ALIYUN::RAM::User類型用於建立RAM使用者。
文法
{
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": String,
"DisplayName": String,
"LoginProfile": Map,
"Groups": List,
"MobilePhone": String,
"Email": String,
"Comments": String,
"Policies": List,
"PolicyAttachments": Map,
"DeletionForce": Boolean
}
}屬性
|
屬性名稱 |
類型 |
必須 |
允許更新 |
描述 |
約束 |
|
UserName |
String |
是 |
否 |
RAM使用者的名稱。 |
長度為1~64個字元,可包含英文字母、數字、半形句號(.)、短劃線(-)和底線(_)。 |
|
DisplayName |
String |
否 |
是 |
RAM使用者的顯示名稱。 |
長度為1~128個字元。 |
|
LoginProfile |
Map |
否 |
否 |
RAM使用者的登入配置。 |
更多資訊,請參見LoginProfile屬性。 |
|
Groups |
List |
否 |
否 |
RAM使用者加入的使用者組。 |
無 |
|
MobilePhone |
String |
否 |
是 |
RAM使用者的手機號碼。 |
無 |
|
|
String |
否 |
是 |
RAM使用者的郵箱。 |
無 |
|
Comments |
String |
否 |
是 |
備忘。 |
長度為1~128個字元。 |
|
Policies |
List |
否 |
是 |
適用於RAM使用者的權限原則。 |
更多資訊,請參見Policies屬性。 |
|
PolicyAttachments |
Map |
否 |
是 |
要添加的系統策略和自訂策略名稱稱。 |
更多資訊,請參見PolicyAttachments屬性。 |
|
DeletionForce |
Boolean |
否 |
是 |
是否強制解除綁定RAM使用者的權限原則。 |
取值:
|
LoginProfile文法
"LoginProfile": {
"MFABindRequired": Boolean,
"Password": String,
"PasswordResetRequired": Boolean
} LoginProfile屬性
|
屬性名稱 |
類型 |
必須 |
允許更新 |
描述 |
約束 |
|
MFABindRequired |
Boolean |
否 |
否 |
是否強制要求RAM使用者開啟多因素認證。 |
取值:
|
|
Password |
String |
否 |
否 |
RAM使用者的控制台登入新密碼。 |
密碼必須符合密碼強度要求,長度為8~32個字元。 |
|
PasswordResetRequired |
Boolean |
否 |
否 |
RAM使用者在下次登入時是否必須重設密碼。 |
取值:
|
Policies文法
"Policies": [
{
"PolicyName": String,
"PolicyDocument": Map,
"Description": String,
"IgnoreExisting": Boolean
}
] Policies屬性
|
屬性名稱 |
類型 |
必須 |
允許更新 |
描述 |
約束 |
|
Description |
String |
否 |
否 |
描述。 |
長度為1~1024個字元。 |
|
PolicyName |
String |
是 |
否 |
權限原則名稱。 |
長度為1~128個字元,可包含英文字母、數字和短劃線(-)。 |
|
PolicyDocument |
Map |
是 |
是 |
權限原則內容。 |
長度不超過2048個字元。 更多資訊,請參見PolicyDocument屬性。 |
|
IgnoreExisting |
Boolean |
否 |
否 |
是否忽略現有策略。 |
取值:
|
PolicyDocument文法
"PolicyDocument": {
"Version": String,
"Statement": List
}PolicyDocument屬性
|
屬性名稱 |
類型 |
必須 |
允許更新 |
描述 |
約束 |
|
Version |
String |
是 |
否 |
權限原則版本。 |
無 |
|
Statement |
List |
是 |
否 |
權限原則具體規則。 |
更多資訊,請參見Statement屬性。 |
Statement文法
"Statement": [
{
"Condition": Map,
"Action": List,
"Resource": List,
"Effect": String
}
]Statement屬性
|
屬性名稱 |
類型 |
必須 |
允許更新 |
描述 |
約束 |
|
Condition |
Map |
否 |
否 |
授權生效的限制條件。 |
無 |
|
Action |
List |
否 |
否 |
權限原則針對的具體操作。 |
無 |
|
Resource |
List |
否 |
否 |
權限原則針對的具體資源。 |
無 |
|
Effect |
String |
否 |
否 |
授權效力。 |
取值:
|
PolicyAttachments文法
"PolicyAttachments": {
"Custom": List,
"System": List
}PolicyAttachments屬性
|
屬性名稱 |
類型 |
必須 |
允許更新 |
描述 |
約束 |
|
Custom |
List |
否 |
是 |
自訂策略名稱稱列表。 |
策略數量小於等於5。 |
|
System |
List |
否 |
是 |
系統策略名稱稱列表。 |
策略數量小於等於20。 |
傳回值
Fn::GetAtt
-
UserName:RAM使用者名稱稱。
-
UserId:RAM使用者ID。
-
CreateDate:RAM使用者建立時間。
-
LastLoginDate:RAM使用者最後登入時間。
樣本
情境 1 :建立RAM使用者。
ROSTemplateFormatVersion: '2015-09-01'
Description: Test RAM User
Parameters: {}
Resources:
User:
Type: ALIYUN::RAM::User
Properties:
UserName: dev
Policies:
- PolicyName:
Fn::Join:
- '-'
- - StackId
- Ref: ALIYUN::StackId
PolicyDocument:
Statement:
- Action:
- oss:*
Effect: Allow
Resource:
- '*'
Version: '1'
Outputs: {}{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": "Test RAM User",
"Parameters": {
},
"Resources": {
"User": {
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": "dev",
"Policies": [
{
"PolicyName": {
"Fn::Join": [
"-",
[
"StackId",
{
"Ref": "ALIYUN::StackId"
}
]
]
},
"PolicyDocument": {
"Statement": [
{
"Action": [
"oss:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "1"
}
}
]
}
}
},
"Outputs": {
}
}情境 2 :建立RAM使用者,並建立AccessKey。
ROSTemplateFormatVersion: '2015-09-01'
Conditions:
CreateInstance:
Fn::Equals:
- Ref: SelectInstance
- false
Parameters:
UserName:
Type: String
Description: 自訂RAM使用者名稱稱
Label:
zh-cn: RAM使用者名稱稱
en: RAM User Name
Default: test123123123
RoleName:
Type: String
Description: 自訂RAM角色名稱
Label:
zh-cn: RAM角色名稱
en: RAM Rol Name
Default: test123123123
SelectInstance:
Type: Boolean
Label:
en: Whether to select an existing Bucket
zh-cn: 是否選擇已有Bucket
Default: true
ExistBucketName:
Type: String
Label:
en: Existing Bucket
zh-cn: 已有Bucket
AssociationProperty: ALIYUN::OSS::Bucket::BucketName
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- true
Default: ''
BucketName:
Type: String
Label:
zh-cn: 建立儲存空間名稱
en: NewBucketName
Description:
zh-cn: Bucket 名稱在 OSS 範圍內必須全域唯一。長度為3~63個字元。必須以小寫英文字母或數字開頭和結尾,可包含小寫英文字母、數字和短劃線(-)。
en: Bucket names must be globally unique within the scope of OSS. The length is 3~63 characters. Must start and end with a lowercase English letter or number, and can contain lowercase English letters, numbers, and dashes (-).
AssociationProperty: AutoCompleteInput
AssociationPropertyMetadata:
Length: 6
Prefix: my-bucketname-
CharacterClasses:
- Class: lowercase
min: 1
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- false
AllowedPattern: ^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$
AccessControl:
Type: String
Label:
en: Access Control
zh-cn: 讀寫權限
Description:
en: Set the access permission of the bucket
zh-cn: 設定Bucket讀寫權限
Default: private
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- false
AllowedValues:
- private
- public-read
- public-read-write
Resources:
RamUser:
Type: ALIYUN::RAM::User
Properties:
UserName:
Ref: UserName
RamAK:
Type: ALIYUN::RAM::AccessKey
Properties:
UserName:
Fn::GetAtt:
- RamUser
- UserName
DependsOn: RamUser
MyBucket:
Condition: CreateInstance
Type: ALIYUN::OSS::Bucket
Properties:
AccessControl:
Ref: AccessControl
BucketName:
Ref: BucketName
Role:
Type: ALIYUN::RAM::Role
Properties:
RoleName:
Ref: RoleName
AssumeRolePolicyDocument:
Version: '1'
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
RAM:
- Fn::Sub: acs:ram::${ALIYUN::TenantId}:root
Policies:
- PolicyName:
Fn::Join:
- ''
- - Policy-
- Ref: ALIYUN::StackId
PolicyDocument:
Version: '1'
Statement:
- Effect: Allow
Action:
- oss:PutObject
Resource:
- Fn::Sub:
- acs:oss:*:*:${BucketName}/*
- BucketName:
Fn::If:
- CreateInstance
- Ref: BucketName
- Ref: ExistBucketName
Outputs:
AKSecret:
Value:
Fn::GetAtt:
- RamAK
- AccessKeySecret
AKId:
Value:
Fn::GetAtt:
- RamAK
- AccessKeyId
UserId:
Value:
Fn::GetAtt:
- RamUser
- UserId
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- SelectInstance
- ExistBucketName
- BucketName
- AccessControl
Label:
default: OSS
- Parameters:
- UserName
- RoleName
Label:
default: RAM
{
"ROSTemplateFormatVersion": "2015-09-01",
"Conditions": {
"CreateInstance": {
"Fn::Equals": [
{
"Ref": "SelectInstance"
},
false
]
}
},
"Parameters": {
"UserName": {
"Type": "String",
"Description": "自訂RAM使用者名稱稱",
"Label": {
"zh-cn": "RAM使用者名稱稱",
"en": "RAM User Name"
},
"Default": "test123123123"
},
"RoleName": {
"Type": "String",
"Description": "自訂RAM角色名稱",
"Label": {
"zh-cn": "RAM角色名稱",
"en": "RAM Rol Name"
},
"Default": "test123123123"
},
"SelectInstance": {
"Type": "Boolean",
"Label": {
"en": "Whether to select an existing Bucket",
"zh-cn": "是否選擇已有Bucket"
},
"Default": true
},
"ExistBucketName": {
"Type": "String",
"Label": {
"en": "Existing Bucket",
"zh-cn": "已有Bucket"
},
"AssociationProperty": "ALIYUN::OSS::Bucket::BucketName",
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
true
]
}
}
},
"Default": ""
},
"BucketName": {
"Type": "String",
"Label": {
"zh-cn": "建立儲存空間名稱",
"en": "NewBucketName"
},
"Description": {
"zh-cn": "Bucket 名稱在 OSS 範圍內必須全域唯一。長度為3~63個字元。必須以小寫英文字母或數字開頭和結尾,可包含小寫英文字母、數字和短劃線(-)。",
"en": "Bucket names must be globally unique within the scope of OSS. The length is 3~63 characters. Must start and end with a lowercase English letter or number, and can contain lowercase English letters, numbers, and dashes (-)."
},
"AssociationProperty": "AutoCompleteInput",
"AssociationPropertyMetadata": {
"Length": 6,
"Prefix": "my-bucketname-",
"CharacterClasses": [
{
"Class": "lowercase",
"min": 1
}
],
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
false
]
}
}
},
"AllowedPattern": "^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$"
},
"AccessControl": {
"Type": "String",
"Label": {
"en": "Access Control",
"zh-cn": "讀寫權限"
},
"Description": {
"en": "Set the access permission of the bucket",
"zh-cn": "設定Bucket讀寫權限"
},
"Default": "private",
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
false
]
}
}
},
"AllowedValues": [
"private",
"public-read",
"public-read-write"
]
}
},
"Resources": {
"RamUser": {
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": {
"Ref": "UserName"
}
}
},
"RamAK": {
"Type": "ALIYUN::RAM::AccessKey",
"Properties": {
"UserName": {
"Fn::GetAtt": [
"RamUser",
"UserName"
]
}
},
"DependsOn": "RamUser"
},
"MyBucket": {
"Condition": "CreateInstance",
"Type": "ALIYUN::OSS::Bucket",
"Properties": {
"AccessControl": {
"Ref": "AccessControl"
},
"BucketName": {
"Ref": "BucketName"
}
}
},
"Role": {
"Type": "ALIYUN::RAM::Role",
"Properties": {
"RoleName": {
"Ref": "RoleName"
},
"AssumeRolePolicyDocument": {
"Version": "1",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"RAM": [
{
"Fn::Sub": "acs:ram::${ALIYUN::TenantId}:root"
}
]
}
}
]
},
"Policies": [
{
"PolicyName": {
"Fn::Join": [
"",
[
"Policy-",
{
"Ref": "ALIYUN::StackId"
}
]
]
},
"PolicyDocument": {
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:PutObject"
],
"Resource": [
{
"Fn::Sub": [
"acs:oss:*:*:${BucketName}/*",
{
"BucketName": {
"Fn::If": [
"CreateInstance",
{
"Ref": "BucketName"
},
{
"Ref": "ExistBucketName"
}
]
}
}
]
}
]
}
]
}
}
]
}
}
},
"Outputs": {
"AKSecret": {
"Value": {
"Fn::GetAtt": [
"RamAK",
"AccessKeySecret"
]
}
},
"AKId": {
"Value": {
"Fn::GetAtt": [
"RamAK",
"AccessKeyId"
]
}
},
"UserId": {
"Value": {
"Fn::GetAtt": [
"RamUser",
"UserId"
]
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Parameters": [
"SelectInstance",
"ExistBucketName",
"BucketName",
"AccessControl"
],
"Label": {
"default": "OSS"
}
},
{
"Parameters": [
"UserName",
"RoleName"
],
"Label": {
"default": "RAM"
}
}
]
}
}
}情境 3 :建立RAM使用者,並建立AccessKey,賦予其對指定 OSS Bucket 的寫入權限(oss:PutObject)。
ROSTemplateFormatVersion: '2015-09-01'
Conditions:
CreateInstance:
Fn::Equals:
- Ref: SelectInstance
- false
Parameters:
UserName:
Type: String
Description: 自訂RAM使用者名稱稱
Label:
zh-cn: RAM使用者名稱稱
en: RAM User Name
Default: test123123123
RoleName:
Type: String
Description: 自訂RAM角色名稱
Label:
zh-cn: RAM角色名稱
en: RAM Rol Name
Default: test123123123
SelectInstance:
Type: Boolean
Label:
en: Whether to select an existing Bucket
zh-cn: 是否選擇已有Bucket
Default: true
ExistBucketName:
Type: String
Label:
en: Existing Bucket
zh-cn: 已有Bucket
AssociationProperty: ALIYUN::OSS::Bucket::BucketName
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- true
Default: ''
BucketName:
Type: String
Label:
zh-cn: 建立儲存空間名稱
en: NewBucketName
Description:
zh-cn: Bucket 名稱在 OSS 範圍內必須全域唯一。長度為3~63個字元。必須以小寫英文字母或數字開頭和結尾,可包含小寫英文字母、數字和短劃線(-)。
en: Bucket names must be globally unique within the scope of OSS. The length is 3~63 characters. Must start and end with a lowercase English letter or number, and can contain lowercase English letters, numbers, and dashes (-).
AssociationProperty: AutoCompleteInput
AssociationPropertyMetadata:
Length: 6
Prefix: my-bucketname-
CharacterClasses:
- Class: lowercase
min: 1
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- false
AllowedPattern: ^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$
AccessControl:
Type: String
Label:
en: Access Control
zh-cn: 讀寫權限
Description:
en: Set the access permission of the bucket
zh-cn: 設定Bucket讀寫權限
Default: private
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- false
AllowedValues:
- private
- public-read
- public-read-write
Resources:
RamUser:
Type: ALIYUN::RAM::User
Properties:
UserName:
Ref: UserName
RamAK:
Type: ALIYUN::RAM::AccessKey
Properties:
UserName:
Fn::GetAtt:
- RamUser
- UserName
DependsOn: RamUser
MyBucket:
Condition: CreateInstance
Type: ALIYUN::OSS::Bucket
Properties:
AccessControl:
Ref: AccessControl
BucketName:
Ref: BucketName
Role:
Type: ALIYUN::RAM::Role
Properties:
RoleName:
Ref: RoleName
AssumeRolePolicyDocument:
Version: '1'
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
RAM:
- Fn::Sub: acs:ram::${ALIYUN::TenantId}:root
Policies:
- PolicyName:
Fn::Join:
- ''
- - Policy-
- Ref: ALIYUN::StackId
PolicyDocument:
Version: '1'
Statement:
- Effect: Allow
Action:
- oss:PutObject
Resource:
- Fn::Sub:
- acs:oss:*:*:${BucketName}/*
- BucketName:
Fn::If:
- CreateInstance
- Ref: BucketName
- Ref: ExistBucketName
Outputs:
AKSecret:
Value:
Fn::GetAtt:
- RamAK
- AccessKeySecret
AKId:
Value:
Fn::GetAtt:
- RamAK
- AccessKeyId
UserId:
Value:
Fn::GetAtt:
- RamUser
- UserId
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- SelectInstance
- ExistBucketName
- BucketName
- AccessControl
Label:
default: OSS
- Parameters:
- UserName
- RoleName
Label:
default: RAM
{
"ROSTemplateFormatVersion": "2015-09-01",
"Conditions": {
"CreateInstance": {
"Fn::Equals": [
{
"Ref": "SelectInstance"
},
false
]
}
},
"Parameters": {
"UserName": {
"Type": "String",
"Description": "自訂RAM使用者名稱稱",
"Label": {
"zh-cn": "RAM使用者名稱稱",
"en": "RAM User Name"
},
"Default": "test123123123"
},
"RoleName": {
"Type": "String",
"Description": "自訂RAM角色名稱",
"Label": {
"zh-cn": "RAM角色名稱",
"en": "RAM Rol Name"
},
"Default": "test123123123"
},
"SelectInstance": {
"Type": "Boolean",
"Label": {
"en": "Whether to select an existing Bucket",
"zh-cn": "是否選擇已有Bucket"
},
"Default": true
},
"ExistBucketName": {
"Type": "String",
"Label": {
"en": "Existing Bucket",
"zh-cn": "已有Bucket"
},
"AssociationProperty": "ALIYUN::OSS::Bucket::BucketName",
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
true
]
}
}
},
"Default": ""
},
"BucketName": {
"Type": "String",
"Label": {
"zh-cn": "建立儲存空間名稱",
"en": "NewBucketName"
},
"Description": {
"zh-cn": "Bucket 名稱在 OSS 範圍內必須全域唯一。長度為3~63個字元。必須以小寫英文字母或數字開頭和結尾,可包含小寫英文字母、數字和短劃線(-)。",
"en": "Bucket names must be globally unique within the scope of OSS. The length is 3~63 characters. Must start and end with a lowercase English letter or number, and can contain lowercase English letters, numbers, and dashes (-)."
},
"AssociationProperty": "AutoCompleteInput",
"AssociationPropertyMetadata": {
"Length": 6,
"Prefix": "my-bucketname-",
"CharacterClasses": [
{
"Class": "lowercase",
"min": 1
}
],
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
false
]
}
}
},
"AllowedPattern": "^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$"
},
"AccessControl": {
"Type": "String",
"Label": {
"en": "Access Control",
"zh-cn": "讀寫權限"
},
"Description": {
"en": "Set the access permission of the bucket",
"zh-cn": "設定Bucket讀寫權限"
},
"Default": "private",
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
false
]
}
}
},
"AllowedValues": [
"private",
"public-read",
"public-read-write"
]
}
},
"Resources": {
"RamUser": {
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": {
"Ref": "UserName"
}
}
},
"RamAK": {
"Type": "ALIYUN::RAM::AccessKey",
"Properties": {
"UserName": {
"Fn::GetAtt": [
"RamUser",
"UserName"
]
}
},
"DependsOn": "RamUser"
},
"MyBucket": {
"Condition": "CreateInstance",
"Type": "ALIYUN::OSS::Bucket",
"Properties": {
"AccessControl": {
"Ref": "AccessControl"
},
"BucketName": {
"Ref": "BucketName"
}
}
},
"Role": {
"Type": "ALIYUN::RAM::Role",
"Properties": {
"RoleName": {
"Ref": "RoleName"
},
"AssumeRolePolicyDocument": {
"Version": "1",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"RAM": [
{
"Fn::Sub": "acs:ram::${ALIYUN::TenantId}:root"
}
]
}
}
]
},
"Policies": [
{
"PolicyName": {
"Fn::Join": [
"",
[
"Policy-",
{
"Ref": "ALIYUN::StackId"
}
]
]
},
"PolicyDocument": {
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:PutObject"
],
"Resource": [
{
"Fn::Sub": [
"acs:oss:*:*:${BucketName}/*",
{
"BucketName": {
"Fn::If": [
"CreateInstance",
{
"Ref": "BucketName"
},
{
"Ref": "ExistBucketName"
}
]
}
}
]
}
]
}
]
}
}
]
}
}
},
"Outputs": {
"AKSecret": {
"Value": {
"Fn::GetAtt": [
"RamAK",
"AccessKeySecret"
]
}
},
"AKId": {
"Value": {
"Fn::GetAtt": [
"RamAK",
"AccessKeyId"
]
}
},
"UserId": {
"Value": {
"Fn::GetAtt": [
"RamUser",
"UserId"
]
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Parameters": [
"SelectInstance",
"ExistBucketName",
"BucketName",
"AccessControl"
],
"Label": {
"default": "OSS"
}
},
{
"Parameters": [
"UserName",
"RoleName"
],
"Label": {
"default": "RAM"
}
}
]
}
}
}情境 4 :建立具有不同策略的使用者組的使用者。
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 建立子賬戶,分配至使用者組與Administrator 群組,啟用登入,產生存取金鑰,附帶讀取ECS和OSS權限原則。
en: Create sub-accounts, allocate them to user groups and administrator groups, enable login functionality, generate access keys, and attach read-only policies for Elastic Compute Service (ECS) and Object Storage Service (OSS).
Parameters:
GroupName1:
Type: String
Label:
en: Group 1 Name
zh-cn: 使用者組1的名稱
Description:
en: The name of user group 1, <br>Specifies the group name, containing up to 64 characters,English letters, Numbers, or '-' are allowed.
zh-cn: 使用者組1的名稱,指定最多包含64個字元、英文字母、數字或“-”的組名。
ConstraintDescription:
en: No more than 64 characters,English letters, Numbers, or '-' are allowed.
zh-cn: 不得超過 64 個字元、英文字母、數字或'-'。
Default: UserGroup
AllowedPattern: ^[a-zA-Z0-9\-]+$
MinLength: 1
MaxLength: 64
GroupName2:
Type: String
Label:
en: Group 2 Name
zh-cn: 使用者組2的名稱
Description:
en: The name of user group 2, <br>Specifies the group name, containing up to 64 characters,English letters, Numbers, or '-' are allowed.
zh-cn: 使用者組2的名稱,指定最多包含64個字元、英文字母、數字或“-”的組名。
ConstraintDescription:
en: No more than 64 characters,English letters, Numbers, or '-' are allowed.
zh-cn: 不得超過 64 個字元、英文字母、數字或'-'。
Default: AdminGroup
AllowedPattern: ^[a-zA-Z0-9\-]+$
MinLength: 1
MaxLength: 64
UserName:
Type: String
Label:
en: User Name
zh-cn: 使用者名稱稱
Description:
en: The user name cannot already exist,<br>Contains english letters, numbers,'.' , '_' or '-', not more than 64 characters.
zh-cn: 不能是已經存在的使用者名稱,<br>使用者名稱可包含英文字母,數字,'.', '_'或'-',不超過64個字元。
ConstraintDescription:
en: No more than 64 characters,English letters, Numbers, or '-' are allowed.
zh-cn: 不得超過 64 個字元、英文字母、數字或'-'。
Default: test-user
AllowedPattern: '[a-zA-Z0-9\.\-\_]+$'
MinLength: 1
MaxLength: 64
UserPassword:
Type: String
Label:
en: User Password
zh-cn: 使用者密碼
Description:
en: Specify a password, which must meet the password strength requirements;<br>About password strength policy, Please refer to the <a href='https://www.alibabacloud.com/help/document_detail/28740.html' target='_blank'><b><font color='blue'>GetPasswordPolicy</font></b><font color='blue'></a>.
zh-cn: 指定密碼,必須滿足密碼強度要求;關於密碼強度策略,請參閱<a href='https://www.alibabacloud.com/help/document_detail/28740.html' target='_blank'><b><font color='blue'>GetPasswordPolicy</font></b><font color='blue'></a>。
NoEcho: true
Resources:
RamGroup1:
Type: ALIYUN::RAM::Group
Properties:
GroupName:
Ref: GroupName1
RamGroup2:
Type: ALIYUN::RAM::Group
Properties:
GroupName:
Ref: GroupName2
RamUser:
Type: ALIYUN::RAM::User
Properties:
Groups:
- Ref: RamGroup1
- Ref: RamGroup2
LoginProfile:
Password:
Ref: UserPassword
PasswordResetRequired: false
UserName:
Ref: UserName
RamAK:
Type: ALIYUN::RAM::AccessKey
Properties:
UserName:
Fn::GetAtt:
- RamUser
- UserName
RamManagedPolicy1:
Type: ALIYUN::RAM::ManagedPolicy
Properties:
Groups:
- Ref: RamGroup1
PolicyDocument:
Statement:
- Action:
- ecs:Describe*
Effect: Allow
Resource:
- '*'
- Action:
- ecs:List*
Effect: Allow
Resource:
- '*'
- Action:
- vpc:DescribeVpcs
- vpc:DescribeVSwitches
Effect: Allow
Resource:
- '*'
Version: '1'
PolicyName:
Fn::Join:
- '-'
- - ECSReadOnly
- StackId
- Ref: ALIYUN::StackId
RamManagedPolicy2:
Type: ALIYUN::RAM::ManagedPolicy
Properties:
Groups:
- Ref: RamGroup2
PolicyDocument:
Statement:
- Action:
- oss:*
Effect: Allow
Resource:
- '*'
Version: '1'
PolicyName:
Fn::Join:
- '-'
- - OSSReadOnly
- StackId
- Ref: ALIYUN::StackId
Outputs:
RamAccessKeyId:
Value:
Fn::GetAtt:
- RamAK
- AccessKeyId
RamUserId:
Value:
Fn::GetAtt:
- RamUser
- UserId
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- GroupName1
- GroupName2
- UserName
- UserPassword
Label:
default: RAM
TemplateTags:
- acs:example:彈性計算:建立具有不同策略的使用者組的使用者
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"zh-cn": "建立子賬戶,分配至使用者組與Administrator 群組,啟用登入,產生存取金鑰,附帶讀取ECS和OSS權限原則。",
"en": "Create sub-accounts, allocate them to user groups and administrator groups, enable login functionality, generate access keys, and attach read-only policies for Elastic Compute Service (ECS) and Object Storage Service (OSS)."
},
"Parameters": {
"GroupName1": {
"Type": "String",
"Label": {
"en": "Group 1 Name",
"zh-cn": "使用者組1的名稱"
},
"Description": {
"en": "The name of user group 1, <br>Specifies the group name, containing up to 64 characters,English letters, Numbers, or '-' are allowed.",
"zh-cn": "使用者組1的名稱,指定最多包含64個字元、英文字母、數字或“-”的組名。"
},
"ConstraintDescription": {
"en": "No more than 64 characters,English letters, Numbers, or '-' are allowed.",
"zh-cn": "不得超過 64 個字元、英文字母、數字或'-'。"
},
"Default": "UserGroup",
"AllowedPattern": "^[a-zA-Z0-9\\-]+$",
"MinLength": 1,
"MaxLength": 64
},
"GroupName2": {
"Type": "String",
"Label": {
"en": "Group 2 Name",
"zh-cn": "使用者組2的名稱"
},
"Description": {
"en": "The name of user group 2, <br>Specifies the group name, containing up to 64 characters,English letters, Numbers, or '-' are allowed.",
"zh-cn": "使用者組2的名稱,指定最多包含64個字元、英文字母、數字或“-”的組名。"
},
"ConstraintDescription": {
"en": "No more than 64 characters,English letters, Numbers, or '-' are allowed.",
"zh-cn": "不得超過 64 個字元、英文字母、數字或'-'。"
},
"Default": "AdminGroup",
"AllowedPattern": "^[a-zA-Z0-9\\-]+$",
"MinLength": 1,
"MaxLength": 64
},
"UserName": {
"Type": "String",
"Label": {
"en": "User Name",
"zh-cn": "使用者名稱稱"
},
"Description": {
"en": "The user name cannot already exist,<br>Contains english letters, numbers,'.' , '_' or '-', not more than 64 characters.",
"zh-cn": "不能是已經存在的使用者名稱,<br>使用者名稱可包含英文字母,數字,'.', '_'或'-',不超過64個字元。"
},
"ConstraintDescription": {
"en": "No more than 64 characters,English letters, Numbers, or '-' are allowed.",
"zh-cn": "不得超過 64 個字元、英文字母、數字或'-'。"
},
"Default": "test-user",
"AllowedPattern": "[a-zA-Z0-9\\.\\-\\_]+$",
"MinLength": 1,
"MaxLength": 64
},
"UserPassword": {
"Type": "String",
"Label": {
"en": "User Password",
"zh-cn": "使用者密碼"
},
"Description": {
"en": "Specify a password, which must meet the password strength requirements;<br>About password strength policy, Please refer to the <a href='https://www.alibabacloud.com/help/document_detail/28740.html' target='_blank'><b><font color='blue'>GetPasswordPolicy</font></b><font color='blue'></a>.",
"zh-cn": "指定密碼,必須滿足密碼強度要求;關於密碼強度策略,請參閱<a href='https://www.alibabacloud.com/help/document_detail/28740.html' target='_blank'><b><font color='blue'>GetPasswordPolicy</font></b><font color='blue'></a>。"
},
"NoEcho": true
}
},
"Resources": {
"RamGroup1": {
"Type": "ALIYUN::RAM::Group",
"Properties": {
"GroupName": {
"Ref": "GroupName1"
}
}
},
"RamGroup2": {
"Type": "ALIYUN::RAM::Group",
"Properties": {
"GroupName": {
"Ref": "GroupName2"
}
}
},
"RamUser": {
"Type": "ALIYUN::RAM::User",
"Properties": {
"Groups": [
{
"Ref": "RamGroup1"
},
{
"Ref": "RamGroup2"
}
],
"LoginProfile": {
"Password": {
"Ref": "UserPassword"
},
"PasswordResetRequired": false
},
"UserName": {
"Ref": "UserName"
}
}
},
"RamAK": {
"Type": "ALIYUN::RAM::AccessKey",
"Properties": {
"UserName": {
"Fn::GetAtt": [
"RamUser",
"UserName"
]
}
}
},
"RamManagedPolicy1": {
"Type": "ALIYUN::RAM::ManagedPolicy",
"Properties": {
"Groups": [
{
"Ref": "RamGroup1"
}
],
"PolicyDocument": {
"Statement": [
{
"Action": [
"ecs:Describe*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ecs:List*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "1"
},
"PolicyName": {
"Fn::Join": [
"-",
[
"ECSReadOnly",
"StackId",
{
"Ref": "ALIYUN::StackId"
}
]
]
}
}
},
"RamManagedPolicy2": {
"Type": "ALIYUN::RAM::ManagedPolicy",
"Properties": {
"Groups": [
{
"Ref": "RamGroup2"
}
],
"PolicyDocument": {
"Statement": [
{
"Action": [
"oss:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "1"
},
"PolicyName": {
"Fn::Join": [
"-",
[
"OSSReadOnly",
"StackId",
{
"Ref": "ALIYUN::StackId"
}
]
]
}
}
}
},
"Outputs": {
"RamAccessKeyId": {
"Value": {
"Fn::GetAtt": [
"RamAK",
"AccessKeyId"
]
}
},
"RamUserId": {
"Value": {
"Fn::GetAtt": [
"RamUser",
"UserId"
]
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Parameters": [
"GroupName1",
"GroupName2",
"UserName",
"UserPassword"
],
"Label": {
"default": "RAM"
}
}
],
"TemplateTags": [
"acs:example:彈性計算:建立具有不同策略的使用者組的使用者"
]
}
}
}更多樣本,請參考包含此資源的公用模板。