1. Packages
  2. Alibaba Cloud Provider
  3. API Docs
  4. ram
  5. Policy
Alibaba Cloud v3.66.0 published on Friday, Nov 15, 2024 by Pulumi

alicloud.ram.Policy

Explore with Pulumi AI

alicloud logo
Alibaba Cloud v3.66.0 published on Friday, Nov 15, 2024 by Pulumi

    Provides a RAM Policy resource.

    NOTE: When you want to destroy this resource forcefully(means remove all the relationships associated with it automatically and then destroy it) without set force with true at beginning, you need add force = true to configuration file and run pulumi preview, then you can delete resource forcefully.

    NOTE: Each policy can own at most 5 versions and the oldest version will be removed after its version achieves 5.

    NOTE: If the policy has multiple versions, all non-default versions will be deleted first when deleting policy.

    NOTE: Available since v1.0.0+.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as alicloud from "@pulumi/alicloud";
    import * as random from "@pulumi/random";
    
    // Create a new RAM Policy.
    const _default = new random.index.Integer("default", {
        min: 10000,
        max: 99999,
    });
    const policy = new alicloud.ram.Policy("policy", {
        policyName: `tf-example-${_default.result}`,
        policyDocument: `  {
        "Statement": [
          {
            "Action": [
              "oss:ListObjects",
              "oss:GetObject"
            ],
            "Effect": "Allow",
            "Resource": [
              "acs:oss:*:*:mybucket",
              "acs:oss:*:*:mybucket/*"
            ]
          }
        ],
          "Version": "1"
      }
    `,
        description: "this is a policy test",
    });
    
    import pulumi
    import pulumi_alicloud as alicloud
    import pulumi_random as random
    
    # Create a new RAM Policy.
    default = random.index.Integer("default",
        min=10000,
        max=99999)
    policy = alicloud.ram.Policy("policy",
        policy_name=f"tf-example-{default['result']}",
        policy_document="""  {
        "Statement": [
          {
            "Action": [
              "oss:ListObjects",
              "oss:GetObject"
            ],
            "Effect": "Allow",
            "Resource": [
              "acs:oss:*:*:mybucket",
              "acs:oss:*:*:mybucket/*"
            ]
          }
        ],
          "Version": "1"
      }
    """,
        description="this is a policy test")
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ram"
    	"github.com/pulumi/pulumi-random/sdk/v4/go/random"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// Create a new RAM Policy.
    		_, err := random.NewInteger(ctx, "default", &random.IntegerArgs{
    			Min: 10000,
    			Max: 99999,
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ram.NewPolicy(ctx, "policy", &ram.PolicyArgs{
    			PolicyName: pulumi.Sprintf("tf-example-%v", _default.Result),
    			PolicyDocument: pulumi.String(`  {
        "Statement": [
          {
            "Action": [
              "oss:ListObjects",
              "oss:GetObject"
            ],
            "Effect": "Allow",
            "Resource": [
              "acs:oss:*:*:mybucket",
              "acs:oss:*:*:mybucket/*"
            ]
          }
        ],
          "Version": "1"
      }
    `),
    			Description: pulumi.String("this is a policy test"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AliCloud = Pulumi.AliCloud;
    using Random = Pulumi.Random;
    
    return await Deployment.RunAsync(() => 
    {
        // Create a new RAM Policy.
        var @default = new Random.Index.Integer("default", new()
        {
            Min = 10000,
            Max = 99999,
        });
    
        var policy = new AliCloud.Ram.Policy("policy", new()
        {
            PolicyName = $"tf-example-{@default.Result}",
            PolicyDocument = @"  {
        ""Statement"": [
          {
            ""Action"": [
              ""oss:ListObjects"",
              ""oss:GetObject""
            ],
            ""Effect"": ""Allow"",
            ""Resource"": [
              ""acs:oss:*:*:mybucket"",
              ""acs:oss:*:*:mybucket/*""
            ]
          }
        ],
          ""Version"": ""1""
      }
    ",
            Description = "this is a policy test",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.random.integer;
    import com.pulumi.random.IntegerArgs;
    import com.pulumi.alicloud.ram.Policy;
    import com.pulumi.alicloud.ram.PolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // Create a new RAM Policy.
            var default_ = new Integer("default", IntegerArgs.builder()
                .min(10000)
                .max(99999)
                .build());
    
            var policy = new Policy("policy", PolicyArgs.builder()
                .policyName(String.format("tf-example-%s", default_.result()))
                .policyDocument("""
      {
        "Statement": [
          {
            "Action": [
              "oss:ListObjects",
              "oss:GetObject"
            ],
            "Effect": "Allow",
            "Resource": [
              "acs:oss:*:*:mybucket",
              "acs:oss:*:*:mybucket/*"
            ]
          }
        ],
          "Version": "1"
      }
                """)
                .description("this is a policy test")
                .build());
    
        }
    }
    
    resources:
      # Create a new RAM Policy.
      default:
        type: random:integer
        properties:
          min: 10000
          max: 99999
      policy:
        type: alicloud:ram:Policy
        properties:
          policyName: tf-example-${default.result}
          policyDocument: |2
              {
                "Statement": [
                  {
                    "Action": [
                      "oss:ListObjects",
                      "oss:GetObject"
                    ],
                    "Effect": "Allow",
                    "Resource": [
                      "acs:oss:*:*:mybucket",
                      "acs:oss:*:*:mybucket/*"
                    ]
                  }
                ],
                  "Version": "1"
              }
          description: this is a policy test
    

    Create Policy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Policy(name: string, args?: PolicyArgs, opts?: CustomResourceOptions);
    @overload
    def Policy(resource_name: str,
               args: Optional[PolicyArgs] = None,
               opts: Optional[ResourceOptions] = None)
    
    @overload
    def Policy(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               description: Optional[str] = None,
               document: Optional[str] = None,
               force: Optional[bool] = None,
               name: Optional[str] = None,
               policy_document: Optional[str] = None,
               policy_name: Optional[str] = None,
               rotate_strategy: Optional[str] = None,
               statements: Optional[Sequence[PolicyStatementArgs]] = None,
               version: Optional[str] = None)
    func NewPolicy(ctx *Context, name string, args *PolicyArgs, opts ...ResourceOption) (*Policy, error)
    public Policy(string name, PolicyArgs? args = null, CustomResourceOptions? opts = null)
    public Policy(String name, PolicyArgs args)
    public Policy(String name, PolicyArgs args, CustomResourceOptions options)
    
    type: alicloud:ram:Policy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args PolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var examplepolicyResourceResourceFromRampolicy = new AliCloud.Ram.Policy("examplepolicyResourceResourceFromRampolicy", new()
    {
        Description = "string",
        Force = false,
        PolicyDocument = "string",
        PolicyName = "string",
        RotateStrategy = "string",
    });
    
    example, err := ram.NewPolicy(ctx, "examplepolicyResourceResourceFromRampolicy", &ram.PolicyArgs{
    	Description:    pulumi.String("string"),
    	Force:          pulumi.Bool(false),
    	PolicyDocument: pulumi.String("string"),
    	PolicyName:     pulumi.String("string"),
    	RotateStrategy: pulumi.String("string"),
    })
    
    var examplepolicyResourceResourceFromRampolicy = new Policy("examplepolicyResourceResourceFromRampolicy", PolicyArgs.builder()
        .description("string")
        .force(false)
        .policyDocument("string")
        .policyName("string")
        .rotateStrategy("string")
        .build());
    
    examplepolicy_resource_resource_from_rampolicy = alicloud.ram.Policy("examplepolicyResourceResourceFromRampolicy",
        description="string",
        force=False,
        policy_document="string",
        policy_name="string",
        rotate_strategy="string")
    
    const examplepolicyResourceResourceFromRampolicy = new alicloud.ram.Policy("examplepolicyResourceResourceFromRampolicy", {
        description: "string",
        force: false,
        policyDocument: "string",
        policyName: "string",
        rotateStrategy: "string",
    });
    
    type: alicloud:ram:Policy
    properties:
        description: string
        force: false
        policyDocument: string
        policyName: string
        rotateStrategy: string
    

    Policy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Policy resource accepts the following input properties:

    Description string
    Description of the RAM policy. This name can have a string of 1 to 1024 characters.
    Document string
    It has been deprecated since provider version 1.114.0 and policy_document instead.

    Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

    Force bool
    This parameter is used for resource destroy. Default value is false.
    Name string
    It has been deprecated since provider version 1.114.0 and policy_name instead.

    Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

    PolicyDocument string
    Document of the RAM policy. It is required when the statement is not specified.
    PolicyName string
    Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
    RotateStrategy string
    The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values: None, DeleteOldestNonDefaultVersionWhenLimitExceeded. Default to None.
    Statements List<Pulumi.AliCloud.Ram.Inputs.PolicyStatement>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the document is not specified. See statement below.

    Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

    Version string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is 1. Default value is 1.

    Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    Description string
    Description of the RAM policy. This name can have a string of 1 to 1024 characters.
    Document string
    It has been deprecated since provider version 1.114.0 and policy_document instead.

    Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

    Force bool
    This parameter is used for resource destroy. Default value is false.
    Name string
    It has been deprecated since provider version 1.114.0 and policy_name instead.

    Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

    PolicyDocument string
    Document of the RAM policy. It is required when the statement is not specified.
    PolicyName string
    Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
    RotateStrategy string
    The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values: None, DeleteOldestNonDefaultVersionWhenLimitExceeded. Default to None.
    Statements []PolicyStatementArgs
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the document is not specified. See statement below.

    Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

    Version string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is 1. Default value is 1.

    Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    description String
    Description of the RAM policy. This name can have a string of 1 to 1024 characters.
    document String
    It has been deprecated since provider version 1.114.0 and policy_document instead.

    Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

    force Boolean
    This parameter is used for resource destroy. Default value is false.
    name String
    It has been deprecated since provider version 1.114.0 and policy_name instead.

    Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

    policyDocument String
    Document of the RAM policy. It is required when the statement is not specified.
    policyName String
    Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
    rotateStrategy String
    The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values: None, DeleteOldestNonDefaultVersionWhenLimitExceeded. Default to None.
    statements List<PolicyStatement>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the document is not specified. See statement below.

    Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

    version String
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is 1. Default value is 1.

    Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    description string
    Description of the RAM policy. This name can have a string of 1 to 1024 characters.
    document string
    It has been deprecated since provider version 1.114.0 and policy_document instead.

    Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

    force boolean
    This parameter is used for resource destroy. Default value is false.
    name string
    It has been deprecated since provider version 1.114.0 and policy_name instead.

    Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

    policyDocument string
    Document of the RAM policy. It is required when the statement is not specified.
    policyName string
    Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
    rotateStrategy string
    The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values: None, DeleteOldestNonDefaultVersionWhenLimitExceeded. Default to None.
    statements PolicyStatement[]
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the document is not specified. See statement below.

    Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

    version string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is 1. Default value is 1.

    Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    description str
    Description of the RAM policy. This name can have a string of 1 to 1024 characters.
    document str
    It has been deprecated since provider version 1.114.0 and policy_document instead.

    Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

    force bool
    This parameter is used for resource destroy. Default value is false.
    name str
    It has been deprecated since provider version 1.114.0 and policy_name instead.

    Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

    policy_document str
    Document of the RAM policy. It is required when the statement is not specified.
    policy_name str
    Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
    rotate_strategy str
    The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values: None, DeleteOldestNonDefaultVersionWhenLimitExceeded. Default to None.
    statements Sequence[PolicyStatementArgs]
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the document is not specified. See statement below.

    Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

    version str
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is 1. Default value is 1.

    Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    description String
    Description of the RAM policy. This name can have a string of 1 to 1024 characters.
    document String
    It has been deprecated since provider version 1.114.0 and policy_document instead.

    Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

    force Boolean
    This parameter is used for resource destroy. Default value is false.
    name String
    It has been deprecated since provider version 1.114.0 and policy_name instead.

    Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

    policyDocument String
    Document of the RAM policy. It is required when the statement is not specified.
    policyName String
    Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
    rotateStrategy String
    The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values: None, DeleteOldestNonDefaultVersionWhenLimitExceeded. Default to None.
    statements List<Property Map>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the document is not specified. See statement below.

    Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

    version String
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is 1. Default value is 1.

    Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:

    AttachmentCount int
    The policy attachment count.
    DefaultVersion string
    The default version of policy.
    Id string
    The provider-assigned unique ID for this managed resource.
    Type string
    The policy type.
    VersionId string
    The ID of default version policy.
    AttachmentCount int
    The policy attachment count.
    DefaultVersion string
    The default version of policy.
    Id string
    The provider-assigned unique ID for this managed resource.
    Type string
    The policy type.
    VersionId string
    The ID of default version policy.
    attachmentCount Integer
    The policy attachment count.
    defaultVersion String
    The default version of policy.
    id String
    The provider-assigned unique ID for this managed resource.
    type String
    The policy type.
    versionId String
    The ID of default version policy.
    attachmentCount number
    The policy attachment count.
    defaultVersion string
    The default version of policy.
    id string
    The provider-assigned unique ID for this managed resource.
    type string
    The policy type.
    versionId string
    The ID of default version policy.
    attachment_count int
    The policy attachment count.
    default_version str
    The default version of policy.
    id str
    The provider-assigned unique ID for this managed resource.
    type str
    The policy type.
    version_id str
    The ID of default version policy.
    attachmentCount Number
    The policy attachment count.
    defaultVersion String
    The default version of policy.
    id String
    The provider-assigned unique ID for this managed resource.
    type String
    The policy type.
    versionId String
    The ID of default version policy.

    Look up Existing Policy Resource

    Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            attachment_count: Optional[int] = None,
            default_version: Optional[str] = None,
            description: Optional[str] = None,
            document: Optional[str] = None,
            force: Optional[bool] = None,
            name: Optional[str] = None,
            policy_document: Optional[str] = None,
            policy_name: Optional[str] = None,
            rotate_strategy: Optional[str] = None,
            statements: Optional[Sequence[PolicyStatementArgs]] = None,
            type: Optional[str] = None,
            version: Optional[str] = None,
            version_id: Optional[str] = None) -> Policy
    func GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)
    public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)
    public static Policy get(String name, Output<String> id, PolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AttachmentCount int
    The policy attachment count.
    DefaultVersion string
    The default version of policy.
    Description string
    Description of the RAM policy. This name can have a string of 1 to 1024 characters.
    Document string
    It has been deprecated since provider version 1.114.0 and policy_document instead.

    Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

    Force bool
    This parameter is used for resource destroy. Default value is false.
    Name string
    It has been deprecated since provider version 1.114.0 and policy_name instead.

    Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

    PolicyDocument string
    Document of the RAM policy. It is required when the statement is not specified.
    PolicyName string
    Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
    RotateStrategy string
    The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values: None, DeleteOldestNonDefaultVersionWhenLimitExceeded. Default to None.
    Statements List<Pulumi.AliCloud.Ram.Inputs.PolicyStatement>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the document is not specified. See statement below.

    Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

    Type string
    The policy type.
    Version string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is 1. Default value is 1.

    Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    VersionId string
    The ID of default version policy.
    AttachmentCount int
    The policy attachment count.
    DefaultVersion string
    The default version of policy.
    Description string
    Description of the RAM policy. This name can have a string of 1 to 1024 characters.
    Document string
    It has been deprecated since provider version 1.114.0 and policy_document instead.

    Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

    Force bool
    This parameter is used for resource destroy. Default value is false.
    Name string
    It has been deprecated since provider version 1.114.0 and policy_name instead.

    Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

    PolicyDocument string
    Document of the RAM policy. It is required when the statement is not specified.
    PolicyName string
    Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
    RotateStrategy string
    The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values: None, DeleteOldestNonDefaultVersionWhenLimitExceeded. Default to None.
    Statements []PolicyStatementArgs
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the document is not specified. See statement below.

    Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

    Type string
    The policy type.
    Version string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is 1. Default value is 1.

    Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    VersionId string
    The ID of default version policy.
    attachmentCount Integer
    The policy attachment count.
    defaultVersion String
    The default version of policy.
    description String
    Description of the RAM policy. This name can have a string of 1 to 1024 characters.
    document String
    It has been deprecated since provider version 1.114.0 and policy_document instead.

    Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

    force Boolean
    This parameter is used for resource destroy. Default value is false.
    name String
    It has been deprecated since provider version 1.114.0 and policy_name instead.

    Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

    policyDocument String
    Document of the RAM policy. It is required when the statement is not specified.
    policyName String
    Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
    rotateStrategy String
    The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values: None, DeleteOldestNonDefaultVersionWhenLimitExceeded. Default to None.
    statements List<PolicyStatement>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the document is not specified. See statement below.

    Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

    type String
    The policy type.
    version String
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is 1. Default value is 1.

    Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    versionId String
    The ID of default version policy.
    attachmentCount number
    The policy attachment count.
    defaultVersion string
    The default version of policy.
    description string
    Description of the RAM policy. This name can have a string of 1 to 1024 characters.
    document string
    It has been deprecated since provider version 1.114.0 and policy_document instead.

    Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

    force boolean
    This parameter is used for resource destroy. Default value is false.
    name string
    It has been deprecated since provider version 1.114.0 and policy_name instead.

    Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

    policyDocument string
    Document of the RAM policy. It is required when the statement is not specified.
    policyName string
    Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
    rotateStrategy string
    The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values: None, DeleteOldestNonDefaultVersionWhenLimitExceeded. Default to None.
    statements PolicyStatement[]
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the document is not specified. See statement below.

    Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

    type string
    The policy type.
    version string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is 1. Default value is 1.

    Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    versionId string
    The ID of default version policy.
    attachment_count int
    The policy attachment count.
    default_version str
    The default version of policy.
    description str
    Description of the RAM policy. This name can have a string of 1 to 1024 characters.
    document str
    It has been deprecated since provider version 1.114.0 and policy_document instead.

    Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

    force bool
    This parameter is used for resource destroy. Default value is false.
    name str
    It has been deprecated since provider version 1.114.0 and policy_name instead.

    Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

    policy_document str
    Document of the RAM policy. It is required when the statement is not specified.
    policy_name str
    Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
    rotate_strategy str
    The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values: None, DeleteOldestNonDefaultVersionWhenLimitExceeded. Default to None.
    statements Sequence[PolicyStatementArgs]
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the document is not specified. See statement below.

    Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

    type str
    The policy type.
    version str
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is 1. Default value is 1.

    Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    version_id str
    The ID of default version policy.
    attachmentCount Number
    The policy attachment count.
    defaultVersion String
    The default version of policy.
    description String
    Description of the RAM policy. This name can have a string of 1 to 1024 characters.
    document String
    It has been deprecated since provider version 1.114.0 and policy_document instead.

    Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

    force Boolean
    This parameter is used for resource destroy. Default value is false.
    name String
    It has been deprecated since provider version 1.114.0 and policy_name instead.

    Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

    policyDocument String
    Document of the RAM policy. It is required when the statement is not specified.
    policyName String
    Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
    rotateStrategy String
    The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values: None, DeleteOldestNonDefaultVersionWhenLimitExceeded. Default to None.
    statements List<Property Map>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the document is not specified. See statement below.

    Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

    type String
    The policy type.
    version String
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is 1. Default value is 1.

    Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    versionId String
    The ID of default version policy.

    Supporting Types

    PolicyStatement, PolicyStatementArgs

    Actions List<string>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of operations for the resource. The format of each item in this list is ${service}:${action_name}, such as oss:ListBuckets and ecs:Describe*. The ${service} can be ecs, oss, ots and so on, the ${action_name} refers to the name of an api interface which related to the ${service}.
    Effect string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) This parameter indicates whether or not the action is allowed. Valid values are Allow and Deny.
    Resources List<string>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of specific objects which will be authorized. The format of each item in this list is acs:${service}:${region}:${account_id}:${relative_id}, such as acs:ecs:*:*:instance/inst-002 and acs:oss:*:1234567890000:mybucket. The ${service} can be ecs, oss, ots and so on, the ${region} is the region info which can use * replace when it is not supplied, the ${account_id} refers to someone's Alicloud account id or you can use * to replace, the ${relative_id} is the resource description section which related to the ${service}.
    Actions []string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of operations for the resource. The format of each item in this list is ${service}:${action_name}, such as oss:ListBuckets and ecs:Describe*. The ${service} can be ecs, oss, ots and so on, the ${action_name} refers to the name of an api interface which related to the ${service}.
    Effect string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) This parameter indicates whether or not the action is allowed. Valid values are Allow and Deny.
    Resources []string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of specific objects which will be authorized. The format of each item in this list is acs:${service}:${region}:${account_id}:${relative_id}, such as acs:ecs:*:*:instance/inst-002 and acs:oss:*:1234567890000:mybucket. The ${service} can be ecs, oss, ots and so on, the ${region} is the region info which can use * replace when it is not supplied, the ${account_id} refers to someone's Alicloud account id or you can use * to replace, the ${relative_id} is the resource description section which related to the ${service}.
    actions List<String>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of operations for the resource. The format of each item in this list is ${service}:${action_name}, such as oss:ListBuckets and ecs:Describe*. The ${service} can be ecs, oss, ots and so on, the ${action_name} refers to the name of an api interface which related to the ${service}.
    effect String
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) This parameter indicates whether or not the action is allowed. Valid values are Allow and Deny.
    resources List<String>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of specific objects which will be authorized. The format of each item in this list is acs:${service}:${region}:${account_id}:${relative_id}, such as acs:ecs:*:*:instance/inst-002 and acs:oss:*:1234567890000:mybucket. The ${service} can be ecs, oss, ots and so on, the ${region} is the region info which can use * replace when it is not supplied, the ${account_id} refers to someone's Alicloud account id or you can use * to replace, the ${relative_id} is the resource description section which related to the ${service}.
    actions string[]
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of operations for the resource. The format of each item in this list is ${service}:${action_name}, such as oss:ListBuckets and ecs:Describe*. The ${service} can be ecs, oss, ots and so on, the ${action_name} refers to the name of an api interface which related to the ${service}.
    effect string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) This parameter indicates whether or not the action is allowed. Valid values are Allow and Deny.
    resources string[]
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of specific objects which will be authorized. The format of each item in this list is acs:${service}:${region}:${account_id}:${relative_id}, such as acs:ecs:*:*:instance/inst-002 and acs:oss:*:1234567890000:mybucket. The ${service} can be ecs, oss, ots and so on, the ${region} is the region info which can use * replace when it is not supplied, the ${account_id} refers to someone's Alicloud account id or you can use * to replace, the ${relative_id} is the resource description section which related to the ${service}.
    actions Sequence[str]
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of operations for the resource. The format of each item in this list is ${service}:${action_name}, such as oss:ListBuckets and ecs:Describe*. The ${service} can be ecs, oss, ots and so on, the ${action_name} refers to the name of an api interface which related to the ${service}.
    effect str
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) This parameter indicates whether or not the action is allowed. Valid values are Allow and Deny.
    resources Sequence[str]
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of specific objects which will be authorized. The format of each item in this list is acs:${service}:${region}:${account_id}:${relative_id}, such as acs:ecs:*:*:instance/inst-002 and acs:oss:*:1234567890000:mybucket. The ${service} can be ecs, oss, ots and so on, the ${region} is the region info which can use * replace when it is not supplied, the ${account_id} refers to someone's Alicloud account id or you can use * to replace, the ${relative_id} is the resource description section which related to the ${service}.
    actions List<String>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of operations for the resource. The format of each item in this list is ${service}:${action_name}, such as oss:ListBuckets and ecs:Describe*. The ${service} can be ecs, oss, ots and so on, the ${action_name} refers to the name of an api interface which related to the ${service}.
    effect String
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) This parameter indicates whether or not the action is allowed. Valid values are Allow and Deny.
    resources List<String>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of specific objects which will be authorized. The format of each item in this list is acs:${service}:${region}:${account_id}:${relative_id}, such as acs:ecs:*:*:instance/inst-002 and acs:oss:*:1234567890000:mybucket. The ${service} can be ecs, oss, ots and so on, the ${region} is the region info which can use * replace when it is not supplied, the ${account_id} refers to someone's Alicloud account id or you can use * to replace, the ${relative_id} is the resource description section which related to the ${service}.

    Import

    RAM policy can be imported using the id or name, e.g.

    $ pulumi import alicloud:ram/policy:Policy example my-policy
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Alibaba Cloud pulumi/pulumi-alicloud
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the alicloud Terraform Provider.
    alicloud logo
    Alibaba Cloud v3.66.0 published on Friday, Nov 15, 2024 by Pulumi