Alibaba Cloud v3.87.0 published on Saturday, Oct 18, 2025 by Pulumi
alicloud.ram.getRolePolicyAttachments
This data source provides Ram Role Policy Attachment available to the user.What is Role Policy Attachment
NOTE: Available since v1.248.0.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
import * as random from "@pulumi/random";
const config = new pulumi.Config();
const name = config.get("name") || "terraform-example";
const role = new alicloud.ram.Role("role", {
name: "roleName",
document: ` {
\\"Statement\\": [
{
\\"Action\\": \\"sts:AssumeRole\\",
\\"Effect\\": \\"Allow\\",
\\"Principal\\": {
\\"Service\\": [
\\"apigateway.aliyuncs.com\\",
\\"ecs.aliyuncs.com\\"
]
}
}
],
\\"Version\\": \\"1\\"
}
`,
description: "this is a role test.",
});
const defaultInteger = new random.index.Integer("default", {
min: 10000,
max: 99999,
});
const policy = new alicloud.ram.Policy("policy", {
policyName: `tf-example-${defaultInteger.result}`,
policyDocument: ` {
\\"Statement\\": [
{
\\"Action\\": [
\\"oss:ListObjects\\",
\\"oss:GetObject\\"
],
\\"Effect\\": \\"Allow\\",
\\"Resource\\": [
\\"acs:oss:*:*:mybucket\\",
\\"acs:oss:*:*:mybucket/*\\"
]
}
],
\\"Version\\": \\"1\\"
}
`,
description: "this is a policy test",
});
const defaultRolePolicyAttachment = new alicloud.ram.RolePolicyAttachment("default", {
policyName: policy.policyName,
policyType: policy.type,
roleName: role.name,
});
const _default = alicloud.ram.getRolePolicyAttachmentsOutput({
ids: [defaultRolePolicyAttachment.id],
roleName: role.id,
});
export const alicloudRamRolePolicyAttachmentExampleId = _default.apply(_default => _default.attachments?.[0]?.id);
import pulumi
import pulumi_alicloud as alicloud
import pulumi_random as random
config = pulumi.Config()
name = config.get("name")
if name is None:
name = "terraform-example"
role = alicloud.ram.Role("role",
name="roleName",
document=""" {
\"Statement\": [
{
\"Action\": \"sts:AssumeRole\",
\"Effect\": \"Allow\",
\"Principal\": {
\"Service\": [
\"apigateway.aliyuncs.com\",
\"ecs.aliyuncs.com\"
]
}
}
],
\"Version\": \"1\"
}
""",
description="this is a role test.")
default_integer = random.index.Integer("default",
min=10000,
max=99999)
policy = alicloud.ram.Policy("policy",
policy_name=f"tf-example-{default_integer['result']}",
policy_document=""" {
\"Statement\": [
{
\"Action\": [
\"oss:ListObjects\",
\"oss:GetObject\"
],
\"Effect\": \"Allow\",
\"Resource\": [
\"acs:oss:*:*:mybucket\",
\"acs:oss:*:*:mybucket/*\"
]
}
],
\"Version\": \"1\"
}
""",
description="this is a policy test")
default_role_policy_attachment = alicloud.ram.RolePolicyAttachment("default",
policy_name=policy.policy_name,
policy_type=policy.type,
role_name=role.name)
default = alicloud.ram.get_role_policy_attachments_output(ids=[default_role_policy_attachment.id],
role_name=role.id)
pulumi.export("alicloudRamRolePolicyAttachmentExampleId", default.attachments[0].id)
package main
import (
"fmt"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ram"
"github.com/pulumi/pulumi-random/sdk/v4/go/random"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
name := "terraform-example";
if param := cfg.Get("name"); param != ""{
name = param
}
role, err := ram.NewRole(ctx, "role", &ram.RoleArgs{
Name: pulumi.String("roleName"),
Document: pulumi.String(` {
\"Statement\": [
{
\"Action\": \"sts:AssumeRole\",
\"Effect\": \"Allow\",
\"Principal\": {
\"Service\": [
\"apigateway.aliyuncs.com\",
\"ecs.aliyuncs.com\"
]
}
}
],
\"Version\": \"1\"
}
`),
Description: pulumi.String("this is a role test."),
})
if err != nil {
return err
}
defaultInteger, err := random.NewInteger(ctx, "default", &random.IntegerArgs{
Min: 10000,
Max: 99999,
})
if err != nil {
return err
}
policy, err := ram.NewPolicy(ctx, "policy", &ram.PolicyArgs{
PolicyName: pulumi.Sprintf("tf-example-%v", defaultInteger.Result),
PolicyDocument: pulumi.String(` {
\"Statement\": [
{
\"Action\": [
\"oss:ListObjects\",
\"oss:GetObject\"
],
\"Effect\": \"Allow\",
\"Resource\": [
\"acs:oss:*:*:mybucket\",
\"acs:oss:*:*:mybucket/*\"
]
}
],
\"Version\": \"1\"
}
`),
Description: pulumi.String("this is a policy test"),
})
if err != nil {
return err
}
defaultRolePolicyAttachment, err := ram.NewRolePolicyAttachment(ctx, "default", &ram.RolePolicyAttachmentArgs{
PolicyName: policy.PolicyName,
PolicyType: policy.Type,
RoleName: role.Name,
})
if err != nil {
return err
}
_default := ram.GetRolePolicyAttachmentsOutput(ctx, ram.GetRolePolicyAttachmentsOutputArgs{
Ids: pulumi.StringArray{
defaultRolePolicyAttachment.ID(),
},
RoleName: role.ID(),
}, nil);
ctx.Export("alicloudRamRolePolicyAttachmentExampleId", _default.ApplyT(func(_default ram.GetRolePolicyAttachmentsResult) (*string, error) {
return &default.Attachments[0].Id, nil
}).(pulumi.StringPtrOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
using Random = Pulumi.Random;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var name = config.Get("name") ?? "terraform-example";
var role = new AliCloud.Ram.Role("role", new()
{
Name = "roleName",
Document = @" {
\""Statement\"": [
{
\""Action\"": \""sts:AssumeRole\"",
\""Effect\"": \""Allow\"",
\""Principal\"": {
\""Service\"": [
\""apigateway.aliyuncs.com\"",
\""ecs.aliyuncs.com\""
]
}
}
],
\""Version\"": \""1\""
}
",
Description = "this is a role test.",
});
var defaultInteger = new Random.Index.Integer("default", new()
{
Min = 10000,
Max = 99999,
});
var policy = new AliCloud.Ram.Policy("policy", new()
{
PolicyName = $"tf-example-{defaultInteger.Result}",
PolicyDocument = @" {
\""Statement\"": [
{
\""Action\"": [
\""oss:ListObjects\"",
\""oss:GetObject\""
],
\""Effect\"": \""Allow\"",
\""Resource\"": [
\""acs:oss:*:*:mybucket\"",
\""acs:oss:*:*:mybucket/*\""
]
}
],
\""Version\"": \""1\""
}
",
Description = "this is a policy test",
});
var defaultRolePolicyAttachment = new AliCloud.Ram.RolePolicyAttachment("default", new()
{
PolicyName = policy.PolicyName,
PolicyType = policy.Type,
RoleName = role.Name,
});
var @default = AliCloud.Ram.GetRolePolicyAttachments.Invoke(new()
{
Ids = new[]
{
defaultRolePolicyAttachment.Id,
},
RoleName = role.Id,
});
return new Dictionary<string, object?>
{
["alicloudRamRolePolicyAttachmentExampleId"] = @default.Apply(@default => @default.Apply(getRolePolicyAttachmentsResult => getRolePolicyAttachmentsResult.Attachments[0]?.Id)),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ram.Role;
import com.pulumi.alicloud.ram.RoleArgs;
import com.pulumi.random.Integer;
import com.pulumi.random.IntegerArgs;
import com.pulumi.alicloud.ram.Policy;
import com.pulumi.alicloud.ram.PolicyArgs;
import com.pulumi.alicloud.ram.RolePolicyAttachment;
import com.pulumi.alicloud.ram.RolePolicyAttachmentArgs;
import com.pulumi.alicloud.ram.RamFunctions;
import com.pulumi.alicloud.ram.inputs.GetRolePolicyAttachmentsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var name = config.get("name").orElse("terraform-example");
var role = new Role("role", RoleArgs.builder()
.name("roleName")
.document("""
{
\"Statement\": [
{
\"Action\": \"sts:AssumeRole\",
\"Effect\": \"Allow\",
\"Principal\": {
\"Service\": [
\"apigateway.aliyuncs.com\",
\"ecs.aliyuncs.com\"
]
}
}
],
\"Version\": \"1\"
}
""")
.description("this is a role test.")
.build());
var defaultInteger = new Integer("defaultInteger", IntegerArgs.builder()
.min(10000)
.max(99999)
.build());
var policy = new Policy("policy", PolicyArgs.builder()
.policyName(String.format("tf-example-%s", defaultInteger.result()))
.policyDocument("""
{
\"Statement\": [
{
\"Action\": [
\"oss:ListObjects\",
\"oss:GetObject\"
],
\"Effect\": \"Allow\",
\"Resource\": [
\"acs:oss:*:*:mybucket\",
\"acs:oss:*:*:mybucket/*\"
]
}
],
\"Version\": \"1\"
}
""")
.description("this is a policy test")
.build());
var defaultRolePolicyAttachment = new RolePolicyAttachment("defaultRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
.policyName(policy.policyName())
.policyType(policy.type())
.roleName(role.name())
.build());
final var default = RamFunctions.getRolePolicyAttachments(GetRolePolicyAttachmentsArgs.builder()
.ids(defaultRolePolicyAttachment.id())
.roleName(role.id())
.build());
ctx.export("alicloudRamRolePolicyAttachmentExampleId", default_.applyValue(_default_ -> _default_.attachments()[0].id()));
}
}
configuration:
name:
type: string
default: terraform-example
resources:
role:
type: alicloud:ram:Role
properties:
name: roleName
document: " {\n \\\"Statement\\\": [\n {\n \\\"Action\\\": \\\"sts:AssumeRole\\\",\n \\\"Effect\\\": \\\"Allow\\\",\n \\\"Principal\\\": {\n \\\"Service\\\": [\n \\\"apigateway.aliyuncs.com\\\", \n \\\"ecs.aliyuncs.com\\\"\n ]\n }\n }\n ],\n \\\"Version\\\": \\\"1\\\"\n }\n"
description: this is a role test.
defaultInteger:
type: random:Integer
name: default
properties:
min: 10000
max: 99999
policy:
type: alicloud:ram:Policy
properties:
policyName: tf-example-${defaultInteger.result}
policyDocument: |2
{
\"Statement\": [
{
\"Action\": [
\"oss:ListObjects\",
\"oss:GetObject\"
],
\"Effect\": \"Allow\",
\"Resource\": [
\"acs:oss:*:*:mybucket\",
\"acs:oss:*:*:mybucket/*\"
]
}
],
\"Version\": \"1\"
}
description: this is a policy test
defaultRolePolicyAttachment:
type: alicloud:ram:RolePolicyAttachment
name: default
properties:
policyName: ${policy.policyName}
policyType: ${policy.type}
roleName: ${role.name}
variables:
default:
fn::invoke:
function: alicloud:ram:getRolePolicyAttachments
arguments:
ids:
- ${defaultRolePolicyAttachment.id}
roleName: ${role.id}
outputs:
alicloudRamRolePolicyAttachmentExampleId: ${default.attachments[0].id}
Using getRolePolicyAttachments
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getRolePolicyAttachments(args: GetRolePolicyAttachmentsArgs, opts?: InvokeOptions): Promise<GetRolePolicyAttachmentsResult>
function getRolePolicyAttachmentsOutput(args: GetRolePolicyAttachmentsOutputArgs, opts?: InvokeOptions): Output<GetRolePolicyAttachmentsResult>def get_role_policy_attachments(ids: Optional[Sequence[str]] = None,
output_file: Optional[str] = None,
role_name: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetRolePolicyAttachmentsResult
def get_role_policy_attachments_output(ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
output_file: Optional[pulumi.Input[str]] = None,
role_name: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetRolePolicyAttachmentsResult]func GetRolePolicyAttachments(ctx *Context, args *GetRolePolicyAttachmentsArgs, opts ...InvokeOption) (*GetRolePolicyAttachmentsResult, error)
func GetRolePolicyAttachmentsOutput(ctx *Context, args *GetRolePolicyAttachmentsOutputArgs, opts ...InvokeOption) GetRolePolicyAttachmentsResultOutput> Note: This function is named GetRolePolicyAttachments in the Go SDK.
public static class GetRolePolicyAttachments
{
public static Task<GetRolePolicyAttachmentsResult> InvokeAsync(GetRolePolicyAttachmentsArgs args, InvokeOptions? opts = null)
public static Output<GetRolePolicyAttachmentsResult> Invoke(GetRolePolicyAttachmentsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetRolePolicyAttachmentsResult> getRolePolicyAttachments(GetRolePolicyAttachmentsArgs args, InvokeOptions options)
public static Output<GetRolePolicyAttachmentsResult> getRolePolicyAttachments(GetRolePolicyAttachmentsArgs args, InvokeOptions options)
fn::invoke:
function: alicloud:ram/getRolePolicyAttachments:getRolePolicyAttachments
arguments:
# arguments dictionaryThe following arguments are supported:
- Role
Name string - The RAM role name.
- Ids List<string>
- A list of Role Policy Attachment IDs. The value is formulated as
role:<policy_name>:<policy_type>:<role_name>. - Output
File string - File name where to save data source results (after running
pulumi preview).
- Role
Name string - The RAM role name.
- Ids []string
- A list of Role Policy Attachment IDs. The value is formulated as
role:<policy_name>:<policy_type>:<role_name>. - Output
File string - File name where to save data source results (after running
pulumi preview).
- role
Name String - The RAM role name.
- ids List<String>
- A list of Role Policy Attachment IDs. The value is formulated as
role:<policy_name>:<policy_type>:<role_name>. - output
File String - File name where to save data source results (after running
pulumi preview).
- role
Name string - The RAM role name.
- ids string[]
- A list of Role Policy Attachment IDs. The value is formulated as
role:<policy_name>:<policy_type>:<role_name>. - output
File string - File name where to save data source results (after running
pulumi preview).
- role_
name str - The RAM role name.
- ids Sequence[str]
- A list of Role Policy Attachment IDs. The value is formulated as
role:<policy_name>:<policy_type>:<role_name>. - output_
file str - File name where to save data source results (after running
pulumi preview).
- role
Name String - The RAM role name.
- ids List<String>
- A list of Role Policy Attachment IDs. The value is formulated as
role:<policy_name>:<policy_type>:<role_name>. - output
File String - File name where to save data source results (after running
pulumi preview).
getRolePolicyAttachments Result
The following output properties are available:
- Attachments
List<Pulumi.
Ali Cloud. Ram. Outputs. Get Role Policy Attachments Attachment> - A list of Role Policy Attachment Entries. Each element contains the following attributes:
- Id string
- The provider-assigned unique ID for this managed resource.
- Ids List<string>
- A list of Role Policy Attachment IDs.
- Role
Name string - Output
File string
- Attachments
[]Get
Role Policy Attachments Attachment - A list of Role Policy Attachment Entries. Each element contains the following attributes:
- Id string
- The provider-assigned unique ID for this managed resource.
- Ids []string
- A list of Role Policy Attachment IDs.
- Role
Name string - Output
File string
- attachments
List<Get
Role Policy Attachments Attachment> - A list of Role Policy Attachment Entries. Each element contains the following attributes:
- id String
- The provider-assigned unique ID for this managed resource.
- ids List<String>
- A list of Role Policy Attachment IDs.
- role
Name String - output
File String
- attachments
Get
Role Policy Attachments Attachment[] - A list of Role Policy Attachment Entries. Each element contains the following attributes:
- id string
- The provider-assigned unique ID for this managed resource.
- ids string[]
- A list of Role Policy Attachment IDs.
- role
Name string - output
File string
- attachments
Sequence[Get
Role Policy Attachments Attachment] - A list of Role Policy Attachment Entries. Each element contains the following attributes:
- id str
- The provider-assigned unique ID for this managed resource.
- ids Sequence[str]
- A list of Role Policy Attachment IDs.
- role_
name str - output_
file str
- attachments List<Property Map>
- A list of Role Policy Attachment Entries. Each element contains the following attributes:
- id String
- The provider-assigned unique ID for this managed resource.
- ids List<String>
- A list of Role Policy Attachment IDs.
- role
Name String - output
File String
Supporting Types
GetRolePolicyAttachmentsAttachment
- Attach
Date string - The time when the role was attached to the policy.
- Description string
- The policy description.
- Id string
- The ID of the resource supplied above. The value is formulated as
role:<policy_name>:<policy_type>:<role_name>. - Policy
Name string - The name of the policy.
- Policy
Type string - Policy type.- Custom: Custom policy.- System: System policy.
- Attach
Date string - The time when the role was attached to the policy.
- Description string
- The policy description.
- Id string
- The ID of the resource supplied above. The value is formulated as
role:<policy_name>:<policy_type>:<role_name>. - Policy
Name string - The name of the policy.
- Policy
Type string - Policy type.- Custom: Custom policy.- System: System policy.
- attach
Date String - The time when the role was attached to the policy.
- description String
- The policy description.
- id String
- The ID of the resource supplied above. The value is formulated as
role:<policy_name>:<policy_type>:<role_name>. - policy
Name String - The name of the policy.
- policy
Type String - Policy type.- Custom: Custom policy.- System: System policy.
- attach
Date string - The time when the role was attached to the policy.
- description string
- The policy description.
- id string
- The ID of the resource supplied above. The value is formulated as
role:<policy_name>:<policy_type>:<role_name>. - policy
Name string - The name of the policy.
- policy
Type string - Policy type.- Custom: Custom policy.- System: System policy.
- attach_
date str - The time when the role was attached to the policy.
- description str
- The policy description.
- id str
- The ID of the resource supplied above. The value is formulated as
role:<policy_name>:<policy_type>:<role_name>. - policy_
name str - The name of the policy.
- policy_
type str - Policy type.- Custom: Custom policy.- System: System policy.
- attach
Date String - The time when the role was attached to the policy.
- description String
- The policy description.
- id String
- The ID of the resource supplied above. The value is formulated as
role:<policy_name>:<policy_type>:<role_name>. - policy
Name String - The name of the policy.
- policy
Type String - Policy type.- Custom: Custom policy.- System: System policy.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloudTerraform Provider.
