All Products
Search
Document Center

Resource Orchestration Service:ALIYUN::ECS::RamRoleAttachment

最終更新日:Jul 04, 2023

ALIYUN::ECS::RamRoleAttachment is used to attach an instance Resource Access Management (RAM) role to Elastic Compute Service (ECS) instances.

Syntax

{
  "Type": "ALIYUN::ECS::RamRoleAttachment",
  "Properties": {
    "Policy": String,
    "RamRoleName": String,
    "InstanceIds": List
  }
}

Properties

Property

Type

Required

Editable

Description

Constraint

Policy

String

No

No

The policy.

The policy must be 1 to 1,024 characters in length. When you attach an instance RAM role to one or more instances, you can specify an additional policy to further limit the permissions of the role. For more information, see Policy overview.

RamRoleName

String

Yes

No

The name of the instance RAM role.

You can call the ListRoles operation provided by RAM to query the instance RAM roles that you created.

InstanceIds

List

Yes

No

The IDs of the ECS instances.

The value can be a JSON array that consists of up to 100 instance IDs.

Return values

Fn::GetAtt

  • RamRoleName: the name of the instance RAM role.

  • InstanceIds: the IDs of the ECS instances.

Examples

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  Policy:
    Type: String
    Description: |-
      When granting the instance RAM role to one or more ECS instances, you can specify an additional permission policy to further limit the permissions of the RAM role.
      The length is 1~1024 characters.
    MinLength: 1
    MaxLength: 1024
    Default:
      Statement:
        - Action:
            - '*'
          Effect: Allow
          Resource:
            - '*'
      Version: '1'
  RamRoleName:
    Type: String
    Description: The ram role name.
    Default: testRamRoleName
  InstanceIds:
    Type: Json
    Description: The instance id that needs to be granted the ram role.
    MinLength: 1
    MaxLength: 100
    Default:
      - i-***
      - i-***
Resources:
  RamRoleAttachment:
    Type: ALIYUN::ECS::RamRoleAttachment
    Properties:
      Policy:
        Ref: Policy
      RamRoleName:
        Ref: RamRoleName
      InstanceIds:
        Ref: InstanceIds
Outputs:
  RamRoleName:
    Description: The ram role name.
    Value:
      Fn::GetAtt:
        - RamRoleAttachment
        - RamRoleName
  InstanceIds:
    Description: The list of ecs instance id
    Value:
      Fn::GetAtt:
        - RamRoleAttachment
        - InstanceIds

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "Policy": {
      "Type": "String",
      "Description": "When granting the instance RAM role to one or more ECS instances, you can specify an additional permission policy to further limit the permissions of the RAM role.\nThe length is 1~1024 characters.",
      "MinLength": 1,
      "MaxLength": 1024,
      "Default": {"Statement": [{"Action": ["*"],"Effect": "Allow","Resource": ["*"]}],"Version":"1"}
    },
    "RamRoleName": {
      "Type": "String",
      "Description": "The ram role name.",
      "Default": "testRamRoleName"
    },
    "InstanceIds": {
      "Type": "Json",
      "Description": "The instance id that needs to be granted the ram role.",
      "MinLength": 1,
      "MaxLength": 100,
      "Default": ["i-***", "i-***"]
    }
  },
  "Resources": {
    "RamRoleAttachment": {
      "Type": "ALIYUN::ECS::RamRoleAttachment",
      "Properties": {
        "Policy": {
          "Ref": "Policy"
        },
        "RamRoleName": {
          "Ref": "RamRoleName"
        },
        "InstanceIds": {
          "Ref": "InstanceIds"
        }
      }
    }
  },
  "Outputs": {
    "RamRoleName": {
      "Description": "The ram role name.",
      "Value": {
        "Fn::GetAtt": [
          "RamRoleAttachment",
          "RamRoleName"
        ]
      }
    },
    "InstanceIds": {
      "Description": "The list of ecs instance id",
      "Value": {
        "Fn::GetAtt": [
          "RamRoleAttachment",
          "InstanceIds"
        ]
      }
    }
  }
}