Alibaba Cloud v3.76.0, Apr 8 25

Alibaba Cloud v3.76.0 published on Tuesday, Apr 8, 2025 by Pulumi

alicloud.ram.Policy

Explore with Pulumi AI

Alibaba Cloud v3.76.0 published on Tuesday, Apr 8, 2025 by Pulumi

NOTE: When you want to destroy this resource forcefully(means remove all the relationships associated with it automatically and then destroy it) without set force with true at beginning, you need add force = true to configuration file and run pulumi preview, then you can delete resource forcefully.

NOTE: Each policy can own at most 5 versions and the oldest version will be removed after its version achieves 5.

NOTE: If the policy has multiple versions, all non-default versions will be deleted first when deleting policy.

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
import * as random from "@pulumi/random";

// Create a new RAM Policy.
const _default = new random.index.Integer("default", {
    min: 10000,
    max: 99999,
});
const policy = new alicloud.ram.Policy("policy", {
    policyName: `tf-example-${_default.result}`,
    policyDocument: `  {
    "Statement": [
      {
        "Action": [
          "oss:ListObjects",
          "oss:GetObject"
        ],
        "Effect": "Allow",
        "Resource": [
          "acs:oss:*:*:mybucket",
          "acs:oss:*:*:mybucket/*"
        ]
      }
    ],
      "Version": "1"
  }
`,
    description: "this is a policy test",
});

import pulumi
import pulumi_alicloud as alicloud
import pulumi_random as random

# Create a new RAM Policy.
default = random.index.Integer("default",
    min=10000,
    max=99999)
policy = alicloud.ram.Policy("policy",
    policy_name=f"tf-example-{default['result']}",
    policy_document="""  {
    "Statement": [
      {
        "Action": [
          "oss:ListObjects",
          "oss:GetObject"
        ],
        "Effect": "Allow",
        "Resource": [
          "acs:oss:*:*:mybucket",
          "acs:oss:*:*:mybucket/*"
        ]
      }
    ],
      "Version": "1"
  }
""",
    description="this is a policy test")

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ram"
	"github.com/pulumi/pulumi-random/sdk/v4/go/random"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// Create a new RAM Policy.
		_default, err := random.NewInteger(ctx, "default", &random.IntegerArgs{
			Min: 10000,
			Max: 99999,
		})
		if err != nil {
			return err
		}
		_, err = ram.NewPolicy(ctx, "policy", &ram.PolicyArgs{
			PolicyName: pulumi.Sprintf("tf-example-%v", _default.Result),
			PolicyDocument: pulumi.String(`  {
    "Statement": [
      {
        "Action": [
          "oss:ListObjects",
          "oss:GetObject"
        ],
        "Effect": "Allow",
        "Resource": [
          "acs:oss:*:*:mybucket",
          "acs:oss:*:*:mybucket/*"
        ]
      }
    ],
      "Version": "1"
  }
`),
			Description: pulumi.String("this is a policy test"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
using Random = Pulumi.Random;

return await Deployment.RunAsync(() => 
{
    // Create a new RAM Policy.
    var @default = new Random.Index.Integer("default", new()
    {
        Min = 10000,
        Max = 99999,
    });

    var policy = new AliCloud.Ram.Policy("policy", new()
    {
        PolicyName = $"tf-example-{@default.Result}",
        PolicyDocument = @"  {
    ""Statement"": [
      {
        ""Action"": [
          ""oss:ListObjects"",
          ""oss:GetObject""
        ],
        ""Effect"": ""Allow"",
        ""Resource"": [
          ""acs:oss:*:*:mybucket"",
          ""acs:oss:*:*:mybucket/*""
        ]
      }
    ],
      ""Version"": ""1""
  }
",
        Description = "this is a policy test",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.random.integer;
import com.pulumi.random.IntegerArgs;
import com.pulumi.alicloud.ram.Policy;
import com.pulumi.alicloud.ram.PolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // Create a new RAM Policy.
        var default_ = new Integer("default", IntegerArgs.builder()
            .min(10000)
            .max(99999)
            .build());

        var policy = new Policy("policy", PolicyArgs.builder()
            .policyName(String.format("tf-example-%s", default_.result()))
            .policyDocument("""
  {
    "Statement": [
      {
        "Action": [
          "oss:ListObjects",
          "oss:GetObject"
        ],
        "Effect": "Allow",
        "Resource": [
          "acs:oss:*:*:mybucket",
          "acs:oss:*:*:mybucket/*"
        ]
      }
    ],
      "Version": "1"
  }
            """)
            .description("this is a policy test")
            .build());

    }
}

resources:
  # Create a new RAM Policy.
  default:
    type: random:integer
    properties:
      min: 10000
      max: 99999
  policy:
    type: alicloud:ram:Policy
    properties:
      policyName: tf-example-${default.result}
      policyDocument: |2
          {
            "Statement": [
              {
                "Action": [
                  "oss:ListObjects",
                  "oss:GetObject"
                ],
                "Effect": "Allow",
                "Resource": [
                  "acs:oss:*:*:mybucket",
                  "acs:oss:*:*:mybucket/*"
                ]
              }
            ],
              "Version": "1"
          }
      description: this is a policy test

Create Policy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Policy(name: string, args?: PolicyArgs, opts?: CustomResourceOptions);

@overload
def Policy(resource_name: str,
           args: Optional[PolicyArgs] = None,
           opts: Optional[ResourceOptions] = None)

@overload
def Policy(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           description: Optional[str] = None,
           document: Optional[str] = None,
           force: Optional[bool] = None,
           name: Optional[str] = None,
           policy_document: Optional[str] = None,
           policy_name: Optional[str] = None,
           rotate_strategy: Optional[str] = None,
           statements: Optional[Sequence[PolicyStatementArgs]] = None,
           tags: Optional[Mapping[str, str]] = None,
           version: Optional[str] = None)

func NewPolicy(ctx *Context, name string, args *PolicyArgs, opts ...ResourceOption) (*Policy, error)

public Policy(string name, PolicyArgs? args = null, CustomResourceOptions? opts = null)

public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)

type: alicloud:ram:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var examplepolicyResourceResourceFromRampolicy = new AliCloud.Ram.Policy("examplepolicyResourceResourceFromRampolicy", new()
{
    Description = "string",
    Force = false,
    PolicyDocument = "string",
    PolicyName = "string",
    RotateStrategy = "string",
    Tags = 
    {
        { "string", "string" },
    },
});

example, err := ram.NewPolicy(ctx, "examplepolicyResourceResourceFromRampolicy", &ram.PolicyArgs{
	Description:    pulumi.String("string"),
	Force:          pulumi.Bool(false),
	PolicyDocument: pulumi.String("string"),
	PolicyName:     pulumi.String("string"),
	RotateStrategy: pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})

var examplepolicyResourceResourceFromRampolicy = new com.pulumi.alicloud.ram.Policy("examplepolicyResourceResourceFromRampolicy", com.pulumi.alicloud.ram.PolicyArgs.builder()
    .description("string")
    .force(false)
    .policyDocument("string")
    .policyName("string")
    .rotateStrategy("string")
    .tags(Map.of("string", "string"))
    .build());

examplepolicy_resource_resource_from_rampolicy = alicloud.ram.Policy("examplepolicyResourceResourceFromRampolicy",
    description="string",
    force=False,
    policy_document="string",
    policy_name="string",
    rotate_strategy="string",
    tags={
        "string": "string",
    })

const examplepolicyResourceResourceFromRampolicy = new alicloud.ram.Policy("examplepolicyResourceResourceFromRampolicy", {
    description: "string",
    force: false,
    policyDocument: "string",
    policyName: "string",
    rotateStrategy: "string",
    tags: {
        string: "string",
    },
});

type: alicloud:ram:Policy
properties:
    description: string
    force: false
    policyDocument: string
    policyName: string
    rotateStrategy: string
    tags:
        string: string

Policy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Policy resource accepts the following input properties:

Description string

The description of the policy. It can be 1 to 1024 characters in length.

Document string

Field document has been deprecated from provider version 1.114.0. New field policy_document instead.

Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

Force bool

Specifies whether to force delete the Policy. Default value: false. Valid values:

Name string

Field name has been deprecated from provider version 1.114.0. New field policy_name instead.

Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

PolicyDocument string

The content of the policy. The maximum length is 6144 bytes.

PolicyName string

The policy name. It can be 1 to 128 characters in length and can contain English letters, digits, and dashes (-).

RotateStrategy string

The automatic rotation mechanism of policy versions can delete historical policy versions. The default value is None.

Currently contains:

None: Turn off the rotation mechanism.
DeleteOldestNonDefaultVersionWhenLimitExceeded: When the number of permission policy versions exceeds the limit, the oldest and inactive version is deleted.

Statements List<Pulumi.AliCloud.Ram.Inputs.PolicyStatement>

Field statement has been deprecated from provider version 1.49.0. New field document instead. See statement below.

Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

Tags Dictionary<string, string>

The list of tags on the policy.

Version string

Field version has been deprecated from provider version 1.49.0. New field document instead.

Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

Description string

The description of the policy. It can be 1 to 1024 characters in length.

Document string

Field document has been deprecated from provider version 1.114.0. New field policy_document instead.

Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

Force bool

Specifies whether to force delete the Policy. Default value: false. Valid values:

Name string

Field name has been deprecated from provider version 1.114.0. New field policy_name instead.

Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

PolicyDocument string

The content of the policy. The maximum length is 6144 bytes.

PolicyName string

The policy name. It can be 1 to 128 characters in length and can contain English letters, digits, and dashes (-).

RotateStrategy string

The automatic rotation mechanism of policy versions can delete historical policy versions. The default value is None.

Currently contains:

None: Turn off the rotation mechanism.
DeleteOldestNonDefaultVersionWhenLimitExceeded: When the number of permission policy versions exceeds the limit, the oldest and inactive version is deleted.

Statements []PolicyStatementArgs

Field statement has been deprecated from provider version 1.49.0. New field document instead. See statement below.

Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

Tags map[string]string

The list of tags on the policy.

Version string

Field version has been deprecated from provider version 1.49.0. New field document instead.

Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

description String

The description of the policy. It can be 1 to 1024 characters in length.

document String

Field document has been deprecated from provider version 1.114.0. New field policy_document instead.

Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

force Boolean

Specifies whether to force delete the Policy. Default value: false. Valid values:

name String

Field name has been deprecated from provider version 1.114.0. New field policy_name instead.

Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

policyDocument String

The content of the policy. The maximum length is 6144 bytes.

policyName String

The policy name. It can be 1 to 128 characters in length and can contain English letters, digits, and dashes (-).

rotateStrategy String

The automatic rotation mechanism of policy versions can delete historical policy versions. The default value is None.

Currently contains:

None: Turn off the rotation mechanism.
DeleteOldestNonDefaultVersionWhenLimitExceeded: When the number of permission policy versions exceeds the limit, the oldest and inactive version is deleted.

statements List<PolicyStatement>

Field statement has been deprecated from provider version 1.49.0. New field document instead. See statement below.

Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

tags Map<String,String>

The list of tags on the policy.

version String

Field version has been deprecated from provider version 1.49.0. New field document instead.

Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

description string

The description of the policy. It can be 1 to 1024 characters in length.

document string

Field document has been deprecated from provider version 1.114.0. New field policy_document instead.

Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

force boolean

Specifies whether to force delete the Policy. Default value: false. Valid values:

name string

Field name has been deprecated from provider version 1.114.0. New field policy_name instead.

Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

policyDocument string

The content of the policy. The maximum length is 6144 bytes.

policyName string

The policy name. It can be 1 to 128 characters in length and can contain English letters, digits, and dashes (-).

rotateStrategy string

The automatic rotation mechanism of policy versions can delete historical policy versions. The default value is None.

Currently contains:

None: Turn off the rotation mechanism.
DeleteOldestNonDefaultVersionWhenLimitExceeded: When the number of permission policy versions exceeds the limit, the oldest and inactive version is deleted.

statements PolicyStatement[]

Field statement has been deprecated from provider version 1.49.0. New field document instead. See statement below.

Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

tags {[key: string]: string}

The list of tags on the policy.

version string

Field version has been deprecated from provider version 1.49.0. New field document instead.

Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

description str

The description of the policy. It can be 1 to 1024 characters in length.

document str

Field document has been deprecated from provider version 1.114.0. New field policy_document instead.

Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

force bool

Specifies whether to force delete the Policy. Default value: false. Valid values:

name str

Field name has been deprecated from provider version 1.114.0. New field policy_name instead.

Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

policy_document str

The content of the policy. The maximum length is 6144 bytes.

policy_name str

The policy name. It can be 1 to 128 characters in length and can contain English letters, digits, and dashes (-).

rotate_strategy str

The automatic rotation mechanism of policy versions can delete historical policy versions. The default value is None.

Currently contains:

None: Turn off the rotation mechanism.
DeleteOldestNonDefaultVersionWhenLimitExceeded: When the number of permission policy versions exceeds the limit, the oldest and inactive version is deleted.

statements Sequence[PolicyStatementArgs]

Field statement has been deprecated from provider version 1.49.0. New field document instead. See statement below.

Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

tags Mapping[str, str]

The list of tags on the policy.

version str

Field version has been deprecated from provider version 1.49.0. New field document instead.

Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

description String

The description of the policy. It can be 1 to 1024 characters in length.

document String

Field document has been deprecated from provider version 1.114.0. New field policy_document instead.

Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

force Boolean

Specifies whether to force delete the Policy. Default value: false. Valid values:

name String

Field name has been deprecated from provider version 1.114.0. New field policy_name instead.

Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

policyDocument String

The content of the policy. The maximum length is 6144 bytes.

policyName String

The policy name. It can be 1 to 128 characters in length and can contain English letters, digits, and dashes (-).

rotateStrategy String

The automatic rotation mechanism of policy versions can delete historical policy versions. The default value is None.

Currently contains:

None: Turn off the rotation mechanism.
DeleteOldestNonDefaultVersionWhenLimitExceeded: When the number of permission policy versions exceeds the limit, the oldest and inactive version is deleted.

statements List<Property Map>

Field statement has been deprecated from provider version 1.49.0. New field document instead. See statement below.

Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

tags Map<String>

The list of tags on the policy.

version String

Field version has been deprecated from provider version 1.49.0. New field document instead.

Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

Outputs

All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:

AttachmentCount int: Number of attachments of the policy.
CreateTime string: (Available since v1.246.0) The create time of the policy.
DefaultVersion string: The default version ID of the policy.
Id string: The provider-assigned unique ID for this managed resource.
Type string: The type of the policy.
VersionId string: The ID of the default policy version.

AttachmentCount int: Number of attachments of the policy.
CreateTime string: (Available since v1.246.0) The create time of the policy.
DefaultVersion string: The default version ID of the policy.
Id string: The provider-assigned unique ID for this managed resource.
Type string: The type of the policy.
VersionId string: The ID of the default policy version.

attachmentCount Integer: Number of attachments of the policy.
createTime String: (Available since v1.246.0) The create time of the policy.
defaultVersion String: The default version ID of the policy.
id String: The provider-assigned unique ID for this managed resource.
type String: The type of the policy.
versionId String: The ID of the default policy version.

attachmentCount number: Number of attachments of the policy.
createTime string: (Available since v1.246.0) The create time of the policy.
defaultVersion string: The default version ID of the policy.
id string: The provider-assigned unique ID for this managed resource.
type string: The type of the policy.
versionId string: The ID of the default policy version.

attachment_count int: Number of attachments of the policy.
create_time str: (Available since v1.246.0) The create time of the policy.
default_version str: The default version ID of the policy.
id str: The provider-assigned unique ID for this managed resource.
type str: The type of the policy.
version_id str: The ID of the default policy version.

attachmentCount Number: Number of attachments of the policy.
createTime String: (Available since v1.246.0) The create time of the policy.
defaultVersion String: The default version ID of the policy.
id String: The provider-assigned unique ID for this managed resource.
type String: The type of the policy.
versionId String: The ID of the default policy version.

Look up Existing Policy Resource

Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        attachment_count: Optional[int] = None,
        create_time: Optional[str] = None,
        default_version: Optional[str] = None,
        description: Optional[str] = None,
        document: Optional[str] = None,
        force: Optional[bool] = None,
        name: Optional[str] = None,
        policy_document: Optional[str] = None,
        policy_name: Optional[str] = None,
        rotate_strategy: Optional[str] = None,
        statements: Optional[Sequence[PolicyStatementArgs]] = None,
        tags: Optional[Mapping[str, str]] = None,
        type: Optional[str] = None,
        version: Optional[str] = None,
        version_id: Optional[str] = None) -> Policy

func GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)

public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)

public static Policy get(String name, Output<String> id, PolicyState state, CustomResourceOptions options)

resources:  _:    type: alicloud:ram:Policy    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AttachmentCount int

Number of attachments of the policy.

CreateTime string

(Available since v1.246.0) The create time of the policy.

DefaultVersion string

The default version ID of the policy.

Description string

The description of the policy. It can be 1 to 1024 characters in length.

Document string

Field document has been deprecated from provider version 1.114.0. New field policy_document instead.

Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

Force bool

Specifies whether to force delete the Policy. Default value: false. Valid values:

Name string

Field name has been deprecated from provider version 1.114.0. New field policy_name instead.

Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

PolicyDocument string

The content of the policy. The maximum length is 6144 bytes.

PolicyName string

The policy name. It can be 1 to 128 characters in length and can contain English letters, digits, and dashes (-).

RotateStrategy string

The automatic rotation mechanism of policy versions can delete historical policy versions. The default value is None.

Currently contains:

None: Turn off the rotation mechanism.
DeleteOldestNonDefaultVersionWhenLimitExceeded: When the number of permission policy versions exceeds the limit, the oldest and inactive version is deleted.

Statements List<Pulumi.AliCloud.Ram.Inputs.PolicyStatement>

Field statement has been deprecated from provider version 1.49.0. New field document instead. See statement below.

Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

Tags Dictionary<string, string>

The list of tags on the policy.

Type string

The type of the policy.

Version string

Field version has been deprecated from provider version 1.49.0. New field document instead.

Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

VersionId string

The ID of the default policy version.

AttachmentCount int

Number of attachments of the policy.

CreateTime string

(Available since v1.246.0) The create time of the policy.

DefaultVersion string

The default version ID of the policy.

Description string

The description of the policy. It can be 1 to 1024 characters in length.

Document string

Field document has been deprecated from provider version 1.114.0. New field policy_document instead.

Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

Force bool

Specifies whether to force delete the Policy. Default value: false. Valid values:

Name string

Field name has been deprecated from provider version 1.114.0. New field policy_name instead.

Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

PolicyDocument string

The content of the policy. The maximum length is 6144 bytes.

PolicyName string

The policy name. It can be 1 to 128 characters in length and can contain English letters, digits, and dashes (-).

RotateStrategy string

The automatic rotation mechanism of policy versions can delete historical policy versions. The default value is None.

Currently contains:

None: Turn off the rotation mechanism.
DeleteOldestNonDefaultVersionWhenLimitExceeded: When the number of permission policy versions exceeds the limit, the oldest and inactive version is deleted.

Statements []PolicyStatementArgs

Field statement has been deprecated from provider version 1.49.0. New field document instead. See statement below.

Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

Tags map[string]string

The list of tags on the policy.

Type string

The type of the policy.

Version string

Field version has been deprecated from provider version 1.49.0. New field document instead.

Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

VersionId string

The ID of the default policy version.

attachmentCount Integer

Number of attachments of the policy.

createTime String

(Available since v1.246.0) The create time of the policy.

defaultVersion String

The default version ID of the policy.

description String

The description of the policy. It can be 1 to 1024 characters in length.

document String

Field document has been deprecated from provider version 1.114.0. New field policy_document instead.

Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

force Boolean

Specifies whether to force delete the Policy. Default value: false. Valid values:

name String

Field name has been deprecated from provider version 1.114.0. New field policy_name instead.

Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

policyDocument String

The content of the policy. The maximum length is 6144 bytes.

policyName String

The policy name. It can be 1 to 128 characters in length and can contain English letters, digits, and dashes (-).

rotateStrategy String

The automatic rotation mechanism of policy versions can delete historical policy versions. The default value is None.

Currently contains:

None: Turn off the rotation mechanism.
DeleteOldestNonDefaultVersionWhenLimitExceeded: When the number of permission policy versions exceeds the limit, the oldest and inactive version is deleted.

statements List<PolicyStatement>

Field statement has been deprecated from provider version 1.49.0. New field document instead. See statement below.

Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

tags Map<String,String>

The list of tags on the policy.

type String

The type of the policy.

version String

Field version has been deprecated from provider version 1.49.0. New field document instead.

Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

versionId String

The ID of the default policy version.

attachmentCount number

Number of attachments of the policy.

createTime string

(Available since v1.246.0) The create time of the policy.

defaultVersion string

The default version ID of the policy.

description string

The description of the policy. It can be 1 to 1024 characters in length.

document string

Field document has been deprecated from provider version 1.114.0. New field policy_document instead.

Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

force boolean

Specifies whether to force delete the Policy. Default value: false. Valid values:

name string

Field name has been deprecated from provider version 1.114.0. New field policy_name instead.

Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

policyDocument string

The content of the policy. The maximum length is 6144 bytes.

policyName string

The policy name. It can be 1 to 128 characters in length and can contain English letters, digits, and dashes (-).

rotateStrategy string

The automatic rotation mechanism of policy versions can delete historical policy versions. The default value is None.

Currently contains:

None: Turn off the rotation mechanism.
DeleteOldestNonDefaultVersionWhenLimitExceeded: When the number of permission policy versions exceeds the limit, the oldest and inactive version is deleted.

statements PolicyStatement[]

Field statement has been deprecated from provider version 1.49.0. New field document instead. See statement below.

Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

tags {[key: string]: string}

The list of tags on the policy.

type string

The type of the policy.

version string

Field version has been deprecated from provider version 1.49.0. New field document instead.

Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

versionId string

The ID of the default policy version.

attachment_count int

Number of attachments of the policy.

create_time str

(Available since v1.246.0) The create time of the policy.

default_version str

The default version ID of the policy.

description str

The description of the policy. It can be 1 to 1024 characters in length.

document str

Field document has been deprecated from provider version 1.114.0. New field policy_document instead.

Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

force bool

Specifies whether to force delete the Policy. Default value: false. Valid values:

name str

Field name has been deprecated from provider version 1.114.0. New field policy_name instead.

Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

policy_document str

The content of the policy. The maximum length is 6144 bytes.

policy_name str

The policy name. It can be 1 to 128 characters in length and can contain English letters, digits, and dashes (-).

rotate_strategy str

The automatic rotation mechanism of policy versions can delete historical policy versions. The default value is None.

Currently contains:

None: Turn off the rotation mechanism.
DeleteOldestNonDefaultVersionWhenLimitExceeded: When the number of permission policy versions exceeds the limit, the oldest and inactive version is deleted.

statements Sequence[PolicyStatementArgs]

Field statement has been deprecated from provider version 1.49.0. New field document instead. See statement below.

Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

tags Mapping[str, str]

The list of tags on the policy.

type str

The type of the policy.

version str

Field version has been deprecated from provider version 1.49.0. New field document instead.

Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

version_id str

The ID of the default policy version.

attachmentCount Number

Number of attachments of the policy.

createTime String

(Available since v1.246.0) The create time of the policy.

defaultVersion String

The default version ID of the policy.

description String

The description of the policy. It can be 1 to 1024 characters in length.

document String

Field document has been deprecated from provider version 1.114.0. New field policy_document instead.

Deprecated: Field 'document' has been deprecated from provider version 1.114.0. New field 'policy_document' instead.

force Boolean

Specifies whether to force delete the Policy. Default value: false. Valid values:

name String

Field name has been deprecated from provider version 1.114.0. New field policy_name instead.

Deprecated: Field 'name' has been deprecated from provider version 1.114.0. New field 'policy_name' instead.

policyDocument String

The content of the policy. The maximum length is 6144 bytes.

policyName String

The policy name. It can be 1 to 128 characters in length and can contain English letters, digits, and dashes (-).

rotateStrategy String

The automatic rotation mechanism of policy versions can delete historical policy versions. The default value is None.

Currently contains:

None: Turn off the rotation mechanism.
DeleteOldestNonDefaultVersionWhenLimitExceeded: When the number of permission policy versions exceeds the limit, the oldest and inactive version is deleted.

statements List<Property Map>

Field statement has been deprecated from provider version 1.49.0. New field document instead. See statement below.

Deprecated: Field 'statement' has been deprecated from version 1.49.0, and use field 'document' to replace.

tags Map<String>

The list of tags on the policy.

type String

The type of the policy.

version String

Field version has been deprecated from provider version 1.49.0. New field document instead.

Deprecated: Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

versionId String

The ID of the default policy version.

Supporting Types

PolicyStatement, PolicyStatementArgs

Actions List<string>: (It has been deprecated since version 1.49.0, and use field document to replace.) List of operations for the resource. The format of each item in this list is ${service}:${action_name}, such as oss:ListBuckets and ecs:Describe*. The ${service} can be ecs, oss, ots and so on, the ${action_name} refers to the name of an api interface which related to the ${service}.
Effect string: (It has been deprecated since version 1.49.0, and use field document to replace.) This parameter indicates whether or not the action is allowed. Valid values are Allow and Deny.
Resources List<string>: (It has been deprecated since version 1.49.0, and use field document to replace.) List of specific objects which will be authorized. The format of each item in this list is acs:${service}:${region}:${account_id}:${relative_id}, such as acs:ecs:*:*:instance/inst-002 and acs:oss:*:1234567890000:mybucket. The ${service} can be ecs, oss, ots and so on, the ${region} is the region info which can use * replace when it is not supplied, the ${account_id} refers to someones Alicloud account id or you can use *to replace, the${relative_id}is the resource description section which related to the${service}`.

Actions []string: (It has been deprecated since version 1.49.0, and use field document to replace.) List of operations for the resource. The format of each item in this list is ${service}:${action_name}, such as oss:ListBuckets and ecs:Describe*. The ${service} can be ecs, oss, ots and so on, the ${action_name} refers to the name of an api interface which related to the ${service}.
Effect string: (It has been deprecated since version 1.49.0, and use field document to replace.) This parameter indicates whether or not the action is allowed. Valid values are Allow and Deny.
Resources []string: (It has been deprecated since version 1.49.0, and use field document to replace.) List of specific objects which will be authorized. The format of each item in this list is acs:${service}:${region}:${account_id}:${relative_id}, such as acs:ecs:*:*:instance/inst-002 and acs:oss:*:1234567890000:mybucket. The ${service} can be ecs, oss, ots and so on, the ${region} is the region info which can use * replace when it is not supplied, the ${account_id} refers to someones Alicloud account id or you can use *to replace, the${relative_id}is the resource description section which related to the${service}`.

actions List<String>: (It has been deprecated since version 1.49.0, and use field document to replace.) List of operations for the resource. The format of each item in this list is ${service}:${action_name}, such as oss:ListBuckets and ecs:Describe*. The ${service} can be ecs, oss, ots and so on, the ${action_name} refers to the name of an api interface which related to the ${service}.
effect String: (It has been deprecated since version 1.49.0, and use field document to replace.) This parameter indicates whether or not the action is allowed. Valid values are Allow and Deny.
resources List<String>: (It has been deprecated since version 1.49.0, and use field document to replace.) List of specific objects which will be authorized. The format of each item in this list is acs:${service}:${region}:${account_id}:${relative_id}, such as acs:ecs:*:*:instance/inst-002 and acs:oss:*:1234567890000:mybucket. The ${service} can be ecs, oss, ots and so on, the ${region} is the region info which can use * replace when it is not supplied, the ${account_id} refers to someones Alicloud account id or you can use *to replace, the${relative_id}is the resource description section which related to the${service}`.

actions string[]: (It has been deprecated since version 1.49.0, and use field document to replace.) List of operations for the resource. The format of each item in this list is ${service}:${action_name}, such as oss:ListBuckets and ecs:Describe*. The ${service} can be ecs, oss, ots and so on, the ${action_name} refers to the name of an api interface which related to the ${service}.
effect string: (It has been deprecated since version 1.49.0, and use field document to replace.) This parameter indicates whether or not the action is allowed. Valid values are Allow and Deny.
resources string[]: (It has been deprecated since version 1.49.0, and use field document to replace.) List of specific objects which will be authorized. The format of each item in this list is acs:${service}:${region}:${account_id}:${relative_id}, such as acs:ecs:*:*:instance/inst-002 and acs:oss:*:1234567890000:mybucket. The ${service} can be ecs, oss, ots and so on, the ${region} is the region info which can use * replace when it is not supplied, the ${account_id} refers to someones Alicloud account id or you can use *to replace, the${relative_id}is the resource description section which related to the${service}`.

actions Sequence[str]: (It has been deprecated since version 1.49.0, and use field document to replace.) List of operations for the resource. The format of each item in this list is ${service}:${action_name}, such as oss:ListBuckets and ecs:Describe*. The ${service} can be ecs, oss, ots and so on, the ${action_name} refers to the name of an api interface which related to the ${service}.
effect str: (It has been deprecated since version 1.49.0, and use field document to replace.) This parameter indicates whether or not the action is allowed. Valid values are Allow and Deny.
resources Sequence[str]: (It has been deprecated since version 1.49.0, and use field document to replace.) List of specific objects which will be authorized. The format of each item in this list is acs:${service}:${region}:${account_id}:${relative_id}, such as acs:ecs:*:*:instance/inst-002 and acs:oss:*:1234567890000:mybucket. The ${service} can be ecs, oss, ots and so on, the ${region} is the region info which can use * replace when it is not supplied, the ${account_id} refers to someones Alicloud account id or you can use *to replace, the${relative_id}is the resource description section which related to the${service}`.

actions List<String>: (It has been deprecated since version 1.49.0, and use field document to replace.) List of operations for the resource. The format of each item in this list is ${service}:${action_name}, such as oss:ListBuckets and ecs:Describe*. The ${service} can be ecs, oss, ots and so on, the ${action_name} refers to the name of an api interface which related to the ${service}.
effect String: (It has been deprecated since version 1.49.0, and use field document to replace.) This parameter indicates whether or not the action is allowed. Valid values are Allow and Deny.
resources List<String>: (It has been deprecated since version 1.49.0, and use field document to replace.) List of specific objects which will be authorized. The format of each item in this list is acs:${service}:${region}:${account_id}:${relative_id}, such as acs:ecs:*:*:instance/inst-002 and acs:oss:*:1234567890000:mybucket. The ${service} can be ecs, oss, ots and so on, the ${region} is the region info which can use * replace when it is not supplied, the ${account_id} refers to someones Alicloud account id or you can use *to replace, the${relative_id}is the resource description section which related to the${service}`.

Import

RAM Policy can be imported using the id, e.g.

$ pulumi import alicloud:ram/policy:Policy example <id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.76.0 published on Tuesday, Apr 8, 2025 by Pulumi

pulumi/pulumi-alicloud

alicloud.ram.Policy

On this page

On this page

Example Usage

Create Policy Resource

Constructor syntax

Parameters

Constructor example

Policy Resource Properties

Inputs

Outputs

Look up Existing Policy Resource

Supporting Types

PolicyStatement, PolicyStatementArgs

Import

Package Details

On this page

On this page