Role
Provides a RAM role attachment resource to bind role for several ECS instances.
NOTE: Available since v1.0.0+.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.AlicloudFunctions;
import com.pulumi.alicloud.inputs.GetZonesArgs;
import com.pulumi.alicloud.ecs.EcsFunctions;
import com.pulumi.alicloud.ecs.inputs.GetInstanceTypesArgs;
import com.pulumi.alicloud.ecs.inputs.GetImagesArgs;
import com.pulumi.alicloud.vpc.Network;
import com.pulumi.alicloud.vpc.NetworkArgs;
import com.pulumi.alicloud.vpc.Switch;
import com.pulumi.alicloud.vpc.SwitchArgs;
import com.pulumi.alicloud.ecs.SecurityGroup;
import com.pulumi.alicloud.ecs.SecurityGroupArgs;
import com.pulumi.alicloud.ecs.SecurityGroupRule;
import com.pulumi.alicloud.ecs.SecurityGroupRuleArgs;
import com.pulumi.alicloud.ecs.Instance;
import com.pulumi.alicloud.ecs.InstanceArgs;
import com.pulumi.alicloud.ram.Role;
import com.pulumi.alicloud.ram.RoleArgs;
import com.pulumi.alicloud.ram.RoleAttachment;
import com.pulumi.alicloud.ram.RoleAttachmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var defaultZones = AlicloudFunctions.getZones(GetZonesArgs.builder()
.availableDiskCategory("cloud_efficiency")
.availableResourceCreation("VSwitch")
.build());
final var defaultInstanceTypes = EcsFunctions.getInstanceTypes(GetInstanceTypesArgs.builder()
.availabilityZone(defaultZones.applyValue(getZonesResult -> getZonesResult.zones()[0].id()))
.cpuCoreCount(2)
.memorySize(4)
.build());
final var defaultImages = EcsFunctions.getImages(GetImagesArgs.builder()
.nameRegex("^ubuntu_18.*64")
.mostRecent(true)
.owners("system")
.build());
final var name = config.get("name").orElse("ecsInstanceVPCExample");
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.vpcName(name)
.cidrBlock("172.16.0.0/16")
.build());
var defaultSwitch = new Switch("defaultSwitch", SwitchArgs.builder()
.vpcId(defaultNetwork.id())
.cidrBlock("172.16.0.0/24")
.zoneId(defaultZones.applyValue(getZonesResult -> getZonesResult.zones()[0].id()))
.vswitchName(name)
.build());
var defaultSecurityGroup = new SecurityGroup("defaultSecurityGroup", SecurityGroupArgs.builder()
.vpcId(defaultNetwork.id())
.build());
var defaultSecurityGroupRule = new SecurityGroupRule("defaultSecurityGroupRule", SecurityGroupRuleArgs.builder()
.type("ingress")
.ipProtocol("tcp")
.nicType("intranet")
.policy("accept")
.portRange("22/22")
.priority(1)
.securityGroupId(defaultSecurityGroup.id())
.cidrIp("172.16.0.0/24")
.build());
var foo = new Instance("foo", InstanceArgs.builder()
.vswitchId(defaultSwitch.id())
.imageId(defaultImages.applyValue(getImagesResult -> getImagesResult.images()[0].id()))
.instanceType(defaultInstanceTypes.applyValue(getInstanceTypesResult -> getInstanceTypesResult.instanceTypes()[0].id()))
.systemDiskCategory("cloud_efficiency")
.internetChargeType("PayByTraffic")
.internetMaxBandwidthOut(5)
.securityGroups(defaultSecurityGroup.id())
.instanceName(name)
.build());
var role = new Role("role", RoleArgs.builder()
.document("""
{
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": [
"ecs.aliyuncs.com"
]
}
}
],
"Version": "1"
}
""")
.description("this is a test")
.force(true)
.build());
var attach = new RoleAttachment("attach", RoleAttachmentArgs.builder()
.roleName(role.name())
.instanceIds(foo.stream().map(element -> element.id()).collect(toList()))
.build());
}
}Content copied to clipboard