ALIYUN::CloudSSO::PermissionPolicyToAccessConfigurationAddition

ALIYUN::CloudSSO::PermissionPolicyToAccessConfigurationAddition类型用于为访问配置添加权限策略。

语法

{
  "Type": "ALIYUN::CloudSSO::PermissionPolicyToAccessConfigurationAddition",
  "Properties": {
    "InlinePolicyDocument": Map,
    "DirectoryId": String,
    "PermissionPolicyName": String,
    "PermissionPolicyType": String,
    "AccessConfigurationId": String
  }
}

属性

属性名称

类型

必须

允许更新

描述

约束

AccessConfigurationId

String

访问配置ID。

DirectoryId

String

目录ID。

PermissionPolicyName

String

权限策略名称。

取值:

  • PermissionPolicyTypeSystem时,该参数为系统策略名称。由于复用的是RAM系统策略,请在RAM中获取系统策略名称。

  • PermissionPolicyTypeInline时,该参数为内置策略名称。您可以自定义该参数。长度最大为32个字符。

PermissionPolicyType

String

权限策略类型。

取值:

  • System:系统策略。复用RAM的系统策略。

  • Inline:内置策略。按照RAM权限策略语法和结构编写的自定义策略。

InlinePolicyDocument

Map

内置策略内容。

长度:最大4096个字符。

PermissionPolicyTypeInline时,该参数必须配置。关于权限策略的语法和结构,请参见权限策略语法和结构。示例值:

{"Statement": [{"Action": "*","Effect": "Allow","Resource": "*"}],"Version": "1"}

返回值

Fn::GetAtt

示例

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  AccessConfigurationId:
    Description:
      en: The ID of the access configuration.
    Required: true
    Type: String
  DirectoryId:
    Description:
      en: The ID of the directory.
    Required: true
    Type: String
  InlinePolicyDocument:
    Description:
      en: 'The configurations of the inline policy.

        The value can be up to 4,096 characters in length.

        If you set PermissionPolicyType to Inline, you must specify this parameter.'
    Required: false
    Type: Json
  PermissionPolicyName:
    Description:
      en: 'The name of the permission policy.

        - If you set PermissionPolicyType to System, you must set this parameter to
        the name of the system policy. You can obtain the name of the system policy
        from RAM.

        - If you set PermissionPolicyType to Inline, you must set this parameter to
        the name of the inline policy. A custom value is supported.'
    Required: true
    Type: String
  PermissionPolicyType:
    AllowedValues:
    - System
    - Inline
    Description:
      en: 'The type of the permission policy. Valid values:

        - System: system policy. Resource Access Management (RAM) system policies
        are reused.

        - Inline: inline policy. Inline policies are created based on the RAM policy
        syntax and structure.'
    Required: true
    Type: String
Resources:
  PermissionPolicy:
    Properties:
      AccessConfigurationId:
        Ref: AccessConfigurationId
      DirectoryId:
        Ref: DirectoryId
      InlinePolicyDocument:
        Ref: InlinePolicyDocument
      PermissionPolicyName:
        Ref: PermissionPolicyName
      PermissionPolicyType:
        Ref: PermissionPolicyType
    Type: ALIYUN::CloudSSO::PermissionPolicyToAccessConfigurationAddition
                        

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "InlinePolicyDocument": {
      "Type": "Json",
      "Description": {
        "en": "The configurations of the inline policy.\nThe value can be up to 4,096 characters in length.\nIf you set PermissionPolicyType to Inline, you must specify this parameter."
      },
      "Required": false
    },
    "DirectoryId": {
      "Type": "String",
      "Description": {
        "en": "The ID of the directory."
      },
      "Required": true
    },
    "PermissionPolicyName": {
      "Type": "String",
      "Description": {
        "en": "The name of the permission policy.\n- If you set PermissionPolicyType to System, you must set this parameter to the name of the system policy. You can obtain the name of the system policy from RAM.\n- If you set PermissionPolicyType to Inline, you must set this parameter to the name of the inline policy. A custom value is supported."
      },
      "Required": true
    },
    "PermissionPolicyType": {
      "Type": "String",
      "Description": {
        "en": "The type of the permission policy. Valid values:\n- System: system policy. Resource Access Management (RAM) system policies are reused.\n- Inline: inline policy. Inline policies are created based on the RAM policy syntax and structure."
      },
      "AllowedValues": [
        "System",
        "Inline"
      ],
      "Required": true
    },
    "AccessConfigurationId": {
      "Type": "String",
      "Description": {
        "en": "The ID of the access configuration."
      },
      "Required": true
    }
  },
  "Resources": {
    "PermissionPolicy": {
      "Type": "ALIYUN::CloudSSO::PermissionPolicyToAccessConfigurationAddition",
      "Properties": {
        "InlinePolicyDocument": {
          "Ref": "InlinePolicyDocument"
        },
        "DirectoryId": {
          "Ref": "DirectoryId"
        },
        "PermissionPolicyName": {
          "Ref": "PermissionPolicyName"
        },
        "PermissionPolicyType": {
          "Ref": "PermissionPolicyType"
        },
        "AccessConfigurationId": {
          "Ref": "AccessConfigurationId"
        }
      }
    }
  }
}