ALIYUN::ECS::RamRoleAttachment

ALIYUN::ECS::RamRoleAttachment类型用于为一台或多台ECS实例授予实例RAM角色。

语法

{
  "Type": "ALIYUN::ECS::RamRoleAttachment",
  "Properties": {
    "Policy": String,
    "RamRoleName": String,
    "InstanceIds": List
  }
}

属性

属性名称

类型

必须

允许更新

描述

约束

Policy

String

权限策略。

长度为1~1024个字符。为一台或多台ECS实例授予实例RAM角色时,可以指定一个额外的权限策略,以进一步限制RAM角色的权限。更多信息,请参见权限策略概览

RamRoleName

String

实例RAM角色名称。

您可以使用RAM API ListRoles查询您已创建的实例RAM角色。

InstanceIds

List

实例ID列表。

由多个实例ID组成一个JSON数组,最多支持100个ID。

返回值

Fn::GetAtt

  • RamRoleName:实例RAM角色的名称。

  • InstanceIds:实例ID列表。

示例

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  Policy:
    Type: String
    Description: |-
      When granting the instance RAM role to one or more ECS instances, you can specify an additional permission policy to further limit the permissions of the RAM role.
      The length is 1~1024 characters.
    MinLength: 1
    MaxLength: 1024
    Default:
      Statement:
        - Action:
            - '*'
          Effect: Allow
          Resource:
            - '*'
      Version: '1'
  RamRoleName:
    Type: String
    Description: The ram role name.
    Default: testRamRoleName
  InstanceIds:
    Type: Json
    Description: The instance id that needs to be granted the ram role.
    MinLength: 1
    MaxLength: 100
    Default:
      - i-***
      - i-***
Resources:
  RamRoleAttachment:
    Type: ALIYUN::ECS::RamRoleAttachment
    Properties:
      Policy:
        Ref: Policy
      RamRoleName:
        Ref: RamRoleName
      InstanceIds:
        Ref: InstanceIds
Outputs:
  RamRoleName:
    Description: The ram role name.
    Value:
      Fn::GetAtt:
        - RamRoleAttachment
        - RamRoleName
  InstanceIds:
    Description: The list of ecs instance id
    Value:
      Fn::GetAtt:
        - RamRoleAttachment
        - InstanceIds

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "Policy": {
      "Type": "String",
      "Description": "When granting the instance RAM role to one or more ECS instances, you can specify an additional permission policy to further limit the permissions of the RAM role.\nThe length is 1~1024 characters.",
      "MinLength": 1,
      "MaxLength": 1024,
      "Default": {"Statement": [{"Action": ["*"],"Effect": "Allow","Resource": ["*"]}],"Version":"1"}
    },
    "RamRoleName": {
      "Type": "String",
      "Description": "The ram role name.",
      "Default": "testRamRoleName"
    },
    "InstanceIds": {
      "Type": "Json",
      "Description": "The instance id that needs to be granted the ram role.",
      "MinLength": 1,
      "MaxLength": 100,
      "Default": ["i-***", "i-***"]
    }
  },
  "Resources": {
    "RamRoleAttachment": {
      "Type": "ALIYUN::ECS::RamRoleAttachment",
      "Properties": {
        "Policy": {
          "Ref": "Policy"
        },
        "RamRoleName": {
          "Ref": "RamRoleName"
        },
        "InstanceIds": {
          "Ref": "InstanceIds"
        }
      }
    }
  },
  "Outputs": {
    "RamRoleName": {
      "Description": "The ram role name.",
      "Value": {
        "Fn::GetAtt": [
          "RamRoleAttachment",
          "RamRoleName"
        ]
      }
    },
    "InstanceIds": {
      "Description": "The list of ecs instance id",
      "Value": {
        "Fn::GetAtt": [
          "RamRoleAttachment",
          "InstanceIds"
        ]
      }
    }
  }
}