ALIYUN::RAM::User类型用于创建RAM用户。
语法
{
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": String,
"DisplayName": String,
"LoginProfile": Map,
"Groups": List,
"MobilePhone": String,
"Email": String,
"Comments": String,
"Policies": List,
"PolicyAttachments": Map,
"DeletionForce": Boolean
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
UserName | String | 是 | 否 | RAM用户的名称。 | 长度为1~64个字符,可包含英文字母、数字、半角句号(.)、短划线(-)和下划线(_)。 |
DisplayName | String | 否 | 是 | RAM用户的显示名称。 | 长度为1~128个字符。 |
LoginProfile | Map | 否 | 否 | RAM用户的登录配置。 | 更多信息,请参见LoginProfile属性。 |
Groups | List | 否 | 否 | RAM用户加入的用户组。 | 无 |
MobilePhone | String | 否 | 是 | RAM用户的手机号码。 | 无 |
String | 否 | 是 | RAM用户的邮箱。 | 无 | |
Comments | String | 否 | 是 | 备注。 | 长度为1~128个字符。 |
Policies | List | 否 | 是 | 适用于RAM用户的权限策略。 | 更多信息,请参见Policies属性。 |
PolicyAttachments | Map | 否 | 是 | 要添加的系统策略和自定义策略名称。 | 更多信息,请参见PolicyAttachments属性。 |
DeletionForce | Boolean | 否 | 是 | 是否强制解绑RAM用户的权限策略。 | 取值:
|
LoginProfile语法
"LoginProfile": {
"MFABindRequired": Boolean,
"Password": String,
"PasswordResetRequired": Boolean
} LoginProfile属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
MFABindRequired | Boolean | 否 | 否 | 是否强制要求RAM用户开启多因素认证。 | 取值:
|
Password | String | 否 | 否 | RAM用户的控制台登录新密码。 | 密码必须符合密码强度要求,长度为8~32个字符。 |
PasswordResetRequired | Boolean | 否 | 否 | RAM用户在下次登录时是否必须重置密码。 | 取值:
|
Policies语法
"Policies": [
{
"PolicyName": String,
"PolicyDocument": Map,
"Description": String,
"IgnoreExisting": Boolean
}
] Policies属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Description | String | 否 | 否 | 描述。 | 长度为1~1024个字符。 |
PolicyName | String | 是 | 否 | 权限策略名称。 | 长度为1~128个字符,可包含英文字母、数字和短划线(-)。 |
PolicyDocument | Map | 是 | 是 | 权限策略内容。 | 长度不超过2048个字符。 更多信息,请参见PolicyDocument属性。 |
IgnoreExisting | Boolean | 否 | 否 | 是否忽略现有策略。 | 取值:
|
PolicyDocument语法
"PolicyDocument": {
"Version": String,
"Statement": List
}PolicyDocument属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Version | String | 是 | 否 | 权限策略版本。 | 无 |
Statement | List | 是 | 否 | 权限策略具体规则。 | 更多信息,请参见Statement属性。 |
Statement语法
"Statement": [
{
"Condition": Map,
"Action": List,
"Resource": List,
"Effect": String
}
]Statement属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Condition | Map | 否 | 否 | 授权生效的限制条件。 | 无 |
Action | List | 否 | 否 | 权限策略针对的具体操作。 | 无 |
Resource | List | 否 | 否 | 权限策略针对的具体资源。 | 无 |
Effect | String | 否 | 否 | 授权效力。 | 取值:
|
PolicyAttachments语法
"PolicyAttachments": {
"Custom": List,
"System": List
}PolicyAttachments属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Custom | List | 否 | 是 | 自定义策略名称列表。 | 策略数量小于等于5。 |
System | List | 否 | 是 | 系统策略名称列表。 | 策略数量小于等于20。 |
返回值
Fn::GetAtt
UserName:RAM用户名称。
UserId:RAM用户ID。
CreateDate:RAM用户创建时间。
LastLoginDate:RAM用户最后登录时间。
示例
场景 1 :创建RAM用户。
ROSTemplateFormatVersion: '2015-09-01'
Description: Test RAM User
Parameters: {}
Resources:
User:
Type: ALIYUN::RAM::User
Properties:
UserName: dev
Policies:
- PolicyName:
Fn::Join:
- '-'
- - StackId
- Ref: ALIYUN::StackId
PolicyDocument:
Statement:
- Action:
- oss:*
Effect: Allow
Resource:
- '*'
Version: '1'
Outputs: {}{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": "Test RAM User",
"Parameters": {
},
"Resources": {
"User": {
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": "dev",
"Policies": [
{
"PolicyName": {
"Fn::Join": [
"-",
[
"StackId",
{
"Ref": "ALIYUN::StackId"
}
]
]
},
"PolicyDocument": {
"Statement": [
{
"Action": [
"oss:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "1"
}
}
]
}
}
},
"Outputs": {
}
}场景 2 :创建RAM用户,并创建AccessKey。
ROSTemplateFormatVersion: '2015-09-01'
Conditions:
CreateInstance:
Fn::Equals:
- Ref: SelectInstance
- false
Parameters:
UserName:
Type: String
Description: 自定义RAM用户名称
Label:
zh-cn: RAM用户名称
en: RAM User Name
Default: test123123123
RoleName:
Type: String
Description: 自定义RAM角色名称
Label:
zh-cn: RAM角色名称
en: RAM Rol Name
Default: test123123123
SelectInstance:
Type: Boolean
Label:
en: Whether to select an existing Bucket
zh-cn: 是否选择已有Bucket
Default: true
ExistBucketName:
Type: String
Label:
en: Existing Bucket
zh-cn: 已有Bucket
AssociationProperty: ALIYUN::OSS::Bucket::BucketName
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- true
Default: ''
BucketName:
Type: String
Label:
zh-cn: 新建存储空间名称
en: NewBucketName
Description:
zh-cn: Bucket 名称在 OSS 范围内必须全局唯一。长度为3~63个字符。必须以小写英文字母或数字开头和结尾,可包含小写英文字母、数字和短划线(-)。
en: Bucket names must be globally unique within the scope of OSS. The length is 3~63 characters. Must start and end with a lowercase English letter or number, and can contain lowercase English letters, numbers, and dashes (-).
AssociationProperty: AutoCompleteInput
AssociationPropertyMetadata:
Length: 6
Prefix: my-bucketname-
CharacterClasses:
- Class: lowercase
min: 1
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- false
AllowedPattern: ^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$
AccessControl:
Type: String
Label:
en: Access Control
zh-cn: 读写权限
Description:
en: Set the access permission of the bucket
zh-cn: 设置Bucket读写权限
Default: private
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- false
AllowedValues:
- private
- public-read
- public-read-write
Resources:
RamUser:
Type: ALIYUN::RAM::User
Properties:
UserName:
Ref: UserName
RamAK:
Type: ALIYUN::RAM::AccessKey
Properties:
UserName:
Fn::GetAtt:
- RamUser
- UserName
DependsOn: RamUser
MyBucket:
Condition: CreateInstance
Type: ALIYUN::OSS::Bucket
Properties:
AccessControl:
Ref: AccessControl
BucketName:
Ref: BucketName
Role:
Type: ALIYUN::RAM::Role
Properties:
RoleName:
Ref: RoleName
AssumeRolePolicyDocument:
Version: '1'
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
RAM:
- Fn::Sub: acs:ram::${ALIYUN::TenantId}:root
Policies:
- PolicyName:
Fn::Join:
- ''
- - Policy-
- Ref: ALIYUN::StackId
PolicyDocument:
Version: '1'
Statement:
- Effect: Allow
Action:
- oss:PutObject
Resource:
- Fn::Sub:
- acs:oss:*:*:${BucketName}/*
- BucketName:
Fn::If:
- CreateInstance
- Ref: BucketName
- Ref: ExistBucketName
Outputs:
AKSecret:
Value:
Fn::GetAtt:
- RamAK
- AccessKeySecret
AKId:
Value:
Fn::GetAtt:
- RamAK
- AccessKeyId
UserId:
Value:
Fn::GetAtt:
- RamUser
- UserId
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- SelectInstance
- ExistBucketName
- BucketName
- AccessControl
Label:
default: OSS
- Parameters:
- UserName
- RoleName
Label:
default: RAM
{
"ROSTemplateFormatVersion": "2015-09-01",
"Conditions": {
"CreateInstance": {
"Fn::Equals": [
{
"Ref": "SelectInstance"
},
false
]
}
},
"Parameters": {
"UserName": {
"Type": "String",
"Description": "自定义RAM用户名称",
"Label": {
"zh-cn": "RAM用户名称",
"en": "RAM User Name"
},
"Default": "test123123123"
},
"RoleName": {
"Type": "String",
"Description": "自定义RAM角色名称",
"Label": {
"zh-cn": "RAM角色名称",
"en": "RAM Rol Name"
},
"Default": "test123123123"
},
"SelectInstance": {
"Type": "Boolean",
"Label": {
"en": "Whether to select an existing Bucket",
"zh-cn": "是否选择已有Bucket"
},
"Default": true
},
"ExistBucketName": {
"Type": "String",
"Label": {
"en": "Existing Bucket",
"zh-cn": "已有Bucket"
},
"AssociationProperty": "ALIYUN::OSS::Bucket::BucketName",
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
true
]
}
}
},
"Default": ""
},
"BucketName": {
"Type": "String",
"Label": {
"zh-cn": "新建存储空间名称",
"en": "NewBucketName"
},
"Description": {
"zh-cn": "Bucket 名称在 OSS 范围内必须全局唯一。长度为3~63个字符。必须以小写英文字母或数字开头和结尾,可包含小写英文字母、数字和短划线(-)。",
"en": "Bucket names must be globally unique within the scope of OSS. The length is 3~63 characters. Must start and end with a lowercase English letter or number, and can contain lowercase English letters, numbers, and dashes (-)."
},
"AssociationProperty": "AutoCompleteInput",
"AssociationPropertyMetadata": {
"Length": 6,
"Prefix": "my-bucketname-",
"CharacterClasses": [
{
"Class": "lowercase",
"min": 1
}
],
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
false
]
}
}
},
"AllowedPattern": "^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$"
},
"AccessControl": {
"Type": "String",
"Label": {
"en": "Access Control",
"zh-cn": "读写权限"
},
"Description": {
"en": "Set the access permission of the bucket",
"zh-cn": "设置Bucket读写权限"
},
"Default": "private",
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
false
]
}
}
},
"AllowedValues": [
"private",
"public-read",
"public-read-write"
]
}
},
"Resources": {
"RamUser": {
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": {
"Ref": "UserName"
}
}
},
"RamAK": {
"Type": "ALIYUN::RAM::AccessKey",
"Properties": {
"UserName": {
"Fn::GetAtt": [
"RamUser",
"UserName"
]
}
},
"DependsOn": "RamUser"
},
"MyBucket": {
"Condition": "CreateInstance",
"Type": "ALIYUN::OSS::Bucket",
"Properties": {
"AccessControl": {
"Ref": "AccessControl"
},
"BucketName": {
"Ref": "BucketName"
}
}
},
"Role": {
"Type": "ALIYUN::RAM::Role",
"Properties": {
"RoleName": {
"Ref": "RoleName"
},
"AssumeRolePolicyDocument": {
"Version": "1",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"RAM": [
{
"Fn::Sub": "acs:ram::${ALIYUN::TenantId}:root"
}
]
}
}
]
},
"Policies": [
{
"PolicyName": {
"Fn::Join": [
"",
[
"Policy-",
{
"Ref": "ALIYUN::StackId"
}
]
]
},
"PolicyDocument": {
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:PutObject"
],
"Resource": [
{
"Fn::Sub": [
"acs:oss:*:*:${BucketName}/*",
{
"BucketName": {
"Fn::If": [
"CreateInstance",
{
"Ref": "BucketName"
},
{
"Ref": "ExistBucketName"
}
]
}
}
]
}
]
}
]
}
}
]
}
}
},
"Outputs": {
"AKSecret": {
"Value": {
"Fn::GetAtt": [
"RamAK",
"AccessKeySecret"
]
}
},
"AKId": {
"Value": {
"Fn::GetAtt": [
"RamAK",
"AccessKeyId"
]
}
},
"UserId": {
"Value": {
"Fn::GetAtt": [
"RamUser",
"UserId"
]
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Parameters": [
"SelectInstance",
"ExistBucketName",
"BucketName",
"AccessControl"
],
"Label": {
"default": "OSS"
}
},
{
"Parameters": [
"UserName",
"RoleName"
],
"Label": {
"default": "RAM"
}
}
]
}
}
}场景 3 :创建RAM用户,并创建AccessKey,赋予其对指定 OSS Bucket 的写权限(oss:PutObject)。
ROSTemplateFormatVersion: '2015-09-01'
Conditions:
CreateInstance:
Fn::Equals:
- Ref: SelectInstance
- false
Parameters:
UserName:
Type: String
Description: 自定义RAM用户名称
Label:
zh-cn: RAM用户名称
en: RAM User Name
Default: test123123123
RoleName:
Type: String
Description: 自定义RAM角色名称
Label:
zh-cn: RAM角色名称
en: RAM Rol Name
Default: test123123123
SelectInstance:
Type: Boolean
Label:
en: Whether to select an existing Bucket
zh-cn: 是否选择已有Bucket
Default: true
ExistBucketName:
Type: String
Label:
en: Existing Bucket
zh-cn: 已有Bucket
AssociationProperty: ALIYUN::OSS::Bucket::BucketName
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- true
Default: ''
BucketName:
Type: String
Label:
zh-cn: 新建存储空间名称
en: NewBucketName
Description:
zh-cn: Bucket 名称在 OSS 范围内必须全局唯一。长度为3~63个字符。必须以小写英文字母或数字开头和结尾,可包含小写英文字母、数字和短划线(-)。
en: Bucket names must be globally unique within the scope of OSS. The length is 3~63 characters. Must start and end with a lowercase English letter or number, and can contain lowercase English letters, numbers, and dashes (-).
AssociationProperty: AutoCompleteInput
AssociationPropertyMetadata:
Length: 6
Prefix: my-bucketname-
CharacterClasses:
- Class: lowercase
min: 1
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- false
AllowedPattern: ^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$
AccessControl:
Type: String
Label:
en: Access Control
zh-cn: 读写权限
Description:
en: Set the access permission of the bucket
zh-cn: 设置Bucket读写权限
Default: private
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- false
AllowedValues:
- private
- public-read
- public-read-write
Resources:
RamUser:
Type: ALIYUN::RAM::User
Properties:
UserName:
Ref: UserName
RamAK:
Type: ALIYUN::RAM::AccessKey
Properties:
UserName:
Fn::GetAtt:
- RamUser
- UserName
DependsOn: RamUser
MyBucket:
Condition: CreateInstance
Type: ALIYUN::OSS::Bucket
Properties:
AccessControl:
Ref: AccessControl
BucketName:
Ref: BucketName
Role:
Type: ALIYUN::RAM::Role
Properties:
RoleName:
Ref: RoleName
AssumeRolePolicyDocument:
Version: '1'
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
RAM:
- Fn::Sub: acs:ram::${ALIYUN::TenantId}:root
Policies:
- PolicyName:
Fn::Join:
- ''
- - Policy-
- Ref: ALIYUN::StackId
PolicyDocument:
Version: '1'
Statement:
- Effect: Allow
Action:
- oss:PutObject
Resource:
- Fn::Sub:
- acs:oss:*:*:${BucketName}/*
- BucketName:
Fn::If:
- CreateInstance
- Ref: BucketName
- Ref: ExistBucketName
Outputs:
AKSecret:
Value:
Fn::GetAtt:
- RamAK
- AccessKeySecret
AKId:
Value:
Fn::GetAtt:
- RamAK
- AccessKeyId
UserId:
Value:
Fn::GetAtt:
- RamUser
- UserId
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- SelectInstance
- ExistBucketName
- BucketName
- AccessControl
Label:
default: OSS
- Parameters:
- UserName
- RoleName
Label:
default: RAM
{
"ROSTemplateFormatVersion": "2015-09-01",
"Conditions": {
"CreateInstance": {
"Fn::Equals": [
{
"Ref": "SelectInstance"
},
false
]
}
},
"Parameters": {
"UserName": {
"Type": "String",
"Description": "自定义RAM用户名称",
"Label": {
"zh-cn": "RAM用户名称",
"en": "RAM User Name"
},
"Default": "test123123123"
},
"RoleName": {
"Type": "String",
"Description": "自定义RAM角色名称",
"Label": {
"zh-cn": "RAM角色名称",
"en": "RAM Rol Name"
},
"Default": "test123123123"
},
"SelectInstance": {
"Type": "Boolean",
"Label": {
"en": "Whether to select an existing Bucket",
"zh-cn": "是否选择已有Bucket"
},
"Default": true
},
"ExistBucketName": {
"Type": "String",
"Label": {
"en": "Existing Bucket",
"zh-cn": "已有Bucket"
},
"AssociationProperty": "ALIYUN::OSS::Bucket::BucketName",
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
true
]
}
}
},
"Default": ""
},
"BucketName": {
"Type": "String",
"Label": {
"zh-cn": "新建存储空间名称",
"en": "NewBucketName"
},
"Description": {
"zh-cn": "Bucket 名称在 OSS 范围内必须全局唯一。长度为3~63个字符。必须以小写英文字母或数字开头和结尾,可包含小写英文字母、数字和短划线(-)。",
"en": "Bucket names must be globally unique within the scope of OSS. The length is 3~63 characters. Must start and end with a lowercase English letter or number, and can contain lowercase English letters, numbers, and dashes (-)."
},
"AssociationProperty": "AutoCompleteInput",
"AssociationPropertyMetadata": {
"Length": 6,
"Prefix": "my-bucketname-",
"CharacterClasses": [
{
"Class": "lowercase",
"min": 1
}
],
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
false
]
}
}
},
"AllowedPattern": "^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$"
},
"AccessControl": {
"Type": "String",
"Label": {
"en": "Access Control",
"zh-cn": "读写权限"
},
"Description": {
"en": "Set the access permission of the bucket",
"zh-cn": "设置Bucket读写权限"
},
"Default": "private",
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
false
]
}
}
},
"AllowedValues": [
"private",
"public-read",
"public-read-write"
]
}
},
"Resources": {
"RamUser": {
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": {
"Ref": "UserName"
}
}
},
"RamAK": {
"Type": "ALIYUN::RAM::AccessKey",
"Properties": {
"UserName": {
"Fn::GetAtt": [
"RamUser",
"UserName"
]
}
},
"DependsOn": "RamUser"
},
"MyBucket": {
"Condition": "CreateInstance",
"Type": "ALIYUN::OSS::Bucket",
"Properties": {
"AccessControl": {
"Ref": "AccessControl"
},
"BucketName": {
"Ref": "BucketName"
}
}
},
"Role": {
"Type": "ALIYUN::RAM::Role",
"Properties": {
"RoleName": {
"Ref": "RoleName"
},
"AssumeRolePolicyDocument": {
"Version": "1",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"RAM": [
{
"Fn::Sub": "acs:ram::${ALIYUN::TenantId}:root"
}
]
}
}
]
},
"Policies": [
{
"PolicyName": {
"Fn::Join": [
"",
[
"Policy-",
{
"Ref": "ALIYUN::StackId"
}
]
]
},
"PolicyDocument": {
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:PutObject"
],
"Resource": [
{
"Fn::Sub": [
"acs:oss:*:*:${BucketName}/*",
{
"BucketName": {
"Fn::If": [
"CreateInstance",
{
"Ref": "BucketName"
},
{
"Ref": "ExistBucketName"
}
]
}
}
]
}
]
}
]
}
}
]
}
}
},
"Outputs": {
"AKSecret": {
"Value": {
"Fn::GetAtt": [
"RamAK",
"AccessKeySecret"
]
}
},
"AKId": {
"Value": {
"Fn::GetAtt": [
"RamAK",
"AccessKeyId"
]
}
},
"UserId": {
"Value": {
"Fn::GetAtt": [
"RamUser",
"UserId"
]
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Parameters": [
"SelectInstance",
"ExistBucketName",
"BucketName",
"AccessControl"
],
"Label": {
"default": "OSS"
}
},
{
"Parameters": [
"UserName",
"RoleName"
],
"Label": {
"default": "RAM"
}
}
]
}
}
}场景 4 :创建具有不同策略的用户组的用户。
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 创建子账户,分配至用户组与管理员组,启用登录,生成访问密钥,附带读取ECS和OSS权限策略。
en: Create sub-accounts, allocate them to user groups and administrator groups, enable login functionality, generate access keys, and attach read-only policies for Elastic Compute Service (ECS) and Object Storage Service (OSS).
Parameters:
GroupName1:
Type: String
Label:
en: Group 1 Name
zh-cn: 用户组1的名称
Description:
en: The name of user group 1, <br>Specifies the group name, containing up to 64 characters,English letters, Numbers, or '-' are allowed.
zh-cn: 用户组1的名称,指定最多包含64个字符、英文字母、数字或“-”的组名。
ConstraintDescription:
en: No more than 64 characters,English letters, Numbers, or '-' are allowed.
zh-cn: 不得超过 64 个字符、英文字母、数字或'-'。
Default: UserGroup
AllowedPattern: ^[a-zA-Z0-9\-]+$
MinLength: 1
MaxLength: 64
GroupName2:
Type: String
Label:
en: Group 2 Name
zh-cn: 用户组2的名称
Description:
en: The name of user group 2, <br>Specifies the group name, containing up to 64 characters,English letters, Numbers, or '-' are allowed.
zh-cn: 用户组2的名称,指定最多包含64个字符、英文字母、数字或“-”的组名。
ConstraintDescription:
en: No more than 64 characters,English letters, Numbers, or '-' are allowed.
zh-cn: 不得超过 64 个字符、英文字母、数字或'-'。
Default: AdminGroup
AllowedPattern: ^[a-zA-Z0-9\-]+$
MinLength: 1
MaxLength: 64
UserName:
Type: String
Label:
en: User Name
zh-cn: 用户名称
Description:
en: The user name cannot already exist,<br>Contains english letters, numbers,'.' , '_' or '-', not more than 64 characters.
zh-cn: 不能是已经存在的用户名,<br>用户名可包含英文字母,数字,'.', '_'或'-',不超过64个字符。
ConstraintDescription:
en: No more than 64 characters,English letters, Numbers, or '-' are allowed.
zh-cn: 不得超过 64 个字符、英文字母、数字或'-'。
Default: test-user
AllowedPattern: '[a-zA-Z0-9\.\-\_]+$'
MinLength: 1
MaxLength: 64
UserPassword:
Type: String
Label:
en: User Password
zh-cn: 用户密码
Description:
en: Specify a password, which must meet the password strength requirements;<br>About password strength policy, Please refer to the <a href='https://help.aliyun.com/document_detail/28740.html' target='_blank'><b><font color='blue'>GetPasswordPolicy</font></b><font color='blue'></a>.
zh-cn: 指定密码,必须满足密码强度要求;关于密码强度策略,请参阅<a href='https://help.aliyun.com/document_detail/28740.html' target='_blank'><b><font color='blue'>GetPasswordPolicy</font></b><font color='blue'></a>。
NoEcho: true
Resources:
RamGroup1:
Type: ALIYUN::RAM::Group
Properties:
GroupName:
Ref: GroupName1
RamGroup2:
Type: ALIYUN::RAM::Group
Properties:
GroupName:
Ref: GroupName2
RamUser:
Type: ALIYUN::RAM::User
Properties:
Groups:
- Ref: RamGroup1
- Ref: RamGroup2
LoginProfile:
Password:
Ref: UserPassword
PasswordResetRequired: false
UserName:
Ref: UserName
RamAK:
Type: ALIYUN::RAM::AccessKey
Properties:
UserName:
Fn::GetAtt:
- RamUser
- UserName
RamManagedPolicy1:
Type: ALIYUN::RAM::ManagedPolicy
Properties:
Groups:
- Ref: RamGroup1
PolicyDocument:
Statement:
- Action:
- ecs:Describe*
Effect: Allow
Resource:
- '*'
- Action:
- ecs:List*
Effect: Allow
Resource:
- '*'
- Action:
- vpc:DescribeVpcs
- vpc:DescribeVSwitches
Effect: Allow
Resource:
- '*'
Version: '1'
PolicyName:
Fn::Join:
- '-'
- - ECSReadOnly
- StackId
- Ref: ALIYUN::StackId
RamManagedPolicy2:
Type: ALIYUN::RAM::ManagedPolicy
Properties:
Groups:
- Ref: RamGroup2
PolicyDocument:
Statement:
- Action:
- oss:*
Effect: Allow
Resource:
- '*'
Version: '1'
PolicyName:
Fn::Join:
- '-'
- - OSSReadOnly
- StackId
- Ref: ALIYUN::StackId
Outputs:
RamAccessKeyId:
Value:
Fn::GetAtt:
- RamAK
- AccessKeyId
RamUserId:
Value:
Fn::GetAtt:
- RamUser
- UserId
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- GroupName1
- GroupName2
- UserName
- UserPassword
Label:
default: RAM
TemplateTags:
- acs:example:弹性计算:创建具有不同策略的用户组的用户
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"zh-cn": "创建子账户,分配至用户组与管理员组,启用登录,生成访问密钥,附带读取ECS和OSS权限策略。",
"en": "Create sub-accounts, allocate them to user groups and administrator groups, enable login functionality, generate access keys, and attach read-only policies for Elastic Compute Service (ECS) and Object Storage Service (OSS)."
},
"Parameters": {
"GroupName1": {
"Type": "String",
"Label": {
"en": "Group 1 Name",
"zh-cn": "用户组1的名称"
},
"Description": {
"en": "The name of user group 1, <br>Specifies the group name, containing up to 64 characters,English letters, Numbers, or '-' are allowed.",
"zh-cn": "用户组1的名称,指定最多包含64个字符、英文字母、数字或“-”的组名。"
},
"ConstraintDescription": {
"en": "No more than 64 characters,English letters, Numbers, or '-' are allowed.",
"zh-cn": "不得超过 64 个字符、英文字母、数字或'-'。"
},
"Default": "UserGroup",
"AllowedPattern": "^[a-zA-Z0-9\\-]+$",
"MinLength": 1,
"MaxLength": 64
},
"GroupName2": {
"Type": "String",
"Label": {
"en": "Group 2 Name",
"zh-cn": "用户组2的名称"
},
"Description": {
"en": "The name of user group 2, <br>Specifies the group name, containing up to 64 characters,English letters, Numbers, or '-' are allowed.",
"zh-cn": "用户组2的名称,指定最多包含64个字符、英文字母、数字或“-”的组名。"
},
"ConstraintDescription": {
"en": "No more than 64 characters,English letters, Numbers, or '-' are allowed.",
"zh-cn": "不得超过 64 个字符、英文字母、数字或'-'。"
},
"Default": "AdminGroup",
"AllowedPattern": "^[a-zA-Z0-9\\-]+$",
"MinLength": 1,
"MaxLength": 64
},
"UserName": {
"Type": "String",
"Label": {
"en": "User Name",
"zh-cn": "用户名称"
},
"Description": {
"en": "The user name cannot already exist,<br>Contains english letters, numbers,'.' , '_' or '-', not more than 64 characters.",
"zh-cn": "不能是已经存在的用户名,<br>用户名可包含英文字母,数字,'.', '_'或'-',不超过64个字符。"
},
"ConstraintDescription": {
"en": "No more than 64 characters,English letters, Numbers, or '-' are allowed.",
"zh-cn": "不得超过 64 个字符、英文字母、数字或'-'。"
},
"Default": "test-user",
"AllowedPattern": "[a-zA-Z0-9\\.\\-\\_]+$",
"MinLength": 1,
"MaxLength": 64
},
"UserPassword": {
"Type": "String",
"Label": {
"en": "User Password",
"zh-cn": "用户密码"
},
"Description": {
"en": "Specify a password, which must meet the password strength requirements;<br>About password strength policy, Please refer to the <a href='https://help.aliyun.com/document_detail/28740.html' target='_blank'><b><font color='blue'>GetPasswordPolicy</font></b><font color='blue'></a>.",
"zh-cn": "指定密码,必须满足密码强度要求;关于密码强度策略,请参阅<a href='https://help.aliyun.com/document_detail/28740.html' target='_blank'><b><font color='blue'>GetPasswordPolicy</font></b><font color='blue'></a>。"
},
"NoEcho": true
}
},
"Resources": {
"RamGroup1": {
"Type": "ALIYUN::RAM::Group",
"Properties": {
"GroupName": {
"Ref": "GroupName1"
}
}
},
"RamGroup2": {
"Type": "ALIYUN::RAM::Group",
"Properties": {
"GroupName": {
"Ref": "GroupName2"
}
}
},
"RamUser": {
"Type": "ALIYUN::RAM::User",
"Properties": {
"Groups": [
{
"Ref": "RamGroup1"
},
{
"Ref": "RamGroup2"
}
],
"LoginProfile": {
"Password": {
"Ref": "UserPassword"
},
"PasswordResetRequired": false
},
"UserName": {
"Ref": "UserName"
}
}
},
"RamAK": {
"Type": "ALIYUN::RAM::AccessKey",
"Properties": {
"UserName": {
"Fn::GetAtt": [
"RamUser",
"UserName"
]
}
}
},
"RamManagedPolicy1": {
"Type": "ALIYUN::RAM::ManagedPolicy",
"Properties": {
"Groups": [
{
"Ref": "RamGroup1"
}
],
"PolicyDocument": {
"Statement": [
{
"Action": [
"ecs:Describe*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ecs:List*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "1"
},
"PolicyName": {
"Fn::Join": [
"-",
[
"ECSReadOnly",
"StackId",
{
"Ref": "ALIYUN::StackId"
}
]
]
}
}
},
"RamManagedPolicy2": {
"Type": "ALIYUN::RAM::ManagedPolicy",
"Properties": {
"Groups": [
{
"Ref": "RamGroup2"
}
],
"PolicyDocument": {
"Statement": [
{
"Action": [
"oss:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "1"
},
"PolicyName": {
"Fn::Join": [
"-",
[
"OSSReadOnly",
"StackId",
{
"Ref": "ALIYUN::StackId"
}
]
]
}
}
}
},
"Outputs": {
"RamAccessKeyId": {
"Value": {
"Fn::GetAtt": [
"RamAK",
"AccessKeyId"
]
}
},
"RamUserId": {
"Value": {
"Fn::GetAtt": [
"RamUser",
"UserId"
]
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Parameters": [
"GroupName1",
"GroupName2",
"UserName",
"UserPassword"
],
"Label": {
"default": "RAM"
}
}
],
"TemplateTags": [
"acs:example:弹性计算:创建具有不同策略的用户组的用户"
]
}
}
}该文章对您有帮助吗?