ALIYUN::RAM::ManagedPolicy is used to create a Resource Access Management (RAM) policy.
Syntax
{
"Type": "ALIYUN::RAM::ManagedPolicy",
"Properties": {
"PolicyName": String,
"Description": String,
"Roles": List,
"PolicyDocumentUnchecked": Map,
"PolicyDocument": Map,
"Groups": List,
"Users": List,
"IgnoreExisting": Boolean
}
}
Properties
Property | Type | Required | Editable | Description | Constraint |
PolicyName | String | Yes | No | The name of the policy. | The name can be up to 128 characters in length. |
Description | String | No | No | The description of the policy. | The description can be up to 1,024 characters in length. |
PolicyDocument | Map | No | Yes | Details of the policy. | For more information, see PolicyDocument properties. |
Users | List | No | No | The users to whom you want to attach the policy. | None. |
Groups | List | No | No | The user groups to whom you want to attach the policy. | None. |
Roles | List | No | No | The roles to whom you want to attach the policy. | None. |
PolicyDocumentUnchecked | Map | No | Yes | The policy document that describes specific actions performed on specific resources. | If you specify this property, PolicyDocument is ignored. |
IgnoreExisting | Boolean | No | No | Specifies whether to ignore the existing policy that has the same name as the new policy. | Valid values:
|
PolicyDocument syntax
"PolicyDocument": {
"Version": String,
"Statement": List
}
PolicyDocument properties
Property | Type | Required | Editable | Description | Constraint |
Version | String | Yes | No | The version of the policy. | None. |
Statement | List | Yes | No | The statements of the policy. | For more information, see Statement properties. |
Statement syntax
"Statement": [
{
"Condition": Map,
"Action": List,
"Resource": List,
"Effect": String
}
]
Statement properties
Property | Type | Required | Editable | Description | Constraint |
Condition | Map | No | No | The condition that is required for the policy to take effect. | None. |
Action | List | No | No | The actions that are performed based on the policy. | None. |
Resource | List | No | No | The resources to which you want to apply the policy. | None. |
Effect | String | No | No | The effect of the statement. | Valid values:
|
Return values
Fn::GetAtt
PolicyName: the name of the policy.