ALIYUN::RAM::ManagedPolicy - Resource Orchestration Service

ALIYUN::RAM::ManagedPolicy is used to create a Resource Access Management (RAM) policy.

Syntax

{
  "Type": "ALIYUN::RAM::ManagedPolicy",
  "Properties": {
    "PolicyName": String,
    "Description": String,
    "Roles": List,
    "PolicyDocumentUnchecked": Map,
    "PolicyDocument": Map,
    "Groups": List,
    "Users": List,
    "IgnoreExisting": Boolean
  }
}

Properties

Property	Type	Required	Editable	Description	Constraint
PolicyName	String	Yes	No	The name of the policy.	The name can be up to 128 characters in length.
Description	String	No	No	The description of the policy.	The description can be up to 1,024 characters in length.
PolicyDocument	Map	No	Yes	Details of the policy.	For more information, see PolicyDocument properties.
Users	List	No	No	The users to whom you want to attach the policy.	None.
Groups	List	No	No	The user groups to whom you want to attach the policy.	None.
Roles	List	No	No	The roles to whom you want to attach the policy.	None.
PolicyDocumentUnchecked	Map	No	Yes	The policy document that describes specific actions performed on specific resources.	If you specify this property, PolicyDocument is ignored.
IgnoreExisting	Boolean	No	No	Specifies whether to ignore the existing policy that has the same name as the new policy.	Valid values: true: ignores the existing policy. Resource Orchestration Service (ROS) does not check the name uniqueness of policies. If an existing policy with the same name exists in the ROS console, the policy is ignored when ROS creates the new policy. If the existing policy is not created in the ROS console, the policy is ignored when ROS updates or deletes the new policy. false: does not ignore the existing policy. ROS checks the name uniqueness of policies. If an existing policy with the same name exists in the ROS console, an error is reported when ROS creates the new policy.

PolicyDocument syntax

"PolicyDocument": {
  "Version": String,
  "Statement": List
}

PolicyDocument properties

Property	Type	Required	Editable	Description	Constraint
Version	String	Yes	No	The version of the policy.	None.
Statement	List	Yes	No	The statements of the policy.	For more information, see Statement properties.

Statement syntax

"Statement": [
  {
    "Condition": Map,
    "Action": List,
    "Resource": List,
    "Effect": String
  }
]

Statement properties

Property	Type	Required	Editable	Description	Constraint
Condition	Map	No	No	The condition that is required for the policy to take effect.	None.
Action	List	No	No	The actions that are performed based on the policy.	None.
Resource	List	No	No	The resources to which you want to apply the policy.	None.
Effect	String	No	No	The effect of the statement.	Valid values: Allow Deny

Return values

Fn::GetAtt

PolicyName: the name of the policy.

Examples

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Description: Test RAM ManagedPolicy
Parameters:
  User:
    Type: String
    AssociationProperty: ALIYUN::RAM::User
Resources:
  ManagePolicy:
    Type: ALIYUN::RAM::ManagedPolicy
    Properties:
      PolicyName: TestPolicy
      PolicyDocument:
        Version: '1'
        Statement:
          - Action:
              - '*'
            Resource:
              - '*'
            Effect: Allow
      Users:
        - Ref: User
Outputs: {}

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Description": "Test RAM ManagedPolicy",
  "Parameters": {
    "User": {
      "Type": "String",
      "AssociationProperty": "ALIYUN::RAM::User"
    }
  },
  "Resources": {
    "ManagePolicy": {
      "Type": "ALIYUN::RAM::ManagedPolicy",
      "Properties": {
        "PolicyName": "TestPolicy",
        "PolicyDocument": {
          "Version": "1",
          "Statement": [
            {
              "Action": [
                "*"
              ],
              "Resource": [
                "*"
              ],
              "Effect": "Allow"
            }
          ]
        },
        "Users": [
          {
            "Ref": "User"
          }
        ]
      }
    }
  },
  "Outputs": {
  }
}