ALIYUN::CloudSSO::PermissionPolicyToAccessConfigurationAddition - 资源编排

ALIYUN::CloudSSO::PermissionPolicyToAccessConfigurationAddition类型用于为访问配置添加权限策略。

语法

{
  "Type": "ALIYUN::CloudSSO::PermissionPolicyToAccessConfigurationAddition",
  "Properties": {
    "InlinePolicyDocument": Map,
    "DirectoryId": String,
    "PermissionPolicyName": String,
    "PermissionPolicyType": String,
    "AccessConfigurationId": String
  }
}

属性

属性名称	类型	必须	允许更新	描述	约束
InlinePolicyDocument	Map	否	否	内置策略内容。	长度：最大4096个字符。当`PermissionPolicyType`为`Inline`时，该参数必须配置。关于权限策略的语法和结构，请参见权限策略语法和结构。示例值： `{"Statement": [{"Action": "","Effect": "Allow","Resource": ""}],"Version": "1"}`
DirectoryId	String	是	否	目录ID。	无
PermissionPolicyName	String	是	否	权限策略名称。	取值：当`PermissionPolicyType`为`System`时，该参数为系统策略名称。由于复用的是RAM系统策略，请在RAM中获取系统策略名称。当`PermissionPolicyType`为`Inline`时，该参数为内置策略名称。您可以自定义该参数。长度最大为32个字符。
PermissionPolicyType	String	是	否	权限策略类型。	取值： System：系统策略。复用RAM的系统策略。 Inline：内置策略。按照RAM权限策略语法和结构编写的自定义策略。
AccessConfigurationId	String	是	否	访问配置ID。	无

返回值

Fn::GetAtt

无

示例

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  AccessConfigurationId:
    Description:
      en: The ID of the access configuration.
    Required: true
    Type: String
  DirectoryId:
    Description:
      en: The ID of the directory.
    Required: true
    Type: String
  InlinePolicyDocument:
    Description:
      en: 'The configurations of the inline policy.

        The value can be up to 4,096 characters in length.

        If you set PermissionPolicyType to Inline, you must specify this parameter.'
    Required: false
    Type: Json
  PermissionPolicyName:
    Description:
      en: 'The name of the permission policy.

        - If you set PermissionPolicyType to System, you must set this parameter to
        the name of the system policy. You can obtain the name of the system policy
        from RAM.

        - If you set PermissionPolicyType to Inline, you must set this parameter to
        the name of the inline policy. A custom value is supported.'
    Required: true
    Type: String
  PermissionPolicyType:
    AllowedValues:
    - System
    - Inline
    Description:
      en: 'The type of the permission policy. Valid values:

        - System: system policy. Resource Access Management (RAM) system policies
        are reused.

        - Inline: inline policy. Inline policies are created based on the RAM policy
        syntax and structure.'
    Required: true
    Type: String
Resources:
  PermissionPolicy:
    Properties:
      AccessConfigurationId:
        Ref: AccessConfigurationId
      DirectoryId:
        Ref: DirectoryId
      InlinePolicyDocument:
        Ref: InlinePolicyDocument
      PermissionPolicyName:
        Ref: PermissionPolicyName
      PermissionPolicyType:
        Ref: PermissionPolicyType
    Type: ALIYUN::CloudSSO::PermissionPolicyToAccessConfigurationAddition

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "InlinePolicyDocument": {
      "Type": "Json",
      "Description": {
        "en": "The configurations of the inline policy.\nThe value can be up to 4,096 characters in length.\nIf you set PermissionPolicyType to Inline, you must specify this parameter."
      },
      "Required": false
    },
    "DirectoryId": {
      "Type": "String",
      "Description": {
        "en": "The ID of the directory."
      },
      "Required": true
    },
    "PermissionPolicyName": {
      "Type": "String",
      "Description": {
        "en": "The name of the permission policy.\n- If you set PermissionPolicyType to System, you must set this parameter to the name of the system policy. You can obtain the name of the system policy from RAM.\n- If you set PermissionPolicyType to Inline, you must set this parameter to the name of the inline policy. A custom value is supported."
      },
      "Required": true
    },
    "PermissionPolicyType": {
      "Type": "String",
      "Description": {
        "en": "The type of the permission policy. Valid values:\n- System: system policy. Resource Access Management (RAM) system policies are reused.\n- Inline: inline policy. Inline policies are created based on the RAM policy syntax and structure."
      },
      "AllowedValues": [
        "System",
        "Inline"
      ],
      "Required": true
    },
    "AccessConfigurationId": {
      "Type": "String",
      "Description": {
        "en": "The ID of the access configuration."
      },
      "Required": true
    }
  },
  "Resources": {
    "PermissionPolicy": {
      "Type": "ALIYUN::CloudSSO::PermissionPolicyToAccessConfigurationAddition",
      "Properties": {
        "InlinePolicyDocument": {
          "Ref": "InlinePolicyDocument"
        },
        "DirectoryId": {
          "Ref": "DirectoryId"
        },
        "PermissionPolicyName": {
          "Ref": "PermissionPolicyName"
        },
        "PermissionPolicyType": {
          "Ref": "PermissionPolicyType"
        },
        "AccessConfigurationId": {
          "Ref": "AccessConfigurationId"
        }
      }
    }
  }
}