All Products
Search

This Product

    Resource Orchestration Service:Aliyun::Serverless::Service

    Document Center

    Resource Orchestration Service:Aliyun::Serverless::Service

    Last Updated:Oct 31, 2024

    Aliyun::Serverless::Service is used to create a service in Function Compute (FC).

    Syntax

    {
  "Type": "Aliyun::Serverless::Service",
  "Properties": {
    "Role": String,
    "Policies": List,
    "Description": String,
    "InternetAccess": Boolean,
    "VpcConfig": Map,
    "LogConfig": Map,
    "NasConfig": Map
  }
}

    Properties

    Property

    Type

    Required

    Editable

    Description

    Constraint

    Role

    String

    No

    Yes

    The Alibaba Cloud Resource Name (ARN) of the RAM role that is used to grant required permissions to FC.

    None

    Policies

    List

    No

    Yes

    The list of one or more policies that are attached to the default RAM user corresponding to FC.

    Example:

    [
"AliyunOSSFullAccess",
  {
    "Version": "1",
    "Statement": [
      {
        "Effect": "Allow",
        "Action": [
          "oss:Get*",
          "oss:List*"
        ],
        "Resource": "*"
      }
    ]
  }
]

    If you specify the Role parameter, the Policies parameter does not take effect and the default RAM user corresponding to FC is not created.

    You can set the Policies parameter to a system policy name or a policy document. If you set the Policies parameter to a system policy name, the system creates a default RAM user corresponding to FC and attaches the policy to the default RAM user. If you set the Policies parameter to a policy document, the system creates a policy and a default RAM user corresponding to FC, and then attaches the created policy to the default RAM user.

    Description

    String

    No

    Yes

    The description of the service.

    None

    InternetAccess

    Boolean

    No

    Yes

    Specifies whether to allow functions to access the Internet.

    Default value: true. Valid values:

    • true

    • false

    VpcConfig

    Map

    No

    Yes

    The VPC configurations. This parameter allows functions to access the specified VPC.

    For more information, see VpcConfig properties.

    LogConfig

    Map

    No

    Yes

    The logging configurations. This parameter specifies a Logstore to store function execution logs.

    For more information, see LogConfig properties.

    NasConfig

    Map

    No

    Yes

    The File Storage NAS (NAS) file system configurations. This parameter allows functions of the specified service to access the NAS file system.

    For more information, see NasConfig properties.

    VpcConfig syntax

    "VpcConfig": {
  "SecurityGroupId": String,
  "VSwitchIds": List,
  "VpcId": String
}

    VpcConfig properties

    Property

    Type

    Required

    Editable

    Description

    Constraint

    SecurityGroupId

    String

    Yes

    Yes

    The ID of the security group.

    None

    VSwitchIds

    List

    Yes

    Yes

    A list of one or more vSwitch IDs. Example: [vSwitchId, ...].

    This list must include at least one vSwitch ID.

    VpcId

    String

    Yes

    Yes

    The ID of the VPC.

    None

    LogConfig syntax

    "LogConfig": {
  "Project": String,
  "Logstore": String
}

    LogConfig properties

    Property

    Type

    Required

    Editable

    Description

    Constraint

    Project

    String

    No

    Yes

    The name of the project in LogHub.

    None

    Logstore

    String

    No

    Yes

    The name of the Logstore in LogHub.

    None

    NasConfig syntax

    "NasConfig": {
  "MountPoints": List,
  "UserId": Integer,
  "GroupId": Integer
}

    NasConfig properties

    Property

    Type

    Required

    Editable

    Description

    Constraint

    MountPoints

    List

    Yes

    Yes

    The list of mount points.

    For more information, see MountPoints properties.

    UserId

    Integer

    Yes

    Yes

    The ID of the user.

    Valid values: -1 to 65534.

    GroupId

    Integer

    Yes

    Yes

    The ID of the application group.

    Valid values: -1 to 65534.

    MountPoints syntax

    "MountPoints": [
  {
    "ServerAddr": String,
    "MountDir": String
  }
]

    MountPoints properties

    Property

    Type

    Required

    Editable

    Description

    Constraint

    ServerAddr

    String

    Yes

    Yes

    The remote directory in the NAS file system.

    None

    MountDir

    String

    Yes

    Yes

    The directory in the local file system to mount the NAS file system.

    None

    Response parameters

    Fn::GetAtt

    • ServiceId: the unique ID generated by the system for each service.

    • ServiceName: the name of the service.

    Examples

    JSON format

    {
  "ROSTemplateFormatVersion": "2015-09-01",
  "Transform": "Aliyun::Serverless-2018-04-03",
  "Resources": {
    "MyService": {
      "Type": "Aliyun::Serverless::Service",
      "Properties": {
        "Policies": [
          "AliyunFCReadOnlyAccess",
          {
            "Version": "1",
            "Statement": [
              {
                "Effect": "Allow",
                "Action": [
                  "oss:GetObject",
                  "oss:GetObjectACL"
                ],
                "Resource": "*"
              }
            ]
          }
        ]
      }
    }
  }
}

    YAML format

    ROSTemplateFormatVersion: '2015-09-01'
Transform: 'Aliyun::Serverless-2018-04-03'
Resources:
  MyService: # service name
    Type: 'Aliyun::Serverless::Service'
    Properties:
      Policies:
        - AliyunFCReadOnlyAccess # Managed Policy
        - Version: '1' # Policy Document
          Statement:
            - Effect: Allow
              Action:
                - oss:GetObject
                - oss:GetObjectACL
              Resource: '*'