alicloud_resource_manager_control_policy_attachment

更新时间:

Provides a Resource Manager Control Policy Attachment resource.

For information about Resource Manager Control Policy Attachment and how to use it, see What is Control Policy Attachment.

-> NOTE: Available since v1.120.0.

Example Usage

Basic Usage


variable "name" {
  default = "terraform-example"
}

resource "random_integer" "default" {
  min = 10000
  max = 99999
}

resource "alicloud_resource_manager_control_policy" "default" {
  control_policy_name = var.name
  description         = var.name
  effect_scope        = "RAM"
  policy_document     = <<EOF
  {
    "Version": "1",
    "Statement": [
      {
        "Effect": "Deny",
        "Action": [
          "ram:UpdateRole",
          "ram:DeleteRole",
          "ram:AttachPolicyToRole",
          "ram:DetachPolicyFromRole"
        ],
        "Resource": "acs:ram:*:*:role/ResourceDirectoryAccountAccessRole"
      }
    ]
  }
  EOF
}

resource "alicloud_resource_manager_folder" "default" {
  folder_name = "${var.name}-${random_integer.default.result}"
}

resource "alicloud_resource_manager_control_policy_attachment" "default" {
  policy_id = alicloud_resource_manager_control_policy.default.id
  target_id = alicloud_resource_manager_folder.default.id
}

Argument Reference

The following arguments are supported:

  • policy_id - (Required, ForceNew) The ID of the access control policy.
  • target_id - (Required, ForceNew) The ID of the object to which you want to attach the access control policy.

Attributes Reference

The following attributes are exported:

  • id - The resource ID in terraform of Control Policy Attachment. It formats as <policy_id>:<target_id>.

Timeouts

-> NOTE: Available since v1.240.0.

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 5 mins) Used when create the Control Policy Attachment.
  • delete - (Defaults to 5 mins) Used when delete the Control Policy Attachment.

Import

Resource Manager Control Policy Attachment can be imported using the id, e.g.

$ terraform import alicloud_resource_manager_control_policy_attachment.example <policy_id>:<target_id>