DATASOURCE::RAM::Policies is used to query policies.

Syntax

{
  "Type": "DATASOURCE::RAM::Policies",
  "Properties": {
    "GroupName": String,
    "PolicyType": String,
    "RoleName": String,
    "UserName": String,
    "PolicyName": String
  }
}

Properties

Property Type Required Editable Description Constraint
GroupName String No Yes The name of the user group. You must specify only one of the following properties: UserName, GroupName, and RoleName.
PolicyType String No Yes The type of the policy. Valid values:
  • System: system policy
  • Custom: custom policy
Note If you leave this property empty, all types of policies are returned.
RoleName String No Yes The name of the RAM role. You must specify only one of the following properties: UserName, GroupName, and RoleName.
UserName String No Yes The username of the RAM user. You must specify only one of the following properties: UserName, GroupName, and RoleName.
PolicyName String No Yes The name of the policy. You can use asterisks (*) and question marks (?) to perform fuzzy match.

Return values (Fn::GetAtt)

  • PolicyNames: the names of the policies.
  • Policies: details of the policies.
Property Type Description Constraint
PolicyNames List The names of the policies. None.
Policies List Details of the policies. None.
DefaultVersion String The default version of the policy. None.
Description String The description of the policy. None.
PolicyName String The name of the policy. None.
CreateDate String The time when the policy was created. The time is displayed in Coordinated Universal Time (UTC). None.
PolicyType String The type of the policy. Valid values:
  • System: system policy
  • Custom: custom policy

Examples

JSON format 

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "GroupName": {
      "Type": "String",
      "Description": "The specific group to which policies attached. Only one of UserName, GroupName, and RoleName can be specified at most."
    },
    "PolicyType": {
      "Type": "String",
      "Description": "Filter the results by a specific policy type.",
      "AllowedValues": [
        "System",
        "Custom"
      ]
    },
    "RoleName": {
      "Type": "String",
      "Description": "The specific role to which policies attached. Only one of UserName, GroupName, and RoleName can be specified at most."
    },
    "UserName": {
      "Type": "String",
      "Description": "The specific user to which policies attached. Only one of UserName, GroupName, and RoleName can be specified at most."
    },
    "PolicyName": {
      "Type": "String",
      "Description": "Filter the results by a specific policy name. Supports using * and ?  to fuzzy match."
    }
  },
  "Resources": {
    "Policies": {
      "Type": "DATASOURCE::RAM::Policies",
      "Properties": {
        "GroupName": {
          "Ref": "GroupName"
        },
        "PolicyType": {
          "Ref": "PolicyType"
        },
        "RoleName": {
          "Ref": "RoleName"
        },
        "UserName": {
          "Ref": "UserName"
        },
        "PolicyName": {
          "Ref": "PolicyName"
        }
      }
    }
  },
  "Outputs": {
    "PolicyNames": {
      "Description": "The list of policy names.",
      "Value": {
        "Fn::GetAtt": [
          "Policies",
          "PolicyNames"
        ]
      }
    },
    "Policies": {
      "Description": "The list of policies.",
      "Value": {
        "Fn::GetAtt": [
          "Policies",
          "Policies"
        ]
      }
    }
  }
}