All Products
Document Center

Resource Orchestration Service:GenerateTemplatePolicy

Last Updated:Jul 17, 2024

Generates the information about a policy that is required by a template.

Operation description

If the policy information is related to Enterprise Distributed Application Service (EDAS), you must log on to your Alibaba Cloud account and grant the required permissions to the relevant RAM users.

In this example, a policy is generated for a template whose ID is 5ecd1e10-b0e9-4389-a565-e4c15efc****.


OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters


The URL of the file that contains the template body. The URL must point to a template that is located on an HTTP or HTTPS web server or in an Object Storage Service (OSS) bucket, such as oss://ros/template/demo or oss://ros/template/demo?RegionId=cn-hangzhou. The template body can be up to 524,288 bytes in length.

Note If you do not specify the region ID of the OSS bucket, the value of the RegionId parameter is used.

You can specify only one of the following parameters: TemplateBody, TemplateURL, and TemplateId.

The URL can be up to 1,024 bytes in length.


The structure that contains the template body. The template body must be 1 to 524,288 bytes in length.

If the length of the template body exceeds the upper limit, we recommend that you add parameters to the HTTP POST request body to prevent request failures caused by excessively long URLs.

You can specify only one of the following parameters: TemplateBody, TemplateURL, and TemplateId.


The ID of the template. This parameter applies to shared templates and private templates.

You can specify only one of the following parameters: TemplateBody, TemplateURL, and TemplateId.


The version of the template. This parameter takes effect only when the TemplateId parameter is specified.


The type of operation N for which you want to generate the policy information.

Valid values:

  • CreateStack: creates a stack by calling the CreateStack operation.
  • UpdateStack: updates a stack by calling the UpdateStack operation.
  • DeleteStack: deletes a stack by calling the DeleteStack operation.
  • DetectStackDrift: detects drifts on a stack by calling the DelectStackDrift operation.
  • ListStackOperationRisks: lists the risks of a deletion operation on a stack by setting the OperationType parameter to DeleteStack in the ListStackOperationRisks operation.
  • GetTemplateEstimateCost: queries the estimated prices of resources that you want to use in the template by calling the GetTemplateEstimateCost operation.
  • GetTemplateParameterConstraints: queries the values of parameters in the template by calling the GetTemplateParameterConstraints operation.
  • ImportResourcesToStack: imports resources to a stack by setting the ChangeSetType parameter to IMPORT in the CreateChangeSet operation.
  • SignalResource: sends a signal to a stack.
Note The default value is the combination of all valid values.

The type of operation N for which you want to generate the policy information.

Valid values:

  • CreateStack: creates a stack by calling the CreateStack operation.
  • UpdateStack: updates a stack by calling the UpdateStack operation.
  • DeleteStack: deletes a stack by calling the DeleteStack operation.
  • DetectStackDrift: detects drifts on a stack by calling the DelectStackDrift operation.
  • ListStackOperationRisks: lists the risks of a deletion operation on a stack by setting the OperationType parameter to DeleteStack in the ListStackOperationRisks operation.
  • GetTemplateEstimateCost: queries the estimated prices of resources that you want to use in the template by calling the GetTemplateEstimateCost operation.
  • GetTemplateParameterConstraints: queries the values of parameters in the template by calling the GetTemplateParameterConstraints operation.
  • ImportResourcesToStack: imports resources to a stack by setting the ChangeSetType parameter to IMPORT in the CreateChangeSet operation.
  • SignalResource: sends a signal to a stack.
Note The default value is the combination of all valid values.

For more information about common request parameters, see Common parameters.

Response parameters


The information about the policy.


The version number.


The statements that are contained in the policy.


The effect of the statement. Valid values:

  • Allow
  • Deny

The objects that the statement covers. An asterisk (*) indicates all resources.


The operations that are performed on the specified resource.


The operation that is performed on the specified resource.

[ "apigateway:CreateApi", "apigateway:DeleteApi","apigateway:DescribeApi","apigateway:ModifyApi"]

The condition that is required for the policy to take effect.

{ "StringEquals": { "acs:Service": "" } }

The ID of the request.

HttpCodeError codeError messageDescription
400StackValidationFailed{reason}.The error message returned because the stack failed to be validated. reason indicates the cause of the error.
404TemplateNotFoundThe Tempalte ({ ID }) could not be found.The error message returned because the specified template does not exist. ID indicates the template ID.
404TemplateNotFoundThe Template { ID } with version { version } could not be found.The error message returned because the template or template version does not exist. ID indicates the template ID. version indicates the template version.


Sample success responses


  "Policy": {
    "Version": "1",
    "Statement": [
        "Effect": "Allow",
        "Resource": "*",
        "Action": [
          "[ \"apigateway:CreateApi\", \"apigateway:DeleteApi\",\"apigateway:DescribeApi\",\"apigateway:ModifyApi\"]"
        "Condition": {
          "StringEquals": {
            "acs:Service": ""
  "RequestId": "B288A0BE-D927-4888-B0F7-B35EF84B6E6"

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2023-06-02The response structure of the API has changedView Change Details