alicloud.ram.Policy
Explore with Pulumi AI
Provides a RAM Policy resource.
NOTE: When you want to destroy this resource forcefully(means remove all the relationships associated with it automatically and then destroy it) without set
force
withtrue
at beginning, you need addforce = true
to configuration file and runpulumi preview
, then you can delete resource forcefully.
NOTE: Each policy can own at most 5 versions and the oldest version will be removed after its version achieves 5.
NOTE: If the policy has multiple versions, all non-default versions will be deleted first when deleting policy.
NOTE: Available since v1.0.0+.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
import * as random from "@pulumi/random";
// Create a new RAM Policy.
const _default = new random.index.Integer("default", {
min: 10000,
max: 99999,
});
const policy = new alicloud.ram.Policy("policy", {
policyName: `tf-example-${_default.result}`,
policyDocument: ` {
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:GetObject"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:mybucket",
"acs:oss:*:*:mybucket/*"
]
}
],
"Version": "1"
}
`,
description: "this is a policy test",
});
import pulumi
import pulumi_alicloud as alicloud
import pulumi_random as random
# Create a new RAM Policy.
default = random.index.Integer("default",
min=10000,
max=99999)
policy = alicloud.ram.Policy("policy",
policy_name=f"tf-example-{default['result']}",
policy_document=""" {
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:GetObject"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:mybucket",
"acs:oss:*:*:mybucket/*"
]
}
],
"Version": "1"
}
""",
description="this is a policy test")
package main
import (
"fmt"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ram"
"github.com/pulumi/pulumi-random/sdk/v4/go/random"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Create a new RAM Policy.
_, err := random.NewInteger(ctx, "default", &random.IntegerArgs{
Min: 10000,
Max: 99999,
})
if err != nil {
return err
}
_, err = ram.NewPolicy(ctx, "policy", &ram.PolicyArgs{
PolicyName: pulumi.Sprintf("tf-example-%v", _default.Result),
PolicyDocument: pulumi.String(` {
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:GetObject"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:mybucket",
"acs:oss:*:*:mybucket/*"
]
}
],
"Version": "1"
}
`),
Description: pulumi.String("this is a policy test"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
using Random = Pulumi.Random;
return await Deployment.RunAsync(() =>
{
// Create a new RAM Policy.
var @default = new Random.Index.Integer("default", new()
{
Min = 10000,
Max = 99999,
});
var policy = new AliCloud.Ram.Policy("policy", new()
{
PolicyName = $"tf-example-{@default.Result}",
PolicyDocument = @" {
""Statement"": [
{
""Action"": [
""oss:ListObjects"",
""oss:GetObject""
],
""Effect"": ""Allow"",
""Resource"": [
""acs:oss:*:*:mybucket"",
""acs:oss:*:*:mybucket/*""
]
}
],
""Version"": ""1""
}
",
Description = "this is a policy test",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.random.integer;
import com.pulumi.random.IntegerArgs;
import com.pulumi.alicloud.ram.Policy;
import com.pulumi.alicloud.ram.PolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Create a new RAM Policy.
var default_ = new Integer("default", IntegerArgs.builder()
.min(10000)
.max(99999)
.build());
var policy = new Policy("policy", PolicyArgs.builder()
.policyName(String.format("tf-example-%s", default_.result()))
.policyDocument("""
{
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:GetObject"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:mybucket",
"acs:oss:*:*:mybucket/*"
]
}
],
"Version": "1"
}
""")
.description("this is a policy test")
.build());
}
}
resources:
# Create a new RAM Policy.
default:
type: random:integer
properties:
min: 10000
max: 99999
policy:
type: alicloud:ram:Policy
properties:
policyName: tf-example-${default.result}
policyDocument: |2
{
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:GetObject"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:mybucket",
"acs:oss:*:*:mybucket/*"
]
}
],
"Version": "1"
}
description: this is a policy test
Create Policy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Policy(name: string, args?: PolicyArgs, opts?: CustomResourceOptions);
@overload
def Policy(resource_name: str,
args: Optional[PolicyArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Policy(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
document: Optional[str] = None,
force: Optional[bool] = None,
name: Optional[str] = None,
policy_document: Optional[str] = None,
policy_name: Optional[str] = None,
rotate_strategy: Optional[str] = None,
statements: Optional[Sequence[PolicyStatementArgs]] = None,
version: Optional[str] = None)
func NewPolicy(ctx *Context, name string, args *PolicyArgs, opts ...ResourceOption) (*Policy, error)
public Policy(string name, PolicyArgs? args = null, CustomResourceOptions? opts = null)
public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)
type: alicloud:ram:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var examplepolicyResourceResourceFromRampolicy = new AliCloud.Ram.Policy("examplepolicyResourceResourceFromRampolicy", new()
{
Description = "string",
Force = false,
PolicyDocument = "string",
PolicyName = "string",
RotateStrategy = "string",
});
example, err := ram.NewPolicy(ctx, "examplepolicyResourceResourceFromRampolicy", &ram.PolicyArgs{
Description: pulumi.String("string"),
Force: pulumi.Bool(false),
PolicyDocument: pulumi.String("string"),
PolicyName: pulumi.String("string"),
RotateStrategy: pulumi.String("string"),
})
var examplepolicyResourceResourceFromRampolicy = new Policy("examplepolicyResourceResourceFromRampolicy", PolicyArgs.builder()
.description("string")
.force(false)
.policyDocument("string")
.policyName("string")
.rotateStrategy("string")
.build());
examplepolicy_resource_resource_from_rampolicy = alicloud.ram.Policy("examplepolicyResourceResourceFromRampolicy",
description="string",
force=False,
policy_document="string",
policy_name="string",
rotate_strategy="string")
const examplepolicyResourceResourceFromRampolicy = new alicloud.ram.Policy("examplepolicyResourceResourceFromRampolicy", {
description: "string",
force: false,
policyDocument: "string",
policyName: "string",
rotateStrategy: "string",
});
type: alicloud:ram:Policy
properties:
description: string
force: false
policyDocument: string
policyName: string
rotateStrategy: string
Policy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Policy resource accepts the following input properties:
- Description string
- Description of the RAM policy. This name can have a string of 1 to 1024 characters.
- Document string
- It has been deprecated since provider version 1.114.0 and
policy_document
instead. - Force bool
- This parameter is used for resource destroy. Default value is
false
. - Name string
- It has been deprecated since provider version 1.114.0 and
policy_name
instead. - Policy
Document string - Document of the RAM policy. It is required when the
statement
is not specified. - Policy
Name string - Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
- Rotate
Strategy string - The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values:
None
,DeleteOldestNonDefaultVersionWhenLimitExceeded
. Default toNone
. - Statements
List<Pulumi.
Ali Cloud. Ram. Inputs. Policy Statement> - (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the
document
is not specified. Seestatement
below. - Version string
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is
1
. Default value is1
.
- Description string
- Description of the RAM policy. This name can have a string of 1 to 1024 characters.
- Document string
- It has been deprecated since provider version 1.114.0 and
policy_document
instead. - Force bool
- This parameter is used for resource destroy. Default value is
false
. - Name string
- It has been deprecated since provider version 1.114.0 and
policy_name
instead. - Policy
Document string - Document of the RAM policy. It is required when the
statement
is not specified. - Policy
Name string - Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
- Rotate
Strategy string - The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values:
None
,DeleteOldestNonDefaultVersionWhenLimitExceeded
. Default toNone
. - Statements
[]Policy
Statement Args - (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the
document
is not specified. Seestatement
below. - Version string
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is
1
. Default value is1
.
- description String
- Description of the RAM policy. This name can have a string of 1 to 1024 characters.
- document String
- It has been deprecated since provider version 1.114.0 and
policy_document
instead. - force Boolean
- This parameter is used for resource destroy. Default value is
false
. - name String
- It has been deprecated since provider version 1.114.0 and
policy_name
instead. - policy
Document String - Document of the RAM policy. It is required when the
statement
is not specified. - policy
Name String - Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
- rotate
Strategy String - The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values:
None
,DeleteOldestNonDefaultVersionWhenLimitExceeded
. Default toNone
. - statements
List<Policy
Statement> - (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the
document
is not specified. Seestatement
below. - version String
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is
1
. Default value is1
.
- description string
- Description of the RAM policy. This name can have a string of 1 to 1024 characters.
- document string
- It has been deprecated since provider version 1.114.0 and
policy_document
instead. - force boolean
- This parameter is used for resource destroy. Default value is
false
. - name string
- It has been deprecated since provider version 1.114.0 and
policy_name
instead. - policy
Document string - Document of the RAM policy. It is required when the
statement
is not specified. - policy
Name string - Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
- rotate
Strategy string - The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values:
None
,DeleteOldestNonDefaultVersionWhenLimitExceeded
. Default toNone
. - statements
Policy
Statement[] - (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the
document
is not specified. Seestatement
below. - version string
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is
1
. Default value is1
.
- description str
- Description of the RAM policy. This name can have a string of 1 to 1024 characters.
- document str
- It has been deprecated since provider version 1.114.0 and
policy_document
instead. - force bool
- This parameter is used for resource destroy. Default value is
false
. - name str
- It has been deprecated since provider version 1.114.0 and
policy_name
instead. - policy_
document str - Document of the RAM policy. It is required when the
statement
is not specified. - policy_
name str - Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
- rotate_
strategy str - The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values:
None
,DeleteOldestNonDefaultVersionWhenLimitExceeded
. Default toNone
. - statements
Sequence[Policy
Statement Args] - (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the
document
is not specified. Seestatement
below. - version str
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is
1
. Default value is1
.
- description String
- Description of the RAM policy. This name can have a string of 1 to 1024 characters.
- document String
- It has been deprecated since provider version 1.114.0 and
policy_document
instead. - force Boolean
- This parameter is used for resource destroy. Default value is
false
. - name String
- It has been deprecated since provider version 1.114.0 and
policy_name
instead. - policy
Document String - Document of the RAM policy. It is required when the
statement
is not specified. - policy
Name String - Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
- rotate
Strategy String - The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values:
None
,DeleteOldestNonDefaultVersionWhenLimitExceeded
. Default toNone
. - statements List<Property Map>
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the
document
is not specified. Seestatement
below. - version String
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is
1
. Default value is1
.
Outputs
All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:
- Attachment
Count int - The policy attachment count.
- Default
Version string - The default version of policy.
- Id string
- The provider-assigned unique ID for this managed resource.
- Type string
- The policy type.
- Version
Id string - The ID of default version policy.
- Attachment
Count int - The policy attachment count.
- Default
Version string - The default version of policy.
- Id string
- The provider-assigned unique ID for this managed resource.
- Type string
- The policy type.
- Version
Id string - The ID of default version policy.
- attachment
Count Integer - The policy attachment count.
- default
Version String - The default version of policy.
- id String
- The provider-assigned unique ID for this managed resource.
- type String
- The policy type.
- version
Id String - The ID of default version policy.
- attachment
Count number - The policy attachment count.
- default
Version string - The default version of policy.
- id string
- The provider-assigned unique ID for this managed resource.
- type string
- The policy type.
- version
Id string - The ID of default version policy.
- attachment_
count int - The policy attachment count.
- default_
version str - The default version of policy.
- id str
- The provider-assigned unique ID for this managed resource.
- type str
- The policy type.
- version_
id str - The ID of default version policy.
- attachment
Count Number - The policy attachment count.
- default
Version String - The default version of policy.
- id String
- The provider-assigned unique ID for this managed resource.
- type String
- The policy type.
- version
Id String - The ID of default version policy.
Look up Existing Policy Resource
Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
attachment_count: Optional[int] = None,
default_version: Optional[str] = None,
description: Optional[str] = None,
document: Optional[str] = None,
force: Optional[bool] = None,
name: Optional[str] = None,
policy_document: Optional[str] = None,
policy_name: Optional[str] = None,
rotate_strategy: Optional[str] = None,
statements: Optional[Sequence[PolicyStatementArgs]] = None,
type: Optional[str] = None,
version: Optional[str] = None,
version_id: Optional[str] = None) -> Policy
func GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)
public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)
public static Policy get(String name, Output<String> id, PolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Attachment
Count int - The policy attachment count.
- Default
Version string - The default version of policy.
- Description string
- Description of the RAM policy. This name can have a string of 1 to 1024 characters.
- Document string
- It has been deprecated since provider version 1.114.0 and
policy_document
instead. - Force bool
- This parameter is used for resource destroy. Default value is
false
. - Name string
- It has been deprecated since provider version 1.114.0 and
policy_name
instead. - Policy
Document string - Document of the RAM policy. It is required when the
statement
is not specified. - Policy
Name string - Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
- Rotate
Strategy string - The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values:
None
,DeleteOldestNonDefaultVersionWhenLimitExceeded
. Default toNone
. - Statements
List<Pulumi.
Ali Cloud. Ram. Inputs. Policy Statement> - (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the
document
is not specified. Seestatement
below. - Type string
- The policy type.
- Version string
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is
1
. Default value is1
. - Version
Id string - The ID of default version policy.
- Attachment
Count int - The policy attachment count.
- Default
Version string - The default version of policy.
- Description string
- Description of the RAM policy. This name can have a string of 1 to 1024 characters.
- Document string
- It has been deprecated since provider version 1.114.0 and
policy_document
instead. - Force bool
- This parameter is used for resource destroy. Default value is
false
. - Name string
- It has been deprecated since provider version 1.114.0 and
policy_name
instead. - Policy
Document string - Document of the RAM policy. It is required when the
statement
is not specified. - Policy
Name string - Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
- Rotate
Strategy string - The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values:
None
,DeleteOldestNonDefaultVersionWhenLimitExceeded
. Default toNone
. - Statements
[]Policy
Statement Args - (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the
document
is not specified. Seestatement
below. - Type string
- The policy type.
- Version string
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is
1
. Default value is1
. - Version
Id string - The ID of default version policy.
- attachment
Count Integer - The policy attachment count.
- default
Version String - The default version of policy.
- description String
- Description of the RAM policy. This name can have a string of 1 to 1024 characters.
- document String
- It has been deprecated since provider version 1.114.0 and
policy_document
instead. - force Boolean
- This parameter is used for resource destroy. Default value is
false
. - name String
- It has been deprecated since provider version 1.114.0 and
policy_name
instead. - policy
Document String - Document of the RAM policy. It is required when the
statement
is not specified. - policy
Name String - Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
- rotate
Strategy String - The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values:
None
,DeleteOldestNonDefaultVersionWhenLimitExceeded
. Default toNone
. - statements
List<Policy
Statement> - (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the
document
is not specified. Seestatement
below. - type String
- The policy type.
- version String
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is
1
. Default value is1
. - version
Id String - The ID of default version policy.
- attachment
Count number - The policy attachment count.
- default
Version string - The default version of policy.
- description string
- Description of the RAM policy. This name can have a string of 1 to 1024 characters.
- document string
- It has been deprecated since provider version 1.114.0 and
policy_document
instead. - force boolean
- This parameter is used for resource destroy. Default value is
false
. - name string
- It has been deprecated since provider version 1.114.0 and
policy_name
instead. - policy
Document string - Document of the RAM policy. It is required when the
statement
is not specified. - policy
Name string - Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
- rotate
Strategy string - The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values:
None
,DeleteOldestNonDefaultVersionWhenLimitExceeded
. Default toNone
. - statements
Policy
Statement[] - (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the
document
is not specified. Seestatement
below. - type string
- The policy type.
- version string
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is
1
. Default value is1
. - version
Id string - The ID of default version policy.
- attachment_
count int - The policy attachment count.
- default_
version str - The default version of policy.
- description str
- Description of the RAM policy. This name can have a string of 1 to 1024 characters.
- document str
- It has been deprecated since provider version 1.114.0 and
policy_document
instead. - force bool
- This parameter is used for resource destroy. Default value is
false
. - name str
- It has been deprecated since provider version 1.114.0 and
policy_name
instead. - policy_
document str - Document of the RAM policy. It is required when the
statement
is not specified. - policy_
name str - Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
- rotate_
strategy str - The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values:
None
,DeleteOldestNonDefaultVersionWhenLimitExceeded
. Default toNone
. - statements
Sequence[Policy
Statement Args] - (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the
document
is not specified. Seestatement
below. - type str
- The policy type.
- version str
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is
1
. Default value is1
. - version_
id str - The ID of default version policy.
- attachment
Count Number - The policy attachment count.
- default
Version String - The default version of policy.
- description String
- Description of the RAM policy. This name can have a string of 1 to 1024 characters.
- document String
- It has been deprecated since provider version 1.114.0 and
policy_document
instead. - force Boolean
- This parameter is used for resource destroy. Default value is
false
. - name String
- It has been deprecated since provider version 1.114.0 and
policy_name
instead. - policy
Document String - Document of the RAM policy. It is required when the
statement
is not specified. - policy
Name String - Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
- rotate
Strategy String - The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values:
None
,DeleteOldestNonDefaultVersionWhenLimitExceeded
. Default toNone
. - statements List<Property Map>
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the
document
is not specified. Seestatement
below. - type String
- The policy type.
- version String
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is
1
. Default value is1
. - version
Id String - The ID of default version policy.
Supporting Types
PolicyStatement, PolicyStatementArgs
- Actions List<string>
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of operations for the
resource
. The format of each item in this list is${service}:${action_name}
, such asoss:ListBuckets
andecs:Describe*
. The${service}
can beecs
,oss
,ots
and so on, the${action_name}
refers to the name of an api interface which related to the${service}
. - Effect string
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) This parameter indicates whether or not the
action
is allowed. Valid values areAllow
andDeny
. - Resources List<string>
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of specific objects which will be authorized. The format of each item in this list is
acs:${service}:${region}:${account_id}:${relative_id}
, such asacs:ecs:*:*:instance/inst-002
andacs:oss:*:1234567890000:mybucket
. The${service}
can beecs
,oss
,ots
and so on, the${region}
is the region info which can use*
replace when it is not supplied, the${account_id}
refers to someone's Alicloud account id or you can use*
to replace, the${relative_id}
is the resource description section which related to the${service}
.
- Actions []string
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of operations for the
resource
. The format of each item in this list is${service}:${action_name}
, such asoss:ListBuckets
andecs:Describe*
. The${service}
can beecs
,oss
,ots
and so on, the${action_name}
refers to the name of an api interface which related to the${service}
. - Effect string
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) This parameter indicates whether or not the
action
is allowed. Valid values areAllow
andDeny
. - Resources []string
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of specific objects which will be authorized. The format of each item in this list is
acs:${service}:${region}:${account_id}:${relative_id}
, such asacs:ecs:*:*:instance/inst-002
andacs:oss:*:1234567890000:mybucket
. The${service}
can beecs
,oss
,ots
and so on, the${region}
is the region info which can use*
replace when it is not supplied, the${account_id}
refers to someone's Alicloud account id or you can use*
to replace, the${relative_id}
is the resource description section which related to the${service}
.
- actions List<String>
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of operations for the
resource
. The format of each item in this list is${service}:${action_name}
, such asoss:ListBuckets
andecs:Describe*
. The${service}
can beecs
,oss
,ots
and so on, the${action_name}
refers to the name of an api interface which related to the${service}
. - effect String
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) This parameter indicates whether or not the
action
is allowed. Valid values areAllow
andDeny
. - resources List<String>
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of specific objects which will be authorized. The format of each item in this list is
acs:${service}:${region}:${account_id}:${relative_id}
, such asacs:ecs:*:*:instance/inst-002
andacs:oss:*:1234567890000:mybucket
. The${service}
can beecs
,oss
,ots
and so on, the${region}
is the region info which can use*
replace when it is not supplied, the${account_id}
refers to someone's Alicloud account id or you can use*
to replace, the${relative_id}
is the resource description section which related to the${service}
.
- actions string[]
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of operations for the
resource
. The format of each item in this list is${service}:${action_name}
, such asoss:ListBuckets
andecs:Describe*
. The${service}
can beecs
,oss
,ots
and so on, the${action_name}
refers to the name of an api interface which related to the${service}
. - effect string
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) This parameter indicates whether or not the
action
is allowed. Valid values areAllow
andDeny
. - resources string[]
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of specific objects which will be authorized. The format of each item in this list is
acs:${service}:${region}:${account_id}:${relative_id}
, such asacs:ecs:*:*:instance/inst-002
andacs:oss:*:1234567890000:mybucket
. The${service}
can beecs
,oss
,ots
and so on, the${region}
is the region info which can use*
replace when it is not supplied, the${account_id}
refers to someone's Alicloud account id or you can use*
to replace, the${relative_id}
is the resource description section which related to the${service}
.
- actions Sequence[str]
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of operations for the
resource
. The format of each item in this list is${service}:${action_name}
, such asoss:ListBuckets
andecs:Describe*
. The${service}
can beecs
,oss
,ots
and so on, the${action_name}
refers to the name of an api interface which related to the${service}
. - effect str
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) This parameter indicates whether or not the
action
is allowed. Valid values areAllow
andDeny
. - resources Sequence[str]
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of specific objects which will be authorized. The format of each item in this list is
acs:${service}:${region}:${account_id}:${relative_id}
, such asacs:ecs:*:*:instance/inst-002
andacs:oss:*:1234567890000:mybucket
. The${service}
can beecs
,oss
,ots
and so on, the${region}
is the region info which can use*
replace when it is not supplied, the${account_id}
refers to someone's Alicloud account id or you can use*
to replace, the${relative_id}
is the resource description section which related to the${service}
.
- actions List<String>
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of operations for the
resource
. The format of each item in this list is${service}:${action_name}
, such asoss:ListBuckets
andecs:Describe*
. The${service}
can beecs
,oss
,ots
and so on, the${action_name}
refers to the name of an api interface which related to the${service}
. - effect String
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) This parameter indicates whether or not the
action
is allowed. Valid values areAllow
andDeny
. - resources List<String>
- (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of specific objects which will be authorized. The format of each item in this list is
acs:${service}:${region}:${account_id}:${relative_id}
, such asacs:ecs:*:*:instance/inst-002
andacs:oss:*:1234567890000:mybucket
. The${service}
can beecs
,oss
,ots
and so on, the${region}
is the region info which can use*
replace when it is not supplied, the${account_id}
refers to someone's Alicloud account id or you can use*
to replace, the${relative_id}
is the resource description section which related to the${service}
.
Import
RAM policy can be imported using the id or name, e.g.
$ pulumi import alicloud:ram/policy:Policy example my-policy
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloud
Terraform Provider.