Generates the information about a policy that is required by a template.

If the policy information is related to Enterprise Distributed Application Service (EDAS), you must log on to your Alibaba Cloud account and grant the required permissions to the relevant RAM users.

In this example, a policy is generated for a template whose ID is 5ecd1e10-b0e9-4389-a565-e4c15efc****.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes GenerateTemplatePolicy

The operation that you want to perform. Set the value to GenerateTemplatePolicy.

TemplateURL String No oss://ros/template/demo

The URL of the file that contains the template body. The URL must point to a template that is located on an HTTP or HTTPS web server or in an Object Storage Service (OSS) bucket, such as oss://ros/template/demo or oss://ros/template/demo?RegionId=cn-hangzhou. The template body can be up to 524,288 bytes in length.

Note If you do not specify the region ID of the OSS bucket, the value of the RegionId parameter is used.

You can specify only one of the following parameters: TemplateBody, TemplateURL, and TemplateId.

The URL can be up to 1,024 bytes in length.

TemplateBody String No {"ROSTemplateFormatVersion":"2015-09-01"}

The structure that contains the template body. The template body must be 1 to 524,288 bytes in length.

If the length of the template body exceeds the upper limit, we recommend that you add parameters to the HTTP POST request body to prevent request failures caused by excessively long URLs.

You can specify only one of the following parameters: TemplateBody, TemplateURL, and TemplateId.

TemplateId String No 5ecd1e10-b0e9-4389-a565-e4c15efc****

The ID of the template. This parameter applies to shared templates and private templates.

You can specify only one of the following parameters: TemplateBody, TemplateURL, and TemplateId.

TemplateVersion String No v1

The version of the template. This parameter takes effect only when the TemplateId parameter is specified.

OperationTypes.N String No ["CreateStack"]

The type of operation N for which you want to generate the policy information.

Valid values:

  • CreateStack: creates a stack by calling the CreateStack operation.
  • UpdateStack: updates a stack by calling the UpdateStack operation.
  • DeleteStack: deletes a stack by calling the DeleteStack operation.
  • DetectStackDrift: detects drifts on a stack by calling the DelectStackDrift operation.
  • ListStackOperationRisks: lists the risks of a deletion operation on a stack by setting the OperationType parameter to DeleteStack in the ListStackOperationRisks operation.
  • GetTemplateEstimateCost: queries the estimated prices of resources that you want to use in the template by calling the GetTemplateEstimateCost operation.
  • GetTemplateParameterConstraints: queries the values of parameters in the template by calling the GetTemplateParameterConstraints operation.
  • ImportResourcesToStack: imports resources to a stack by setting the ChangeSetType parameter to IMPORT in the CreateChangeSet operation.
  • SignalResource: sends a signal to a stack.
Note The default value is the combination of all valid values.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter Type Example Description
Policy Object

The information about the policy.

Version String 1

The version number.

Statement Array of Statement

The statements that are contained in the policy.

Effect String Allow

The effect of the statement. Valid values:

  • Allow
  • Deny
Resource String *

The object that the statement covers. An asterisk (*) indicates all resources.

Action Array of String [ "apigateway:CreateApi", "apigateway:DeleteApi","apigateway:DescribeApi","apigateway:ModifyApi"]

The operations that are performed on the specified resource.

RequestId String B288A0BE-D927-4888-B0F7-B35EF84B6E6

The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?Action=GenerateTemplatePolicy
&TemplateId=5ecd1e10-b0e9-4389-a565-e4c15efc****
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<Policy>
    <Version>1</Version>
    <Statement>
        <Action>ecs:DescribeVpcs</Action>
        <Action>ecs:DeleteVpc</Action>
        <Resource>*</Resource>
        <Effect>Allow</Effect>
    </Statement>
    <Statement>
        <Action>vpc:CreateVpc</Action>
        <Action>vpc:DescribeVpcs</Action>
        <Action>vpc:ModifyVpcAttribute</Action>
        <Action>vpc:TagResources</Action>
        <Resource>*</Resource>
        <Effect>Allow</Effect>
    </Statement>
</Policy>
<RequestId>16AAEDEB-6273-405E-97D3-023EFD95DE03</RequestId>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "Policy" : {
    "Version" : 1,
    "Statement" : [ {
      "Action" : [ "ecs:DescribeVpcs", "ecs:DeleteVpc" ],
      "Resource" : "*",
      "Effect" : "Allow"
    }, {
      "Action" : [ "vpc:CreateVpc", "vpc:DescribeVpcs", "vpc:ModifyVpcAttribute", "vpc:TagResources" ],
      "Resource" : "*",
      "Effect" : "Allow"
    } ]
  },
  "RequestId" : "16AAEDEB-6273-405E-97D3-023EFD95DE03"
}

Error codes

For a list of error codes, see Service error codes.

HttpCode

Error code

Error message

Description

400

StackValidationFailed

{reason}.

The error message returned because the stack failed to be validated. reason indicates the cause of the error.

404

TemplateNotFound

The Tempalte ({ ID }) could not be found.

The error message returned because the specified template does not exist. ID indicates the template ID.

404

TemplateNotFound

The Template { ID } with version { version } could not be found.

The error message returned because the template or template version does not exist. ID indicates the template ID. version indicates the template version.