
Outputs:
  RamRoleName:
    Description: The ram role name.
    Value:
      Fn::GetAtt:
        - RamRoleAttachment
        - RamRoleName
  InstanceIds:
    Description: The list of ecs instance id
    Value:
      Fn::GetAtt:
        - RamRoleAttachment
        - InstanceIds

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "Policy": {
      "Type": "String",
      "Description": "When granting the instance RAM role to one or more ECS instances, you can specify an additional permission policy to further limit the permissions of the RAM role.\nThe length is 1~1024 characters.",
      "MinLength": 1,
      "MaxLength": 1024,
      "Default": {"Statement": [{"Action": ["*"],"Effect": "Allow","Resource": ["*"]}],"Version":"1"}
    },
    "RamRoleName": {
      "Type": "String",
      "Description": "The ram role name.",
      "Default": "testRamRoleName"
    },
    "InstanceIds": {
      "Type": "Json",
      "Description": "The instance id that needs to be granted the ram role.",
      "MinLength": 1,
      "MaxLength": 100,
      "Default": ["i-***", "i-***"]
    }
  },
  "Resources": {
    "RamRoleAttachment": {
      "Type": "ALIYUN::ECS::RamRoleAttachment",
      "Properties": {
        "Policy": {
          "Ref": "Policy"
        },
        "RamRoleName": {
          "Ref": "RamRoleName"
        },
        "InstanceIds": {
          "Ref": "InstanceIds"
        }
      }
    }
  },
  "Outputs": {
    "RamRoleName": {
      "Description": "The ram role name.",
      "Value": {
        "Fn::GetAtt": [
          "RamRoleAttachment",
          "RamRoleName"
        ]
      }
    },
    "InstanceIds": {
      "Description": "The list of ecs instance id",
      "Value": {
        "Fn::GetAtt": [
          "RamRoleAttachment",
          "InstanceIds"
        ]
      }
    }
  }
}