alicloud_resource_manager_policy_attachment

更新时间:

Provides a Resource Manager Policy Attachment resource to attaches a policy to an object. After you attach a policy to an object, the object has the operation permissions on the current resource group or the resources under the current account. For information about Resource Manager Policy Attachment and how to use it, see How to authorize and manage resource groups.

-> NOTE: Available since v1.93.0.

Example Usage

Basic Usage


variable "name" {
  default = "tfexamplename"
}

resource "alicloud_ram_user" "example" {
  name = var.name
}
resource "alicloud_resource_manager_policy" "example" {
  policy_name     = var.name
  policy_document = <<EOF
		{
			"Statement": [{
				"Action": ["oss:*"],
				"Effect": "Allow",
				"Resource": ["acs:oss:*:*:*"]
			}],
			"Version": "1"
		}
    EOF
}

data "alicloud_resource_manager_resource_groups" "example" {
  status = "OK"
}

# Get Alicloud Account Id
data "alicloud_account" "example" {}

# Attach the custom policy to resource group
resource "alicloud_resource_manager_policy_attachment" "example" {
  policy_name       = alicloud_resource_manager_policy.example.policy_name
  policy_type       = "Custom"
  principal_name    = format("%s@%s.onaliyun.com", alicloud_ram_user.example.name, data.alicloud_account.example.id)
  principal_type    = "IMSUser"
  resource_group_id = data.alicloud_resource_manager_resource_groups.example.ids.0
}

Argument Reference

The following arguments are supported:

  • policy_name - (Required, ForceNew) The name of the policy. name must be 1 to 128 characters in length and can contain letters, digits, and hyphens (-).
  • policy_type - (Required, ForceNew) The type of the policy. Valid values: Custom, System.
  • principal_name - (Required, ForceNew) The name of the object to which you want to attach the policy.
  • principal_type - (Required, ForceNew) The type of the object to which you want to attach the policy. Valid values: IMSUser: RAM user, IMSGroup: RAM user group, ServiceRole: RAM role.
  • resource_group_id - (Required, ForceNew) The ID of the resource group or the ID of the Alibaba Cloud account to which the resource group belongs.

Attributes Reference

  • id - This ID of this resource. It is formatted to <policy_name>:<policy_type>:<principal_name>:<principal_type>:<resource_group_id>. Before version 1.100.0, the value is <policy_name>:<policy_type>:<principal_name>:<principal_type>.

Import

Resource Manager Policy Attachment can be imported using the id, e.g.

$ terraform import alicloud_resource_policy_attachment.example tf-testaccrdpolicy:Custom:tf-testaccrdpolicy@11827252********.onaliyun.com:IMSUser:rg******