ALIYUN::RAM::AccessKey類型用於擷取指定使用者的AccessKey ID、AccessKey Secret以及AccessKey的狀態。
文法
{
"Type": "ALIYUN::RAM::AccessKey ",
"Properties": {
"UserName": String
}
}屬性
屬性名稱 | 類型 | 必須 | 允許更新 | 描述 | 約束 |
UserName | String | 是 | 否 | 使用者名稱 | 無 |
傳回值
Fn::GetAtt
AccessKeyId:AccessKey ID。
AccessKeySecret:AccessKey密鑰。
Status:AccessKey狀態,禁用或者開啟。
樣本
情境 1 :指定使用者建立AccessKey。
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
UserName:
Type: String
AssociationProperty: ALIYUN::RAM::User
Resources:
AccessKey:
Type: ALIYUN::RAM::AccessKey
Properties:
UserName:
Ref: UserName
Outputs:
Status:
Description: Status of access key.
Value:
Fn::GetAtt:
- AccessKey
- Status
AccessKeyId:
Description: Id of access key.
Value:
Fn::GetAtt:
- AccessKey
- AccessKeyId
AccessKeySecret:
Description: Secret of access key.
Value:
Fn::GetAtt:
- AccessKey
- AccessKeySecret{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"UserName": {
"Type": "String",
"AssociationProperty": "ALIYUN::RAM::User"
}
},
"Resources": {
"AccessKey": {
"Type": "ALIYUN::RAM::AccessKey",
"Properties": {
"UserName": {
"Ref": "UserName"
}
}
}
},
"Outputs": {
"Status": {
"Description": "Status of access key.",
"Value": {
"Fn::GetAtt": [
"AccessKey",
"Status"
]
}
},
"AccessKeyId": {
"Description": "Id of access key.",
"Value": {
"Fn::GetAtt": [
"AccessKey",
"AccessKeyId"
]
}
},
"AccessKeySecret": {
"Description": "Secret of access key.",
"Value": {
"Fn::GetAtt": [
"AccessKey",
"AccessKeySecret"
]
}
}
}
}情境 2 :使用STS臨時訪問憑證訪問OSS。
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 使用STS臨時訪問憑證訪問OSS。
en: Use STS Temporary access credentials to access OSS.
Conditions:
CreateInstance:
Fn::Equals:
- Ref: SelectInstance
- false
Parameters:
UserName:
Type: String
Description:
zh-cn: 自訂RAM使用者名稱稱。
en: Customize the RAM user name.
Label:
zh-cn: RAM使用者名稱稱
en: RAM User Name
AssociationProperty: AutoCompleteInput
AssociationPropertyMetadata:
Length: 6
Prefix: RamOssTest-
CharacterClasses:
- Class: lowercase
min: 1
RoleName:
Type: String
Description:
zh-cn: 自訂RAM角色名稱。
en: Customize the RAM role name.
Label:
zh-cn: RAM角色名稱
en: RAM Rol Name
AssociationProperty: AutoCompleteInput
AssociationPropertyMetadata:
Length: 6
Prefix: RamOssTest-
CharacterClasses:
- Class: lowercase
min: 1
SelectInstance:
Type: Boolean
Label:
en: Whether to select an existing Bucket
zh-cn: 是否選擇已有Bucket
Default: true
ExistBucketName:
Type: String
Label:
en: Existing Bucket
zh-cn: 已有Bucket
AssociationProperty: ALIYUN::OSS::Bucket::BucketName
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- true
Default: ''
BucketName:
Type: String
Label:
zh-cn: 建立儲存空間名稱
en: NewBucketName
Description:
zh-cn: Bucket 名稱在 OSS 範圍內必須全域唯一。長度為3~63個字元。必須以小寫英文字母或數字開頭和結尾,可包含小寫英文字母、數字和短劃線(-)。
en: Bucket names must be globally unique within the scope of OSS. The length is 3~63 characters. Must start and end with a lowercase English letter or number, and can contain lowercase English letters, numbers, and dashes (-).
AssociationProperty: AutoCompleteInput
AssociationPropertyMetadata:
Length: 6
Prefix: my-bucketname-
CharacterClasses:
- Class: lowercase
min: 1
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- false
AllowedPattern: ^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$
Default: null
AccessControl:
Type: String
Label:
en: Access Control
zh-cn: 讀寫權限
Description:
en: Set the access permission of the bucket
zh-cn: 設定Bucket讀寫權限
Default: private
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- false
AllowedValues:
- private
- public-read
- public-read-write
Resources:
RamUser:
Type: ALIYUN::RAM::User
Properties:
UserName:
Ref: UserName
RamAK:
Type: ALIYUN::RAM::AccessKey
Properties:
UserName:
Fn::GetAtt:
- RamUser
- UserName
DependsOn: RamUser
AttachPolicyToUser:
Type: ALIYUN::RAM::AttachPolicyToUser
Properties:
PolicyType: System
UserName:
Fn::GetAtt:
- RamUser
- UserName
PolicyName: AliyunSTSAssumeRoleAccess
DependsOn: RamAK
MyBucket:
Condition: CreateInstance
Type: ALIYUN::OSS::Bucket
Properties:
AccessControl:
Ref: AccessControl
BucketName:
Ref: BucketName
Role:
Type: ALIYUN::RAM::Role
Properties:
RoleName:
Ref: RoleName
AssumeRolePolicyDocument:
Version: '1'
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
RAM:
- Fn::Sub: acs:ram::${ALIYUN::TenantId}:root
Service:
- fc.aliyuncs.com
- ram.aliyuncs.com
Policies:
- PolicyName:
Fn::Join:
- ''
- - Policy-
- Ref: ALIYUN::StackId
PolicyDocument:
Version: '1'
Statement:
- Effect: Allow
Action:
- oss:*
Resource:
- 'Fn::Sub':
- 'acs:oss:*:*:${BucketName}/*'
- BucketName:
Fn::If:
- CreateInstance
- Ref: BucketName
- Ref: ExistBucketName
FCRamRole:
Type: ALIYUN::RAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service:
- fc.aliyuncs.com
- ram.aliyuncs.com
Version: '1'
Policies:
- PolicyDocument:
Statement:
- Action:
- log:*
Effect: Allow
Resource:
- acs:log:*:*:*
- Action:
- fc:*
Effect: Allow
Resource:
- '*'
- Action:
- ram:*
Effect: Allow
Resource:
- '*'
Version: '1'
PolicyName:
Fn::Join:
- '-'
- - StackId
- Ref: ALIYUN::StackId
RoleName:
Fn::Join:
- '-'
- - StackId
- Ref: ALIYUN::StackId
FcService:
Type: ALIYUN::FC::Service
Properties:
ServiceName:
Fn::Join:
- '-'
- - StackId
- Ref: ALIYUN::StackId
- FC-Service
Role:
Fn::GetAtt:
- FCRamRole
- Arn
Function:
Type: ALIYUN::FC::Function
Properties:
ServiceName:
Fn::GetAtt:
- FcService
- ServiceName
FunctionName:
Fn::Join:
- '-'
- - AssumeRoleFunction
- Ref: ALIYUN::StackId
Handler: index.handler
Runtime: python3.9
Code:
SourceCode: |
#!/usr/bin/env python
# coding=utf-8
import json, time, urllib.request
from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.acs_exception.exceptions import ClientException
from aliyunsdkcore.acs_exception.exceptions import ServerException
from aliyunsdkcore.auth.credentials import AccessKeyCredential
from aliyunsdkcore.auth.credentials import StsTokenCredential
from aliyunsdksts.request.v20150401.AssumeRoleRequest import AssumeRoleRequest
def handler(event, context):
event = json.loads(event)
creds = context.credentials
r_ps = event['ResourceProperties']
credentials = StsTokenCredential(r_ps['AKId'], r_ps['AKSecret'], creds.security_token)
client = AcsClient(region_id=context.region, credential=credentials)
if event['RequestType'] != 'Delete':
request = AssumeRoleRequest()
request.set_accept_format('json')
request.set_DurationSeconds(3600)
request.set_Policy(r_ps['RolePolicy'])
request.set_RoleArn(r_ps['RoleArn'])
request.set_RoleSessionName("RoleSessionName")
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))
response = json.loads(response)
result = {
'RequestId': event['RequestId'],
'LogicalResourceId': event['LogicalResourceId'],
'StackId': event['StackId'],
'Status': 'SUCCESS',
'PhysicalResourceId': 'MyCustomResourceId',
'Data': {}
}
if event['RequestType'] != 'Delete':
result['Data'] = response.get('Credentials')
headers = {'Content-type': 'application/json', 'Accept': 'application/json','Date': time.strftime('%a, %d %b %Y %X GMT', time.gmtime()), 'User-Agent': 'MyCustomUserAgent'}
req = urllib.request.Request(event['ResponseURL'], data=json.dumps(result).encode('utf-8'), headers=headers)
urllib.request.urlopen(req)
AssumeRoleCredentials:
Type: Custom::AssumeRole
DeletionPolicy: Retain
Properties:
ServiceToken:
Fn::GetAtt:
- Function
- ARN
Parameters:
RolePolicy:
'Fn::Sub':
- "{\"Version\":\"1\",\"Statement\":[{\"Action\":[\"oss:PutObject\", \"oss:GetObject\"],\"Resource\":[\"acs:oss:*:*:${BucketName}/*\"],\"Effect\":\"Allow\"}]}"
- BucketName:
Fn::If:
- CreateInstance
- Ref: BucketName
- Ref: ExistBucketName
RoleArn:
Fn::GetAtt:
- Role
- Arn
AKId:
Fn::GetAtt:
- RamAK
- AccessKeyId
AKSecret:
Fn::GetAtt:
- RamAK
- AccessKeySecret
RoleSessionName:
Fn::Join:
- '-'
- - RoleSessionName
- Ref: ALIYUN::StackId
Timeout: 120
Outputs:
AccessKeyId:
Description:
zh-cn: 臨時訪問憑證包含的臨時存取金鑰AccessKey ID。
en: Temporary access certificate contains temporary access key AccessKey ID.
Value:
Fn::GetAtt:
- AssumeRoleCredentials
- AccessKeyId
SecurityToken:
Description:
zh-cn: SecurityToken為臨時訪問憑證包含的安全臨牌。SecurityToken字元數較多,建議直接單擊複製表徵圖擷取完整的SecurityToken。
en: SecurityToken is the security temporary card contained in the temporary access certificate. The SecurityToken contains a large number of characters. You are advised to click the Copy icon to obtain a complete SecurityToken..
Value:
Fn::GetAtt:
- AssumeRoleCredentials
- SecurityToken
AccessKeySecret:
Description:
zh-cn: 臨時訪問憑證包含的臨時存取金鑰AccessKey Secret。
en: Temporary access certificate contains temporary access key AccessKey Secret.
Value:
Fn::GetAtt:
- AssumeRoleCredentials
- AccessKeySecret
Expiration:
Description:
zh-cn: 臨時訪問憑證的到期時間,建議直接單擊複製表徵圖擷取完整的Expiration。臨時訪問憑證到期時間格式是UTC,與北京時間有8小時的時差。例如,臨時訪問憑證到期時間是2024-04-18T11:33:40Z,說明臨時訪問憑證將在北京時間2024年4月18日19時33分40秒之前到期。
en: The Expiration time of the temporary access certificate. You are advised to click the copy icon to obtain the complete expiration. The temporary access certificate expiration time format is UTC, which is 8 hours behind Beijing Time. For example, the temporary access certificate expiration time is 2024-04-18T11:33:40Z, which means that the temporary access certificate will expire before 19:33 minutes and 40 seconds Beijing time on April 18, 2024.
Value:
Fn::GetAtt:
- AssumeRoleCredentials
- Expiration
Metadata:
ALIYUN::ROS::Interface:
Outputs:
- AccessKeyId
- AccessKeySecret
- SecurityToken
- Expiration
ParameterGroups:
- Parameters:
- SelectInstance
- ExistBucketName
- BucketName
- AccessControl
Label:
default: OSS
- Parameters:
- UserName
- RoleName
Label:
default: RAM
TemplateTags:
- acs:document-help:oss:使用STS臨時訪問憑證訪問OSS{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"zh-cn": "使用STS臨時訪問憑證訪問OSS。",
"en": "Use STS Temporary access credentials to access OSS."
},
"Conditions": {
"CreateInstance": {
"Fn::Equals": [
{
"Ref": "SelectInstance"
},
false
]
}
},
"Parameters": {
"UserName": {
"Type": "String",
"Description": {
"zh-cn": "自訂RAM使用者名稱稱。",
"en": "Customize the RAM user name."
},
"Label": {
"zh-cn": "RAM使用者名稱稱",
"en": "RAM User Name"
},
"AssociationProperty": "AutoCompleteInput",
"AssociationPropertyMetadata": {
"Length": 6,
"Prefix": "RamOssTest-",
"CharacterClasses": [
{
"Class": "lowercase",
"min": 1
}
]
}
},
"RoleName": {
"Type": "String",
"Description": {
"zh-cn": "自訂RAM角色名稱。",
"en": "Customize the RAM role name."
},
"Label": {
"zh-cn": "RAM角色名稱",
"en": "RAM Rol Name"
},
"AssociationProperty": "AutoCompleteInput",
"AssociationPropertyMetadata": {
"Length": 6,
"Prefix": "RamOssTest-",
"CharacterClasses": [
{
"Class": "lowercase",
"min": 1
}
]
}
},
"SelectInstance": {
"Type": "Boolean",
"Label": {
"en": "Whether to select an existing Bucket",
"zh-cn": "是否選擇已有Bucket"
},
"Default": true
},
"ExistBucketName": {
"Type": "String",
"Label": {
"en": "Existing Bucket",
"zh-cn": "已有Bucket"
},
"AssociationProperty": "ALIYUN::OSS::Bucket::BucketName",
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
true
]
}
}
},
"Default": ""
},
"BucketName": {
"Type": "String",
"Label": {
"zh-cn": "建立儲存空間名稱",
"en": "NewBucketName"
},
"Description": {
"zh-cn": "Bucket 名稱在 OSS 範圍內必須全域唯一。長度為3~63個字元。必須以小寫英文字母或數字開頭和結尾,可包含小寫英文字母、數字和短劃線(-)。",
"en": "Bucket names must be globally unique within the scope of OSS. The length is 3~63 characters. Must start and end with a lowercase English letter or number, and can contain lowercase English letters, numbers, and dashes (-)."
},
"AssociationProperty": "AutoCompleteInput",
"AssociationPropertyMetadata": {
"Length": 6,
"Prefix": "my-bucketname-",
"CharacterClasses": [
{
"Class": "lowercase",
"min": 1
}
],
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
false
]
}
}
},
"AllowedPattern": "^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$",
"Default": null
},
"AccessControl": {
"Type": "String",
"Label": {
"en": "Access Control",
"zh-cn": "讀寫權限"
},
"Description": {
"en": "Set the access permission of the bucket",
"zh-cn": "設定Bucket讀寫權限"
},
"Default": "private",
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
false
]
}
}
},
"AllowedValues": [
"private",
"public-read",
"public-read-write"
]
}
},
"Resources": {
"RamUser": {
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": {
"Ref": "UserName"
}
}
},
"RamAK": {
"Type": "ALIYUN::RAM::AccessKey",
"Properties": {
"UserName": {
"Fn::GetAtt": [
"RamUser",
"UserName"
]
}
},
"DependsOn": "RamUser"
},
"AttachPolicyToUser": {
"Type": "ALIYUN::RAM::AttachPolicyToUser",
"Properties": {
"PolicyType": "System",
"UserName": {
"Fn::GetAtt": [
"RamUser",
"UserName"
]
},
"PolicyName": "AliyunSTSAssumeRoleAccess"
},
"DependsOn": "RamAK"
},
"MyBucket": {
"Condition": "CreateInstance",
"Type": "ALIYUN::OSS::Bucket",
"Properties": {
"AccessControl": {
"Ref": "AccessControl"
},
"BucketName": {
"Ref": "BucketName"
}
}
},
"Role": {
"Type": "ALIYUN::RAM::Role",
"Properties": {
"RoleName": {
"Ref": "RoleName"
},
"AssumeRolePolicyDocument": {
"Version": "1",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"RAM": [
{
"Fn::Sub": "acs:ram::${ALIYUN::TenantId}:root"
}
],
"Service": [
"fc.aliyuncs.com",
"ram.aliyuncs.com"
]
}
}
]
},
"Policies": [
{
"PolicyName": {
"Fn::Join": [
"",
[
"Policy-",
{
"Ref": "ALIYUN::StackId"
}
]
]
},
"PolicyDocument": {
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:*"
],
"Resource": [
{
"Fn::Sub": [
"acs:oss:*:*:${BucketName}/*",
{
"BucketName": {
"Fn::If": [
"CreateInstance",
{
"Ref": "BucketName"
},
{
"Ref": "ExistBucketName"
}
]
}
}
]
}
]
}
]
}
}
]
}
},
"FCRamRole": {
"Type": "ALIYUN::RAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": [
"fc.aliyuncs.com",
"ram.aliyuncs.com"
]
}
}
],
"Version": "1"
},
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"log:*"
],
"Effect": "Allow",
"Resource": [
"acs:log:*:*:*"
]
},
{
"Action": [
"fc:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ram:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "1"
},
"PolicyName": {
"Fn::Join": [
"-",
[
"StackId",
{
"Ref": "ALIYUN::StackId"
}
]
]
}
}
],
"RoleName": {
"Fn::Join": [
"-",
[
"StackId",
{
"Ref": "ALIYUN::StackId"
}
]
]
}
}
},
"FcService": {
"Type": "ALIYUN::FC::Service",
"Properties": {
"ServiceName": {
"Fn::Join": [
"-",
[
"StackId",
{
"Ref": "ALIYUN::StackId"
},
"FC-Service"
]
]
},
"Role": {
"Fn::GetAtt": [
"FCRamRole",
"Arn"
]
}
}
},
"Function": {
"Type": "ALIYUN::FC::Function",
"Properties": {
"ServiceName": {
"Fn::GetAtt": [
"FcService",
"ServiceName"
]
},
"FunctionName": {
"Fn::Join": [
"-",
[
"AssumeRoleFunction",
{
"Ref": "ALIYUN::StackId"
}
]
]
},
"Handler": "index.handler",
"Runtime": "python3.9",
"Code": {
"SourceCode": "#!/usr/bin/env python\n# coding=utf-8\nimport json, time, urllib.request\nfrom aliyunsdkcore.client import AcsClient\nfrom aliyunsdkcore.acs_exception.exceptions import ClientException \nfrom aliyunsdkcore.acs_exception.exceptions import ServerException \nfrom aliyunsdkcore.auth.credentials import AccessKeyCredential \nfrom aliyunsdkcore.auth.credentials import StsTokenCredential \nfrom aliyunsdksts.request.v20150401.AssumeRoleRequest import AssumeRoleRequest \ndef handler(event, context):\n event = json.loads(event)\n creds = context.credentials\n r_ps = event['ResourceProperties']\n\n credentials = StsTokenCredential(r_ps['AKId'], r_ps['AKSecret'], creds.security_token)\n client = AcsClient(region_id=context.region, credential=credentials)\n\n\n if event['RequestType'] != 'Delete':\n request = AssumeRoleRequest()\n request.set_accept_format('json')\n request.set_DurationSeconds(3600)\n request.set_Policy(r_ps['RolePolicy'])\n request.set_RoleArn(r_ps['RoleArn'])\n request.set_RoleSessionName(\"RoleSessionName\")\n\n response = client.do_action_with_exception(request)\n\n print(str(response, encoding='utf-8'))\n response = json.loads(response)\n result = {\n 'RequestId': event['RequestId'],\n 'LogicalResourceId': event['LogicalResourceId'],\n 'StackId': event['StackId'],\n 'Status': 'SUCCESS',\n 'PhysicalResourceId': 'MyCustomResourceId',\n 'Data': {}\n }\n if event['RequestType'] != 'Delete':\n result['Data'] = response.get('Credentials')\n headers = {'Content-type': 'application/json', 'Accept': 'application/json','Date': time.strftime('%a, %d %b %Y %X GMT', time.gmtime()), 'User-Agent': 'MyCustomUserAgent'}\n req = urllib.request.Request(event['ResponseURL'], data=json.dumps(result).encode('utf-8'), headers=headers)\n urllib.request.urlopen(req)\n"
}
}
},
"AssumeRoleCredentials": {
"Type": "Custom::AssumeRole",
"DeletionPolicy": "Retain",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"Function",
"ARN"
]
},
"Parameters": {
"RolePolicy": {
"Fn::Sub": [
"{\"Version\":\"1\",\"Statement\":[{\"Action\":[\"oss:PutObject\", \"oss:GetObject\"],\"Resource\":[\"acs:oss:*:*:${BucketName}/*\"],\"Effect\":\"Allow\"}]}",
{
"BucketName": {
"Fn::If": [
"CreateInstance",
{
"Ref": "BucketName"
},
{
"Ref": "ExistBucketName"
}
]
}
}
]
},
"RoleArn": {
"Fn::GetAtt": [
"Role",
"Arn"
]
},
"AKId": {
"Fn::GetAtt": [
"RamAK",
"AccessKeyId"
]
},
"AKSecret": {
"Fn::GetAtt": [
"RamAK",
"AccessKeySecret"
]
},
"RoleSessionName": {
"Fn::Join": [
"-",
[
"RoleSessionName",
{
"Ref": "ALIYUN::StackId"
}
]
]
}
},
"Timeout": 120
}
}
},
"Outputs": {
"AccessKeyId": {
"Description": {
"zh-cn": "臨時訪問憑證包含的臨時存取金鑰AccessKey ID。",
"en": "Temporary access certificate contains temporary access key AccessKey ID."
},
"Value": {
"Fn::GetAtt": [
"AssumeRoleCredentials",
"AccessKeyId"
]
}
},
"SecurityToken": {
"Description": {
"zh-cn": "SecurityToken為臨時訪問憑證包含的安全臨牌。SecurityToken字元數較多,建議直接單擊複製表徵圖擷取完整的SecurityToken。",
"en": "SecurityToken is the security temporary card contained in the temporary access certificate. The SecurityToken contains a large number of characters. You are advised to click the Copy icon to obtain a complete SecurityToken.."
},
"Value": {
"Fn::GetAtt": [
"AssumeRoleCredentials",
"SecurityToken"
]
}
},
"AccessKeySecret": {
"Description": {
"zh-cn": "臨時訪問憑證包含的臨時存取金鑰AccessKey Secret。",
"en": "Temporary access certificate contains temporary access key AccessKey Secret."
},
"Value": {
"Fn::GetAtt": [
"AssumeRoleCredentials",
"AccessKeySecret"
]
}
},
"Expiration": {
"Description": {
"zh-cn": "臨時訪問憑證的到期時間,建議直接單擊複製表徵圖擷取完整的Expiration。臨時訪問憑證到期時間格式是UTC,與北京時間有8小時的時差。例如,臨時訪問憑證到期時間是2024-04-18T11:33:40Z,說明臨時訪問憑證將在北京時間2024年4月18日19時33分40秒之前到期。",
"en": "The Expiration time of the temporary access certificate. You are advised to click the copy icon to obtain the complete expiration. The temporary access certificate expiration time format is UTC, which is 8 hours behind Beijing Time. For example, the temporary access certificate expiration time is 2024-04-18T11:33:40Z, which means that the temporary access certificate will expire before 19:33 minutes and 40 seconds Beijing time on April 18, 2024."
},
"Value": {
"Fn::GetAtt": [
"AssumeRoleCredentials",
"Expiration"
]
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"Outputs": [
"AccessKeyId",
"AccessKeySecret",
"SecurityToken",
"Expiration"
],
"ParameterGroups": [
{
"Parameters": [
"SelectInstance",
"ExistBucketName",
"BucketName",
"AccessControl"
],
"Label": {
"default": "OSS"
}
},
{
"Parameters": [
"UserName",
"RoleName"
],
"Label": {
"default": "RAM"
}
}
],
"TemplateTags": [
"acs:document-help:oss:使用STS臨時訪問憑證訪問OSS"
]
}
}
}更多樣本,請參考包含此資源的公用模板。