» alicloud_ram_policy

Provides a RAM Policy resource.

» Example Usage

# Create a new RAM Policy.
resource "alicloud_ram_policy" "policy" {
  name     = "policyName"
  document = <<EOF
  {
    "Statement": [
      {
        "Action": [
          "oss:ListObjects",
          "oss:GetObject"
        ],
        "Effect": "Allow",
        "Resource": [
          "acs:oss:*:*:mybucket",
          "acs:oss:*:*:mybucket/*"
        ]
      }
    ],
      "Version": "1"
  }
  EOF
  description = "this is a policy test"
  force = true
}

» Argument Reference

The following arguments are supported:

  • name - (Required, ForceNew) Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
  • statement - (Deprecated, Optional, Type: list, Conflicts with document) (It has been deprecated from version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the document is not specified.
    • resource - (Deprecated, Required, Type: list) (It has been deprecated from version 1.49.0, and use field 'document' to replace.) List of specific objects which will be authorized. The format of each item in this list is acs:${service}:${region}:${account_id}:${relative_id}, such as acs:ecs:*:*:instance/inst-002 and acs:oss:*:1234567890000:mybucket. The ${service} can be ecs, oss, ots and so on, the ${region} is the region info which can use * replace when it is not supplied, the ${account_id} refers to someone's Alicloud account id or you can use * to replace, the ${relative_id} is the resource description section which related to the ${service}.
    • action - (Deprecated, Required, Type: list) (It has been deprecated from version 1.49.0, and use field 'document' to replace.) List of operations for the resource. The format of each item in this list is ${service}:${action_name}, such as oss:ListBuckets and ecs:Describe*. The ${service} can be ecs, oss, ots and so on, the ${action_name} refers to the name of an api interface which related to the ${service}.
    • effect - (Deprecated, Required) (It has been deprecated from version 1.49.0, and use field 'document' to replace.) This parameter indicates whether or not the action is allowed. Valid values are Allow and Deny.
  • version - (Deprecated, Optional, Conflicts with document) (It has been deprecated from version 1.49.0, and use field 'document' to replace.) Version of the RAM policy document. Valid value is 1. Default value is 1.
  • document - (Optional, Conflicts with statement and version) Document of the RAM policy. It is required when the statement is not specified.
  • description - (Optional, ForceNew) Description of the RAM policy. This name can have a string of 1 to 1024 characters.
  • force - (Optional) This parameter is used for resource destroy. Default value is false.

» Attributes Reference

The following attributes are exported:

» Import

RAM policy can be imported using the id or name, e.g.

$ terraform import alicloud_ram_policy.example my-policy