1. Packages
  2. Alibaba Cloud
  3. API Docs
  4. ram
  5. Role
Alibaba Cloud v3.51.0 published on Saturday, Mar 23, 2024 by Pulumi

alicloud.ram.Role

Explore with Pulumi AI

alicloud logo
Alibaba Cloud v3.51.0 published on Saturday, Mar 23, 2024 by Pulumi

    Provides a RAM Role resource.

    NOTE: When you want to destroy this resource forcefully(means remove all the relationships associated with it automatically and then destroy it) without set force with true at beginning, you need add force = true to configuration file and run pulumi preview, then you can delete resource forcefully.

    NOTE: Available since v1.0.0+.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as alicloud from "@pulumi/alicloud";
    
    // Create a new RAM Role.
    const role = new alicloud.ram.Role("role", {
        description: "this is a role test.",
        document: `  {
        "Statement": [
          {
            "Action": "sts:AssumeRole",
            "Effect": "Allow",
            "Principal": {
              "Service": [
                "apigateway.aliyuncs.com", 
                "ecs.aliyuncs.com"
              ]
            }
          }
        ],
        "Version": "1"
      }
      
    `,
    });
    
    import pulumi
    import pulumi_alicloud as alicloud
    
    # Create a new RAM Role.
    role = alicloud.ram.Role("role",
        description="this is a role test.",
        document="""  {
        "Statement": [
          {
            "Action": "sts:AssumeRole",
            "Effect": "Allow",
            "Principal": {
              "Service": [
                "apigateway.aliyuncs.com", 
                "ecs.aliyuncs.com"
              ]
            }
          }
        ],
        "Version": "1"
      }
      
    """)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ram"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// Create a new RAM Role.
    		_, err := ram.NewRole(ctx, "role", &ram.RoleArgs{
    			Description: pulumi.String("this is a role test."),
    			Document: pulumi.String(`  {
        "Statement": [
          {
            "Action": "sts:AssumeRole",
            "Effect": "Allow",
            "Principal": {
              "Service": [
                "apigateway.aliyuncs.com", 
                "ecs.aliyuncs.com"
              ]
            }
          }
        ],
        "Version": "1"
      }
      
    `),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AliCloud = Pulumi.AliCloud;
    
    return await Deployment.RunAsync(() => 
    {
        // Create a new RAM Role.
        var role = new AliCloud.Ram.Role("role", new()
        {
            Description = "this is a role test.",
            Document = @"  {
        ""Statement"": [
          {
            ""Action"": ""sts:AssumeRole"",
            ""Effect"": ""Allow"",
            ""Principal"": {
              ""Service"": [
                ""apigateway.aliyuncs.com"", 
                ""ecs.aliyuncs.com""
              ]
            }
          }
        ],
        ""Version"": ""1""
      }
      
    ",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.alicloud.ram.Role;
    import com.pulumi.alicloud.ram.RoleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var role = new Role("role", RoleArgs.builder()        
                .description("this is a role test.")
                .document("""
      {
        "Statement": [
          {
            "Action": "sts:AssumeRole",
            "Effect": "Allow",
            "Principal": {
              "Service": [
                "apigateway.aliyuncs.com", 
                "ecs.aliyuncs.com"
              ]
            }
          }
        ],
        "Version": "1"
      }
      
                """)
                .build());
    
        }
    }
    
    resources:
      # Create a new RAM Role.
      role:
        type: alicloud:ram:Role
        properties:
          description: this is a role test.
          document: "  {\n    \"Statement\": [\n      {\n        \"Action\": \"sts:AssumeRole\",\n        \"Effect\": \"Allow\",\n        \"Principal\": {\n          \"Service\": [\n            \"apigateway.aliyuncs.com\", \n            \"ecs.aliyuncs.com\"\n          ]\n        }\n      }\n    ],\n    \"Version\": \"1\"\n  }\n  \n"
    

    Create Role Resource

    new Role(name: string, args?: RoleArgs, opts?: CustomResourceOptions);
    @overload
    def Role(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             description: Optional[str] = None,
             document: Optional[str] = None,
             force: Optional[bool] = None,
             max_session_duration: Optional[int] = None,
             name: Optional[str] = None,
             ram_users: Optional[Sequence[str]] = None,
             services: Optional[Sequence[str]] = None,
             version: Optional[str] = None)
    @overload
    def Role(resource_name: str,
             args: Optional[RoleArgs] = None,
             opts: Optional[ResourceOptions] = None)
    func NewRole(ctx *Context, name string, args *RoleArgs, opts ...ResourceOption) (*Role, error)
    public Role(string name, RoleArgs? args = null, CustomResourceOptions? opts = null)
    public Role(String name, RoleArgs args)
    public Role(String name, RoleArgs args, CustomResourceOptions options)
    
    type: alicloud:ram:Role
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Role Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Role resource accepts the following input properties:

    Description string
    Description of the RAM role. This name can have a string of 1 to 1024 characters. NOTE: The description supports modification since V1.144.0.
    Document string
    Authorization strategy of the RAM role. It is required when the services and ram_users are not specified.
    Force bool
    This parameter is used for resource destroy. Default value is false.
    MaxSessionDuration int
    The maximum session duration of the RAM role. Valid values: 3600 to 43200. Unit: seconds. Default value: 3600. The default value is used if the parameter is not specified.
    Name string
    Name of the RAM role. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-", "_", and must not begin with a hyphen.
    RamUsers List<string>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of ram users who can assume the RAM role. The format of each item in this list is acs:ram::${account_id}:root or acs:ram::${account_id}:user/${user_name}, such as acs:ram::1234567890000:root and acs:ram::1234567890001:user/Mary. The ${user_name} is the name of a RAM user which must exists in the Alicloud account indicated by the ${account_id}.

    Deprecated:Field 'ram_users' has been deprecated from version 1.49.0, and use field 'document' to replace.

    Services List<string>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of services which can assume the RAM role. The format of each item in this list is ${service}.aliyuncs.com or ${account_id}@${service}.aliyuncs.com, such as ecs.aliyuncs.com and 1234567890000@ots.aliyuncs.com. The ${service} can be ecs, log, apigateway and so on, the ${account_id} refers to someone's Alicloud account id.

    Deprecated:Field 'services' has been deprecated from version 1.49.0, and use field 'document' to replace.

    Version string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM role policy document. Valid value is 1. Default value is 1.

    Deprecated:Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    Description string
    Description of the RAM role. This name can have a string of 1 to 1024 characters. NOTE: The description supports modification since V1.144.0.
    Document string
    Authorization strategy of the RAM role. It is required when the services and ram_users are not specified.
    Force bool
    This parameter is used for resource destroy. Default value is false.
    MaxSessionDuration int
    The maximum session duration of the RAM role. Valid values: 3600 to 43200. Unit: seconds. Default value: 3600. The default value is used if the parameter is not specified.
    Name string
    Name of the RAM role. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-", "_", and must not begin with a hyphen.
    RamUsers []string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of ram users who can assume the RAM role. The format of each item in this list is acs:ram::${account_id}:root or acs:ram::${account_id}:user/${user_name}, such as acs:ram::1234567890000:root and acs:ram::1234567890001:user/Mary. The ${user_name} is the name of a RAM user which must exists in the Alicloud account indicated by the ${account_id}.

    Deprecated:Field 'ram_users' has been deprecated from version 1.49.0, and use field 'document' to replace.

    Services []string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of services which can assume the RAM role. The format of each item in this list is ${service}.aliyuncs.com or ${account_id}@${service}.aliyuncs.com, such as ecs.aliyuncs.com and 1234567890000@ots.aliyuncs.com. The ${service} can be ecs, log, apigateway and so on, the ${account_id} refers to someone's Alicloud account id.

    Deprecated:Field 'services' has been deprecated from version 1.49.0, and use field 'document' to replace.

    Version string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM role policy document. Valid value is 1. Default value is 1.

    Deprecated:Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    description String
    Description of the RAM role. This name can have a string of 1 to 1024 characters. NOTE: The description supports modification since V1.144.0.
    document String
    Authorization strategy of the RAM role. It is required when the services and ram_users are not specified.
    force Boolean
    This parameter is used for resource destroy. Default value is false.
    maxSessionDuration Integer
    The maximum session duration of the RAM role. Valid values: 3600 to 43200. Unit: seconds. Default value: 3600. The default value is used if the parameter is not specified.
    name String
    Name of the RAM role. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-", "_", and must not begin with a hyphen.
    ramUsers List<String>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of ram users who can assume the RAM role. The format of each item in this list is acs:ram::${account_id}:root or acs:ram::${account_id}:user/${user_name}, such as acs:ram::1234567890000:root and acs:ram::1234567890001:user/Mary. The ${user_name} is the name of a RAM user which must exists in the Alicloud account indicated by the ${account_id}.

    Deprecated:Field 'ram_users' has been deprecated from version 1.49.0, and use field 'document' to replace.

    services List<String>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of services which can assume the RAM role. The format of each item in this list is ${service}.aliyuncs.com or ${account_id}@${service}.aliyuncs.com, such as ecs.aliyuncs.com and 1234567890000@ots.aliyuncs.com. The ${service} can be ecs, log, apigateway and so on, the ${account_id} refers to someone's Alicloud account id.

    Deprecated:Field 'services' has been deprecated from version 1.49.0, and use field 'document' to replace.

    version String
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM role policy document. Valid value is 1. Default value is 1.

    Deprecated:Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    description string
    Description of the RAM role. This name can have a string of 1 to 1024 characters. NOTE: The description supports modification since V1.144.0.
    document string
    Authorization strategy of the RAM role. It is required when the services and ram_users are not specified.
    force boolean
    This parameter is used for resource destroy. Default value is false.
    maxSessionDuration number
    The maximum session duration of the RAM role. Valid values: 3600 to 43200. Unit: seconds. Default value: 3600. The default value is used if the parameter is not specified.
    name string
    Name of the RAM role. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-", "_", and must not begin with a hyphen.
    ramUsers string[]
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of ram users who can assume the RAM role. The format of each item in this list is acs:ram::${account_id}:root or acs:ram::${account_id}:user/${user_name}, such as acs:ram::1234567890000:root and acs:ram::1234567890001:user/Mary. The ${user_name} is the name of a RAM user which must exists in the Alicloud account indicated by the ${account_id}.

    Deprecated:Field 'ram_users' has been deprecated from version 1.49.0, and use field 'document' to replace.

    services string[]
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of services which can assume the RAM role. The format of each item in this list is ${service}.aliyuncs.com or ${account_id}@${service}.aliyuncs.com, such as ecs.aliyuncs.com and 1234567890000@ots.aliyuncs.com. The ${service} can be ecs, log, apigateway and so on, the ${account_id} refers to someone's Alicloud account id.

    Deprecated:Field 'services' has been deprecated from version 1.49.0, and use field 'document' to replace.

    version string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM role policy document. Valid value is 1. Default value is 1.

    Deprecated:Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    description str
    Description of the RAM role. This name can have a string of 1 to 1024 characters. NOTE: The description supports modification since V1.144.0.
    document str
    Authorization strategy of the RAM role. It is required when the services and ram_users are not specified.
    force bool
    This parameter is used for resource destroy. Default value is false.
    max_session_duration int
    The maximum session duration of the RAM role. Valid values: 3600 to 43200. Unit: seconds. Default value: 3600. The default value is used if the parameter is not specified.
    name str
    Name of the RAM role. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-", "_", and must not begin with a hyphen.
    ram_users Sequence[str]
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of ram users who can assume the RAM role. The format of each item in this list is acs:ram::${account_id}:root or acs:ram::${account_id}:user/${user_name}, such as acs:ram::1234567890000:root and acs:ram::1234567890001:user/Mary. The ${user_name} is the name of a RAM user which must exists in the Alicloud account indicated by the ${account_id}.

    Deprecated:Field 'ram_users' has been deprecated from version 1.49.0, and use field 'document' to replace.

    services Sequence[str]
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of services which can assume the RAM role. The format of each item in this list is ${service}.aliyuncs.com or ${account_id}@${service}.aliyuncs.com, such as ecs.aliyuncs.com and 1234567890000@ots.aliyuncs.com. The ${service} can be ecs, log, apigateway and so on, the ${account_id} refers to someone's Alicloud account id.

    Deprecated:Field 'services' has been deprecated from version 1.49.0, and use field 'document' to replace.

    version str
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM role policy document. Valid value is 1. Default value is 1.

    Deprecated:Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    description String
    Description of the RAM role. This name can have a string of 1 to 1024 characters. NOTE: The description supports modification since V1.144.0.
    document String
    Authorization strategy of the RAM role. It is required when the services and ram_users are not specified.
    force Boolean
    This parameter is used for resource destroy. Default value is false.
    maxSessionDuration Number
    The maximum session duration of the RAM role. Valid values: 3600 to 43200. Unit: seconds. Default value: 3600. The default value is used if the parameter is not specified.
    name String
    Name of the RAM role. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-", "_", and must not begin with a hyphen.
    ramUsers List<String>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of ram users who can assume the RAM role. The format of each item in this list is acs:ram::${account_id}:root or acs:ram::${account_id}:user/${user_name}, such as acs:ram::1234567890000:root and acs:ram::1234567890001:user/Mary. The ${user_name} is the name of a RAM user which must exists in the Alicloud account indicated by the ${account_id}.

    Deprecated:Field 'ram_users' has been deprecated from version 1.49.0, and use field 'document' to replace.

    services List<String>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of services which can assume the RAM role. The format of each item in this list is ${service}.aliyuncs.com or ${account_id}@${service}.aliyuncs.com, such as ecs.aliyuncs.com and 1234567890000@ots.aliyuncs.com. The ${service} can be ecs, log, apigateway and so on, the ${account_id} refers to someone's Alicloud account id.

    Deprecated:Field 'services' has been deprecated from version 1.49.0, and use field 'document' to replace.

    version String
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM role policy document. Valid value is 1. Default value is 1.

    Deprecated:Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:

    Arn string
    The role arn.
    Id string
    The provider-assigned unique ID for this managed resource.
    RoleId string
    The role ID.
    Arn string
    The role arn.
    Id string
    The provider-assigned unique ID for this managed resource.
    RoleId string
    The role ID.
    arn String
    The role arn.
    id String
    The provider-assigned unique ID for this managed resource.
    roleId String
    The role ID.
    arn string
    The role arn.
    id string
    The provider-assigned unique ID for this managed resource.
    roleId string
    The role ID.
    arn str
    The role arn.
    id str
    The provider-assigned unique ID for this managed resource.
    role_id str
    The role ID.
    arn String
    The role arn.
    id String
    The provider-assigned unique ID for this managed resource.
    roleId String
    The role ID.

    Look up Existing Role Resource

    Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: RoleState, opts?: CustomResourceOptions): Role
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            description: Optional[str] = None,
            document: Optional[str] = None,
            force: Optional[bool] = None,
            max_session_duration: Optional[int] = None,
            name: Optional[str] = None,
            ram_users: Optional[Sequence[str]] = None,
            role_id: Optional[str] = None,
            services: Optional[Sequence[str]] = None,
            version: Optional[str] = None) -> Role
    func GetRole(ctx *Context, name string, id IDInput, state *RoleState, opts ...ResourceOption) (*Role, error)
    public static Role Get(string name, Input<string> id, RoleState? state, CustomResourceOptions? opts = null)
    public static Role get(String name, Output<String> id, RoleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string
    The role arn.
    Description string
    Description of the RAM role. This name can have a string of 1 to 1024 characters. NOTE: The description supports modification since V1.144.0.
    Document string
    Authorization strategy of the RAM role. It is required when the services and ram_users are not specified.
    Force bool
    This parameter is used for resource destroy. Default value is false.
    MaxSessionDuration int
    The maximum session duration of the RAM role. Valid values: 3600 to 43200. Unit: seconds. Default value: 3600. The default value is used if the parameter is not specified.
    Name string
    Name of the RAM role. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-", "_", and must not begin with a hyphen.
    RamUsers List<string>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of ram users who can assume the RAM role. The format of each item in this list is acs:ram::${account_id}:root or acs:ram::${account_id}:user/${user_name}, such as acs:ram::1234567890000:root and acs:ram::1234567890001:user/Mary. The ${user_name} is the name of a RAM user which must exists in the Alicloud account indicated by the ${account_id}.

    Deprecated:Field 'ram_users' has been deprecated from version 1.49.0, and use field 'document' to replace.

    RoleId string
    The role ID.
    Services List<string>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of services which can assume the RAM role. The format of each item in this list is ${service}.aliyuncs.com or ${account_id}@${service}.aliyuncs.com, such as ecs.aliyuncs.com and 1234567890000@ots.aliyuncs.com. The ${service} can be ecs, log, apigateway and so on, the ${account_id} refers to someone's Alicloud account id.

    Deprecated:Field 'services' has been deprecated from version 1.49.0, and use field 'document' to replace.

    Version string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM role policy document. Valid value is 1. Default value is 1.

    Deprecated:Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    Arn string
    The role arn.
    Description string
    Description of the RAM role. This name can have a string of 1 to 1024 characters. NOTE: The description supports modification since V1.144.0.
    Document string
    Authorization strategy of the RAM role. It is required when the services and ram_users are not specified.
    Force bool
    This parameter is used for resource destroy. Default value is false.
    MaxSessionDuration int
    The maximum session duration of the RAM role. Valid values: 3600 to 43200. Unit: seconds. Default value: 3600. The default value is used if the parameter is not specified.
    Name string
    Name of the RAM role. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-", "_", and must not begin with a hyphen.
    RamUsers []string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of ram users who can assume the RAM role. The format of each item in this list is acs:ram::${account_id}:root or acs:ram::${account_id}:user/${user_name}, such as acs:ram::1234567890000:root and acs:ram::1234567890001:user/Mary. The ${user_name} is the name of a RAM user which must exists in the Alicloud account indicated by the ${account_id}.

    Deprecated:Field 'ram_users' has been deprecated from version 1.49.0, and use field 'document' to replace.

    RoleId string
    The role ID.
    Services []string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of services which can assume the RAM role. The format of each item in this list is ${service}.aliyuncs.com or ${account_id}@${service}.aliyuncs.com, such as ecs.aliyuncs.com and 1234567890000@ots.aliyuncs.com. The ${service} can be ecs, log, apigateway and so on, the ${account_id} refers to someone's Alicloud account id.

    Deprecated:Field 'services' has been deprecated from version 1.49.0, and use field 'document' to replace.

    Version string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM role policy document. Valid value is 1. Default value is 1.

    Deprecated:Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    arn String
    The role arn.
    description String
    Description of the RAM role. This name can have a string of 1 to 1024 characters. NOTE: The description supports modification since V1.144.0.
    document String
    Authorization strategy of the RAM role. It is required when the services and ram_users are not specified.
    force Boolean
    This parameter is used for resource destroy. Default value is false.
    maxSessionDuration Integer
    The maximum session duration of the RAM role. Valid values: 3600 to 43200. Unit: seconds. Default value: 3600. The default value is used if the parameter is not specified.
    name String
    Name of the RAM role. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-", "_", and must not begin with a hyphen.
    ramUsers List<String>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of ram users who can assume the RAM role. The format of each item in this list is acs:ram::${account_id}:root or acs:ram::${account_id}:user/${user_name}, such as acs:ram::1234567890000:root and acs:ram::1234567890001:user/Mary. The ${user_name} is the name of a RAM user which must exists in the Alicloud account indicated by the ${account_id}.

    Deprecated:Field 'ram_users' has been deprecated from version 1.49.0, and use field 'document' to replace.

    roleId String
    The role ID.
    services List<String>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of services which can assume the RAM role. The format of each item in this list is ${service}.aliyuncs.com or ${account_id}@${service}.aliyuncs.com, such as ecs.aliyuncs.com and 1234567890000@ots.aliyuncs.com. The ${service} can be ecs, log, apigateway and so on, the ${account_id} refers to someone's Alicloud account id.

    Deprecated:Field 'services' has been deprecated from version 1.49.0, and use field 'document' to replace.

    version String
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM role policy document. Valid value is 1. Default value is 1.

    Deprecated:Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    arn string
    The role arn.
    description string
    Description of the RAM role. This name can have a string of 1 to 1024 characters. NOTE: The description supports modification since V1.144.0.
    document string
    Authorization strategy of the RAM role. It is required when the services and ram_users are not specified.
    force boolean
    This parameter is used for resource destroy. Default value is false.
    maxSessionDuration number
    The maximum session duration of the RAM role. Valid values: 3600 to 43200. Unit: seconds. Default value: 3600. The default value is used if the parameter is not specified.
    name string
    Name of the RAM role. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-", "_", and must not begin with a hyphen.
    ramUsers string[]
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of ram users who can assume the RAM role. The format of each item in this list is acs:ram::${account_id}:root or acs:ram::${account_id}:user/${user_name}, such as acs:ram::1234567890000:root and acs:ram::1234567890001:user/Mary. The ${user_name} is the name of a RAM user which must exists in the Alicloud account indicated by the ${account_id}.

    Deprecated:Field 'ram_users' has been deprecated from version 1.49.0, and use field 'document' to replace.

    roleId string
    The role ID.
    services string[]
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of services which can assume the RAM role. The format of each item in this list is ${service}.aliyuncs.com or ${account_id}@${service}.aliyuncs.com, such as ecs.aliyuncs.com and 1234567890000@ots.aliyuncs.com. The ${service} can be ecs, log, apigateway and so on, the ${account_id} refers to someone's Alicloud account id.

    Deprecated:Field 'services' has been deprecated from version 1.49.0, and use field 'document' to replace.

    version string
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM role policy document. Valid value is 1. Default value is 1.

    Deprecated:Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    arn str
    The role arn.
    description str
    Description of the RAM role. This name can have a string of 1 to 1024 characters. NOTE: The description supports modification since V1.144.0.
    document str
    Authorization strategy of the RAM role. It is required when the services and ram_users are not specified.
    force bool
    This parameter is used for resource destroy. Default value is false.
    max_session_duration int
    The maximum session duration of the RAM role. Valid values: 3600 to 43200. Unit: seconds. Default value: 3600. The default value is used if the parameter is not specified.
    name str
    Name of the RAM role. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-", "_", and must not begin with a hyphen.
    ram_users Sequence[str]
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of ram users who can assume the RAM role. The format of each item in this list is acs:ram::${account_id}:root or acs:ram::${account_id}:user/${user_name}, such as acs:ram::1234567890000:root and acs:ram::1234567890001:user/Mary. The ${user_name} is the name of a RAM user which must exists in the Alicloud account indicated by the ${account_id}.

    Deprecated:Field 'ram_users' has been deprecated from version 1.49.0, and use field 'document' to replace.

    role_id str
    The role ID.
    services Sequence[str]
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of services which can assume the RAM role. The format of each item in this list is ${service}.aliyuncs.com or ${account_id}@${service}.aliyuncs.com, such as ecs.aliyuncs.com and 1234567890000@ots.aliyuncs.com. The ${service} can be ecs, log, apigateway and so on, the ${account_id} refers to someone's Alicloud account id.

    Deprecated:Field 'services' has been deprecated from version 1.49.0, and use field 'document' to replace.

    version str
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM role policy document. Valid value is 1. Default value is 1.

    Deprecated:Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    arn String
    The role arn.
    description String
    Description of the RAM role. This name can have a string of 1 to 1024 characters. NOTE: The description supports modification since V1.144.0.
    document String
    Authorization strategy of the RAM role. It is required when the services and ram_users are not specified.
    force Boolean
    This parameter is used for resource destroy. Default value is false.
    maxSessionDuration Number
    The maximum session duration of the RAM role. Valid values: 3600 to 43200. Unit: seconds. Default value: 3600. The default value is used if the parameter is not specified.
    name String
    Name of the RAM role. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-", "_", and must not begin with a hyphen.
    ramUsers List<String>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of ram users who can assume the RAM role. The format of each item in this list is acs:ram::${account_id}:root or acs:ram::${account_id}:user/${user_name}, such as acs:ram::1234567890000:root and acs:ram::1234567890001:user/Mary. The ${user_name} is the name of a RAM user which must exists in the Alicloud account indicated by the ${account_id}.

    Deprecated:Field 'ram_users' has been deprecated from version 1.49.0, and use field 'document' to replace.

    roleId String
    The role ID.
    services List<String>
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of services which can assume the RAM role. The format of each item in this list is ${service}.aliyuncs.com or ${account_id}@${service}.aliyuncs.com, such as ecs.aliyuncs.com and 1234567890000@ots.aliyuncs.com. The ${service} can be ecs, log, apigateway and so on, the ${account_id} refers to someone's Alicloud account id.

    Deprecated:Field 'services' has been deprecated from version 1.49.0, and use field 'document' to replace.

    version String
    (It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM role policy document. Valid value is 1. Default value is 1.

    Deprecated:Field 'version' has been deprecated from version 1.49.0, and use field 'document' to replace.

    Import

    RAM role can be imported using the id or name, e.g.

    $ pulumi import alicloud:ram/role:Role example my-role
    

    Package Details

    Repository
    Alibaba Cloud pulumi/pulumi-alicloud
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the alicloud Terraform Provider.
    alicloud logo
    Alibaba Cloud v3.51.0 published on Saturday, Mar 23, 2024 by Pulumi