ALIYUN::RAM::Role类型用于创建RAM角色。
语法
{
"Type": "ALIYUN::RAM::Role",
"Properties": {
"RoleName": String,
"Description": String,
"AssumeRolePolicyDocument": Map,
"MaxSessionDuration": Integer,
"Policies": List,
"IgnoreExisting": Boolean,
"DeletionForce": Boolean,
"PolicyAttachments": Map
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
AssumeRolePolicyDocument | Map | 是 | 是 | 可以扮演此RAM角色的身份。 | 信任策略。指定允许扮演该 RAM 角色的一个或多个主体,这个主体可以是阿里云账号、阿里云服务或身份提供商。 |
RoleName | String | 是 | 否 | RAM角色名称。 | 长度为 1~64 个字符,可包含英文字母、数字、半角句号(.)和短划线(-)。 |
Description | String | 否 | 否 | RAM角色描述。 | 最大长度为1024个字符。 |
MaxSessionDuration | Integer | 否 | 是 | RAM角色最大会话时间。 | 取值范围:3600秒~43200秒。 默认值:3600秒。 |
Policies | List | 否 | 是 | 适用RAM角色的策略。 | 更多信息,请参见权限策略概览。 |
IgnoreExisting | Boolean | 否 | 否 | 是否忽略现有角色。 | 取值:
说明 如果角色不是由ROS创建的,在更新和删除阶段将被忽略。 |
DeletionForce | Boolean | 否 | 是 | 是否强制解除与角色关联的策略。 | 默认值为false。 |
PolicyAttachments | Map | 否 | 是 | 要添加的系统和自定义策略名称。 | 更多信息,请参见PolicyAttachments属性。 |
AssumeRolePolicyDocument语法
"AssumeRolePolicyDocument": {
"Version": String,
"Statement": List
}AssumeRolePolicyDocument属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Version | String | 是 | 否 | 策略版本。 | 无 |
Statement | List | 是 | 否 | 策略具体规则。 | 更多信息,请参见Statement属性。 |
Statement语法
"Statement": [
{
"Condition": Map,
"Action": String,
"Effect": String,
"Principal": Map
}
]Statement属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Condition | Map | 否 | 否 | 限制条件。 | 无 |
Action | String | 否 | 否 | 策略针对的具体操作。 | 无 |
Effect | String | 否 | 否 | 权限效力。 | 取值:
|
Principal | Map | 否 | 否 | 可信实体类型。 | 更多信息,请参见Principal属性。 |
Principal语法
"Principal": {
"Service": List,
"Federated": List,
"RAM": List
}Principal属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Service | List | 否 | 否 | 阿里云服务。 | 无 |
Federated | List | 否 | 否 | 身份提供商。 | 无 |
RAM | List | 否 | 否 | 阿里云账号。 | 无 |
Policies语法
"Policies": [
{
"Description": String,
"PolicyName": String,
"PolicyDocument": Map
}
]Policies属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Description | String | 否 | 否 | 描述。 | 长度为1~1024个字符。 |
PolicyName | String | 是 | 否 | 权限策略名称。 | 长度为1~128个字符,可包含英文字母、数字和短划线(-)。 |
PolicyDocument | Map | 是 | 是 | 权限策略内容。 | 最大长度为2048个字符。 更多信息,请参见PolicyDocument属性。 |
PolicyAttachments语法
"PolicyAttachments": {
"System": List,
"Custom": List
}PolicyAttachments属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Custom | List | 否 | 是 | 自定义策略名称列表。 | 策略数量小于等于5。 |
System | List | 否 | 是 | 系统策略名称列表。 | 策略数量小于等于20。 |
PolicyDocument语法
"PolicyDocument": {
"Version": String,
"Statement": List
}PolicyDocument属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Version | String | 是 | 否 | 权限策略版本。 | 无 |
Statement | List | 是 | 否 | 权限策略具体规则。 | 无 |
返回值
Fn::GetAtt
RoleId:角色ID。
RoleName:角色名称。
Arn:角色的资源描述符。
示例
场景 1 :创建RAM角色。
ROSTemplateFormatVersion: '2015-09-01'
Description: Test RAM Role
Parameters: {}
Resources:
Role:
Type: ALIYUN::RAM::Role
Properties:
RoleName: TestRole
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service:
- actiontrail.aliyuncs.com
Version: '1'
Outputs:
RoleId:
Description: Id of ram role.
Value:
Fn::GetAtt:
- Role
- RoleId
Arn:
Description: Name of alicloud resource.
Value:
Fn::GetAtt:
- Role
- Arn
RoleName:
Description: Name of ram role.
Value:
Fn::GetAtt:
- Role
- RoleName{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": "Test RAM Role",
"Parameters": {
},
"Resources": {
"Role": {
"Type": "ALIYUN::RAM::Role",
"Properties": {
"RoleName": "TestRole",
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": [
"actiontrail.aliyuncs.com"
]
}
}
],
"Version": "1"
}
}
}
},
"Outputs": {
"RoleId": {
"Description": "Id of ram role.",
"Value": {
"Fn::GetAtt": [
"Role",
"RoleId"
]
}
},
"Arn": {
"Description": "Name of alicloud resource.",
"Value": {
"Fn::GetAtt": [
"Role",
"Arn"
]
}
},
"RoleName": {
"Description": "Name of ram role.",
"Value": {
"Fn::GetAtt": [
"Role",
"RoleName"
]
}
}
}
}场景 2 : 创建RAM角色,并附加自定义策略,允许指定服务假设角色及定义策略操作。
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 创建RAM角色,附加自定义策略,允许指定服务假设角色及定义策略操作。
en: Create a RAM role, attach a custom policy allowing specified services to assume the role, and define policy operations.
Parameters:
RoleName:
Type: String
Label:
en: Role Name
zh-cn: 角色的名称
Description:
en: The name of role, Change the name if it already exists,<br>Consist of english letters, numbers or '-',not more than 64 characters.
zh-cn: 角色的名称,如果已经存在,请更改名称,<br>由英文字母、数字或'-'组成,不超过64个字符。
ConstraintDescription:
en: No more than 64 characters,English letters, Numbers, or '-' are allowed.
zh-cn: 不得超过 64 个字符、英文字母、数字或'-'。
Default: test-role
AllowedPattern: ^[a-zA-Z0-9\-]+$
MinLength: 1
MaxLength: 64
AssumeRolePrincipalServices:
Type: Json
Label:
en: Principal Services
zh-cn: 角色可信的服务
Description:
en: The specifies role-trusted services that can be added more than once.
zh-cn: 指定角色可信的服务,可以添加多个。
Default:
- ecs.aliyuncs.com
PolicyName:
Type: String
Label:
en: Policy Name
zh-cn: 策略名
Description:
en: The policy name, Change the name if it already exists,<br>Consist of english letters, numbers or '-', 5-128 characters.
zh-cn: 策略名,改变名称如果它已经存在,<br>由英文字母,数字或'-',5-128个字符组成。
ConstraintDescription:
en: Consist of english letters, numbers or '-',5-128 characters.
zh-cn: 由英文字母、数字或'-',5-128个字符组成。
Default: test-policy-name
AllowedPattern: ^[a-zA-Z0-9\-]+$
MinLength: 5
MaxLength: 128
SpecificAction:
Type: String
Label:
en: Specific Action
zh-cn: 策略的操作
Description:
en: 'The specific action of the policy,Separated by English commas; <a href=''https://help.aliyun.com/document_detail/93738.html'' target=''_blank''><b><font color=''blue''>View Policy elements-Action</font></b></font></a><br>For example: <br>[oss.*,ecs.*: <font color=''green''>all the action of oss and ecs</font>]<br>[oss.*: <font color=''green''>all the action of oss</font>]<br>[oss.GetObjectUrl: <font color=''green''>action is GetObjectUrl of oss</font>]<br>.'
zh-cn: '指定策略的操作,以英文逗号分隔;<a href=''https://help.aliyun.com/document_detail/93738.html'' target=''_blank''><b><font color=''blue''>查看策略元素-Action</font></b></font></a><br>例如: <br>[oss.*,ecs.*: <font color=''green''>oss和ecs的所有操作</font>]<br>[oss.*: <font color=''green''>oss的所有操作</font>]<br>[oss.GetObjectUrl: <font color=''green''>oss的GetObjectUrl操作</font>]<br>'
Default: oss.*,ecs.*
Resources:
RamManagedPolicy:
Type: ALIYUN::RAM::ManagedPolicy
Properties:
PolicyDocument:
Statement:
- Action:
Fn::Split:
- ','
- Ref: SpecificAction
Effect: Allow
Resource:
- '*'
Version: '1'
PolicyName:
Ref: PolicyName
RamRole:
Type: ALIYUN::RAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service:
Ref: AssumeRolePrincipalServices
Version: '1'
Policies:
- PolicyDocument:
Statement:
- Action:
- ros:*
Effect: Allow
Resource:
- '*'
Version: '1'
PolicyName:
Fn::Join:
- ''
- - Policy-
- Ref: ALIYUN::StackId
RoleName:
Ref: RoleName
RamAttachPolicyToRole:
Type: ALIYUN::RAM::AttachPolicyToRole
Properties:
PolicyName:
Fn::GetAtt:
- RamManagedPolicy
- PolicyName
PolicyType: Custom
RoleName:
Fn::GetAtt:
- RamRole
- RoleName
DependsOn:
- RamManagedPolicy
- RamRole
Outputs:
PolicyName:
Value:
Fn::GetAtt:
- RamManagedPolicy
- PolicyName
RoleArn:
Value:
Fn::GetAtt:
- RamRole
- Arn
RoleName:
Value:
Fn::GetAtt:
- RamRole
- RoleName
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- RoleName
- AssumeRolePrincipalServices
- PolicyName
- SpecificAction
Label:
default: RAM
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"zh-cn": "创建RAM角色,附加自定义策略,允许指定服务假设角色及定义策略操作。",
"en": "Create a RAM role, attach a custom policy allowing specified services to assume the role, and define policy operations."
},
"Parameters": {
"RoleName": {
"Type": "String",
"Label": {
"en": "Role Name",
"zh-cn": "角色的名称"
},
"Description": {
"en": "The name of role, Change the name if it already exists,<br>Consist of english letters, numbers or '-',not more than 64 characters.",
"zh-cn": "角色的名称,如果已经存在,请更改名称,<br>由英文字母、数字或'-'组成,不超过64个字符。"
},
"ConstraintDescription": {
"en": "No more than 64 characters,English letters, Numbers, or '-' are allowed.",
"zh-cn": "不得超过 64 个字符、英文字母、数字或'-'。"
},
"Default": "test-role",
"AllowedPattern": "^[a-zA-Z0-9\\-]+$",
"MinLength": 1,
"MaxLength": 64
},
"AssumeRolePrincipalServices": {
"Type": "Json",
"Label": {
"en": "Principal Services",
"zh-cn": "角色可信的服务"
},
"Description": {
"en": "The specifies role-trusted services that can be added more than once.",
"zh-cn": "指定角色可信的服务,可以添加多个。"
},
"Default": [
"ecs.aliyuncs.com"
]
},
"PolicyName": {
"Type": "String",
"Label": {
"en": "Policy Name",
"zh-cn": "策略名"
},
"Description": {
"en": "The policy name, Change the name if it already exists,<br>Consist of english letters, numbers or '-', 5-128 characters.",
"zh-cn": "策略名,改变名称如果它已经存在,<br>由英文字母,数字或'-',5-128个字符组成。"
},
"ConstraintDescription": {
"en": "Consist of english letters, numbers or '-',5-128 characters.",
"zh-cn": "由英文字母、数字或'-',5-128个字符组成。"
},
"Default": "test-policy-name",
"AllowedPattern": "^[a-zA-Z0-9\\-]+$",
"MinLength": 5,
"MaxLength": 128
},
"SpecificAction": {
"Type": "String",
"Label": {
"en": "Specific Action",
"zh-cn": "策略的操作"
},
"Description": {
"en": "The specific action of the policy,Separated by English commas; <a href='https://help.aliyun.com/document_detail/93738.html' target='_blank'><b><font color='blue'>View Policy elements-Action</font></b></font></a><br>For example: <br>[oss.*,ecs.*: <font color='green'>all the action of oss and ecs</font>]<br>[oss.*: <font color='green'>all the action of oss</font>]<br>[oss.GetObjectUrl: <font color='green'>action is GetObjectUrl of oss</font>]<br>.",
"zh-cn": "指定策略的操作,以英文逗号分隔;<a href='https://help.aliyun.com/document_detail/93738.html' target='_blank'><b><font color='blue'>查看策略元素-Action</font></b></font></a><br>例如: <br>[oss.*,ecs.*: <font color='green'>oss和ecs的所有操作</font>]<br>[oss.*: <font color='green'>oss的所有操作</font>]<br>[oss.GetObjectUrl: <font color='green'>oss的GetObjectUrl操作</font>]<br>"
},
"Default": "oss.*,ecs.*"
}
},
"Resources": {
"RamManagedPolicy": {
"Type": "ALIYUN::RAM::ManagedPolicy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": {
"Fn::Split": [
",",
{
"Ref": "SpecificAction"
}
]
},
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "1"
},
"PolicyName": {
"Ref": "PolicyName"
}
}
},
"RamRole": {
"Type": "ALIYUN::RAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": {
"Ref": "AssumeRolePrincipalServices"
}
}
}
],
"Version": "1"
},
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"ros:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "1"
},
"PolicyName": {
"Fn::Join": [
"",
[
"Policy-",
{
"Ref": "ALIYUN::StackId"
}
]
]
}
}
],
"RoleName": {
"Ref": "RoleName"
}
}
},
"RamAttachPolicyToRole": {
"Type": "ALIYUN::RAM::AttachPolicyToRole",
"Properties": {
"PolicyName": {
"Fn::GetAtt": [
"RamManagedPolicy",
"PolicyName"
]
},
"PolicyType": "Custom",
"RoleName": {
"Fn::GetAtt": [
"RamRole",
"RoleName"
]
}
},
"DependsOn": [
"RamManagedPolicy",
"RamRole"
]
}
},
"Outputs": {
"PolicyName": {
"Value": {
"Fn::GetAtt": [
"RamManagedPolicy",
"PolicyName"
]
}
},
"RoleArn": {
"Value": {
"Fn::GetAtt": [
"RamRole",
"Arn"
]
}
},
"RoleName": {
"Value": {
"Fn::GetAtt": [
"RamRole",
"RoleName"
]
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Parameters": [
"RoleName",
"AssumeRolePrincipalServices",
"PolicyName",
"SpecificAction"
],
"Label": {
"default": "RAM"
}
}
]
}
}
}场景 3 :创建RAM角色以管理操作审计,将审计日志存储至指定OSS桶,并配置SLS项目。
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 创建RAM角色以管理操作审计,将审计日志存储至指定OSS桶,并配置SLS项目。
en: Create RAM roles to manage operation auditing, with audit logs stored in a designated OSS bucket, and configure an SLS project for further log processing and analysis.
Parameters:
RoleName:
Type: String
Label:
en: Role Name
zh-cn: 角色名
Description:
en: Ram role name, 1 to 64 characters in length, beginning with English letters or numbers, hyphens allowed, unique in the account.
zh-cn: Ram角色名称,长度为1-64个字符,以英文字母或数字开头,允许使用连字符,账号内唯一。
ConstraintDescription:
en: 1 to 64 characters in length, beginning with English letters or numbers, hyphens allowed.
zn-cn: 长度为1-64个字符,以英文字母或数字开头,允许使用连字符。
Default: ActionTrailTestRole
MinLength: 1
MaxLength: 64
TrailName:
Type: String
Label:
en: Trail Name
zh-cn: 跟踪名称
Description:
en: Trail Name, 6 to 36 characters in length, must start with a letter, and can contain letters, numbers, dashes (-), and underscores (_), unique in the account
zh-cn: 跟踪名称,长度为6-36个字符,必须以字母开头,可包含字母、数字、短横线(-)和下划线(_),账号内唯一。
Default: TestTrail
EventRW:
Type: String
Label:
en: Event RW
zh-cn: 读写类型
Description:
en: Read and write types of delivery events
zh-cn: 投递事件的读写类型
Default: Write
AllowedValues:
- Write
- Read
- All
OssBucketName:
Type: String
Label:
en: Bucket Name
zh-cn: Bucket名称
Description:
en: Tracking OSS storage space written
zh-cn: 跟踪写入的OSS存储空间
AssociationProperty: ALIYUN::OSS::Bucket::BucketName
AssociationPropertyMetadata:
RegionId: ${RegionId}
OssKeyPrefix:
Type: String
Label:
en: Key Prefix
zh-cn: 文件名前缀
Description:
en: Track the prefix of the OSS storage space file name written, can be empty. 6 to 32 characters in length, must start with a letter, and can contain letters, numbers, dashes (-), slashes (/), and underscores (_)
zh-cn: 跟踪写入的OSS存储空间文件名的前缀,可以为空。长度为6-32个字符,必须以字母开头,可包含字母、数字、短横线(-)、斜杠(/)和下划线(_)
Default: ''
SlsProjectName:
Type: String
Label:
en: Project Name
zh-cn: 日志项目名称
Description:
en: Log service items to track delivery targets
zh-cn: 跟踪投递目标的日志服务项目
Resources:
Role:
Type: ALIYUN::RAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service:
- actiontrail.aliyuncs.com
Version: '1'
Policies:
- PolicyDocument:
Statement:
- Action:
- oss:ListObjects
- oss:PutObject
- oss:GetBucketLocation
Effect: Allow
Resource:
- '*'
- Action:
- log:PostLogStoreLogs
- log:CreateLogstore
Effect: Allow
Resource:
- '*'
- Action:
- mns:PublishMessage
Effect: Allow
Resource:
- '*'
Version: '1'
PolicyName:
Fn::Sub: ActionTrailPolicy-${ALIYUN::StackId}
RoleName:
Ref: RoleName
Trail:
Type: ALIYUN::ACTIONTRAIL::Trail
Properties:
EventRW:
Ref: EventRW
Name:
Ref: TrailName
OssBucketName:
Ref: OssBucketName
OssKeyPrefix:
Ref: OssKeyPrefix
RoleName:
Fn::GetAtt:
- Role
- RoleName
SlsProjectArn:
Fn::Sub: acs:log:${ALIYUN::Region}::project/${SlsProjectName}
SlsWriteRoleArn:
Fn::Sub: acs:ram::${ALIYUN::TenantId}:role/${Role.RoleName}
DependsOn: Role
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- RoleName
Label:
default: RAM
- Parameters:
- TrailName
- EventRW
Label:
default: Trail
- Parameters:
- OssBucketName
- OssKeyPrefix
Label:
default: OSS
- Parameters:
- SlsProjectName
Label:
default: SLS
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"zh-cn": "创建RAM角色以管理操作审计,将审计日志存储至指定OSS桶,并配置SLS项目。",
"en": "Create RAM roles to manage operation auditing, with audit logs stored in a designated OSS bucket, and configure an SLS project for further log processing and analysis."
},
"Parameters": {
"RoleName": {
"Type": "String",
"Label": {
"en": "Role Name",
"zh-cn": "角色名"
},
"Description": {
"en": "Ram role name, 1 to 64 characters in length, beginning with English letters or numbers, hyphens allowed, unique in the account.",
"zh-cn": "Ram角色名称,长度为1-64个字符,以英文字母或数字开头,允许使用连字符,账号内唯一。"
},
"ConstraintDescription": {
"en": "1 to 64 characters in length, beginning with English letters or numbers, hyphens allowed.",
"zn-cn": "长度为1-64个字符,以英文字母或数字开头,允许使用连字符。"
},
"Default": "ActionTrailTestRole",
"MinLength": 1,
"MaxLength": 64
},
"TrailName": {
"Type": "String",
"Label": {
"en": "Trail Name",
"zh-cn": "跟踪名称"
},
"Description": {
"en": "Trail Name, 6 to 36 characters in length, must start with a letter, and can contain letters, numbers, dashes (-), and underscores (_), unique in the account",
"zh-cn": "跟踪名称,长度为6-36个字符,必须以字母开头,可包含字母、数字、短横线(-)和下划线(_),账号内唯一。"
},
"Default": "TestTrail"
},
"EventRW": {
"Type": "String",
"Label": {
"en": "Event RW",
"zh-cn": "读写类型"
},
"Description": {
"en": "Read and write types of delivery events",
"zh-cn": "投递事件的读写类型"
},
"Default": "Write",
"AllowedValues": [
"Write",
"Read",
"All"
]
},
"OssBucketName": {
"Type": "String",
"Label": {
"en": "Bucket Name",
"zh-cn": "Bucket名称"
},
"Description": {
"en": "Tracking OSS storage space written",
"zh-cn": "跟踪写入的OSS存储空间"
},
"AssociationProperty": "ALIYUN::OSS::Bucket::BucketName",
"AssociationPropertyMetadata": {
"RegionId": "${RegionId}"
}
},
"OssKeyPrefix": {
"Type": "String",
"Label": {
"en": "Key Prefix",
"zh-cn": "文件名前缀"
},
"Description": {
"en": "Track the prefix of the OSS storage space file name written, can be empty. 6 to 32 characters in length, must start with a letter, and can contain letters, numbers, dashes (-), slashes (/), and underscores (_)",
"zh-cn": "跟踪写入的OSS存储空间文件名的前缀,可以为空。长度为6-32个字符,必须以字母开头,可包含字母、数字、短横线(-)、斜杠(/)和下划线(_)"
},
"Default": ""
},
"SlsProjectName": {
"Type": "String",
"Label": {
"en": "Project Name",
"zh-cn": "日志项目名称"
},
"Description": {
"en": "Log service items to track delivery targets",
"zh-cn": "跟踪投递目标的日志服务项目"
}
}
},
"Resources": {
"Role": {
"Type": "ALIYUN::RAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": [
"actiontrail.aliyuncs.com"
]
}
}
],
"Version": "1"
},
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:PutObject",
"oss:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"log:PostLogStoreLogs",
"log:CreateLogstore"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"mns:PublishMessage"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "1"
},
"PolicyName": {
"Fn::Sub": "ActionTrailPolicy-${ALIYUN::StackId}"
}
}
],
"RoleName": {
"Ref": "RoleName"
}
}
},
"Trail": {
"Type": "ALIYUN::ACTIONTRAIL::Trail",
"Properties": {
"EventRW": {
"Ref": "EventRW"
},
"Name": {
"Ref": "TrailName"
},
"OssBucketName": {
"Ref": "OssBucketName"
},
"OssKeyPrefix": {
"Ref": "OssKeyPrefix"
},
"RoleName": {
"Fn::GetAtt": [
"Role",
"RoleName"
]
},
"SlsProjectArn": {
"Fn::Sub": "acs:log:${ALIYUN::Region}::project/${SlsProjectName}"
},
"SlsWriteRoleArn": {
"Fn::Sub": "acs:ram::${ALIYUN::TenantId}:role/${Role.RoleName}"
}
},
"DependsOn": "Role"
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Parameters": [
"RoleName"
],
"Label": {
"default": "RAM"
}
},
{
"Parameters": [
"TrailName",
"EventRW"
],
"Label": {
"default": "Trail"
}
},
{
"Parameters": [
"OssBucketName",
"OssKeyPrefix"
],
"Label": {
"default": "OSS"
}
},
{
"Parameters": [
"SlsProjectName"
],
"Label": {
"default": "SLS"
}
}
]
}
}
}更多示例,请参考包含此资源的公共模板。
该文章对您有帮助吗?