ALIYUN::RAM::User 类型用于创建RAM用户。

语法

{
  "Type": "ALIYUN::RAM::User",
  "Properties": {
    "UserName": String,
    "DisplayName": String,
    "LoginProfile": Map,
    "Groups": List,
    "MobilePhone": String,
    "Policies": List
  }
}

属性

属性名称 类型 必须 允许更新 描述 约束
UserName String 指定用户名称。 最长64个字符。
DisplayName String 指定用户的显示名。 最长12个字符。
LoginProfile Map 指定用户的登录配置。 详情请参见LoginProfile属性
Groups List 指定用户加入的组。
MobilePhone String 指定用户手机号码。
Policies List 指定适用用户的策略。 详情请参见Policies属性

LoginProfile语法

"LoginProfile": {
  "MFABindRequired": Boolean,
  "Password": String,
  "PasswordResetRequired": Boolean
}            

LoginProfile属性

属性名称 类型 必须 允许更新 描述 约束
MFABindRequired Boolean 指定用户在下次登录时是否必须绑定多因素认证器。
Password String 指定登录密码。 密码必须符合密码强度要求,长度为8~32个字符。
PasswordResetRequired Boolean 指定用户在登录时是否需要修改密码。

Policies语法

"Policies": [
  {
    "PolicyName": String,
    "PolicyDocument": {
      "Version": String,
      "Statement": [
        {
          "Effect": String,
          "Action": List,
          "Resource": List
        }
      ]
    }
  }
]            

Policies属性

属性名称 类型 必须 允许更新 描述 约束
PolicyName String 指定策略名称。 最长128个字符。
PolicyDocument Map 策略详细描述。
Version String 指定策略版本。
Statement List 指定策略具体的规则。
Action List 指定策略针对的具体操作。
Resource List 指定策略针对的具体资源。
Effect String 指定允许或拒绝对Resource中定义的资源进行Action定义的操作。

返回值

Fn::GetAtt

  • UserName:RAM用户名。
  • UserId:RAM用户ID。
  • CreateDate:RAM用户创建时间。
  • LastLoginDate:RAM用户最后登录时间。

示例

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "UserName": {
      "Type": "String",
      "Description": "Specifies the user name, containing up to 64 characters."
    },
    "Policies": {
      "Type": "Json",
      "Description": "Describes what actions are allowed on what resources."
    },
    "Groups": {
      "Type": "CommaDelimitedList",
      "Description": "A name of a group to which you want to add the user."
    },
    "DisplayName": {
      "Type": "String",
      "Description": "Display name, up to 12 characters or Chinese characters."
    },
    "LoginProfile": {
      "Type": "Json",
      "Description": "Creates a login profile for users so that they can access the AliCloud Management Console."
    },
    "MobilePhone": {
      "Type": "String",
      "Description": "Phone number of ram user."
    }
  },
  "Resources": {
    "User": {
      "Type": "ALIYUN::RAM::User",
      "Properties": {
        "UserName": {
          "Ref": "UserName"
        },
        "Policies": {
          "Ref": "Policies"
        },
        "Groups": {
          "Ref": "Groups"
        },
        "DisplayName": {
          "Ref": "DisplayName"
        },
        "LoginProfile": {
          "Ref": "LoginProfile"
        },
        "MobilePhone": {
          "Ref": "MobilePhone"
        }
      }
    }
  },
  "Outputs": {
    "UserName": {
      "Description": "Name of ram user.",
      "Value": {
        "Fn::GetAtt": [
          "User",
          "UserName"
        ]
      }
    },
    "UserId": {
      "Description": "Id of ram user.",
      "Value": {
        "Fn::GetAtt": [
          "User",
          "UserId"
        ]
      }
    },
    "LastLoginDate": {
      "Description": "Last login date of ram user.",
      "Value": {
        "Fn::GetAtt": [
          "User",
          "LastLoginDate"
        ]
      }
    },
    "CreateDate": {
      "Description": "Create date of ram user.",
      "Value": {
        "Fn::GetAtt": [
          "User",
          "CreateDate"
        ]
      }
    }
  }
}

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  UserName:
    Type: String
    Description: 'Specifies the user name, containing up to 64 characters.'
  Policies:
    Type: Json
    Description: Describes what actions are allowed on what resources.
  Groups:
    Type: CommaDelimitedList
    Description: A name of a group to which you want to add the user.
  DisplayName:
    Type: String
    Description: 'Display name, up to 12 characters or Chinese characters.'
  LoginProfile:
    Type: Json
    Description: >-
      Creates a login profile for users so that they can access the AliCloud
      Management Console.
  MobilePhone:
    Type: String
    Description: Phone number of ram user.
Resources:
  User:
    Type: 'ALIYUN::RAM::User'
    Properties:
      UserName:
        Ref: UserName
      Policies:
        Ref: Policies
      Groups:
        Ref: Groups
      DisplayName:
        Ref: DisplayName
      LoginProfile:
        Ref: LoginProfile
      MobilePhone:
        Ref: MobilePhone
Outputs:
  UserName:
    Description: Name of ram user.
    Value:
      'Fn::GetAtt':
        - User
        - UserName
  UserId:
    Description: Id of ram user.
    Value:
      'Fn::GetAtt':
        - User
        - UserId
  LastLoginDate:
    Description: Last login date of ram user.
    Value:
      'Fn::GetAtt':
        - User
        - LastLoginDate
  CreateDate:
    Description: Create date of ram user.
    Value:
      'Fn::GetAtt':
        - User
        - CreateDate