Policy
Provides a RAM Policy resource.
NOTE: When you want to destroy this resource forcefully(means remove all the relationships associated with it automatically and then destroy it) without set
forcewithtrueat beginning, you need addforce = trueto configuration file and runpulumi preview, then you can delete resource forcefully. NOTE: Each policy can own at most 5 versions and the oldest version will be removed after its version achieves 5. NOTE: If the policy has multiple versions, all non-default versions will be deleted first when deleting policy. NOTE: Available since v1.0.0+.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
import * as random from "@pulumi/random";
// Create a new RAM Policy.
const _default = new random.index.Integer("default", {
min: 10000,
max: 99999,
});
const policy = new alicloud.ram.Policy("policy", {
policyName: `tf-example-${_default.result}`,
policyDocument: ` {
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:GetObject"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:mybucket",
"acs:oss:*:*:mybucket/*"
]
}
],
"Version": "1"
}
`,
description: "this is a policy test",
});import pulumi
import pulumi_alicloud as alicloud
import pulumi_random as random
# Create a new RAM Policy.
default = random.index.Integer("default",
min=10000,
max=99999)
policy = alicloud.ram.Policy("policy",
policy_name=f"tf-example-{default['result']}",
policy_document=""" {
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:GetObject"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:mybucket",
"acs:oss:*:*:mybucket/*"
]
}
],
"Version": "1"
}
""",
description="this is a policy test")using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
using Random = Pulumi.Random;
return await Deployment.RunAsync(() =>
{
// Create a new RAM Policy.
var @default = new Random.Index.Integer("default", new()
{
Min = 10000,
Max = 99999,
});
var policy = new AliCloud.Ram.Policy("policy", new()
{
PolicyName = $"tf-example-{@default.Result}",
PolicyDocument = @" {
""Statement"": [
{
""Action"": [
""oss:ListObjects"",
""oss:GetObject""
],
""Effect"": ""Allow"",
""Resource"": [
""acs:oss:*:*:mybucket"",
""acs:oss:*:*:mybucket/*""
]
}
],
""Version"": ""1""
}
",
Description = "this is a policy test",
});
});package main
import (
"fmt"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ram"
"github.com/pulumi/pulumi-random/sdk/v4/go/random"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Create a new RAM Policy.
_, err := random.NewInteger(ctx, "default", &random.IntegerArgs{
Min: 10000,
Max: 99999,
})
if err != nil {
return err
}
_, err = ram.NewPolicy(ctx, "policy", &ram.PolicyArgs{
PolicyName: pulumi.String(fmt.Sprintf("tf-example-%v", _default.Result)),
PolicyDocument: pulumi.String(` {
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:GetObject"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:mybucket",
"acs:oss:*:*:mybucket/*"
]
}
],
"Version": "1"
}
`),
Description: pulumi.String("this is a policy test"),
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.random.integer;
import com.pulumi.random.IntegerArgs;
import com.pulumi.alicloud.ram.Policy;
import com.pulumi.alicloud.ram.PolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Create a new RAM Policy.
var default_ = new Integer("default", IntegerArgs.builder()
.min(10000)
.max(99999)
.build());
var policy = new Policy("policy", PolicyArgs.builder()
.policyName(String.format("tf-example-%s", default_.result()))
.policyDocument("""
{
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:GetObject"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:mybucket",
"acs:oss:*:*:mybucket/*"
]
}
],
"Version": "1"
}
""")
.description("this is a policy test")
.build());
}
}resources:
# Create a new RAM Policy.
default:
type: random:integer
properties:
min: 10000
max: 99999
policy:
type: alicloud:ram:Policy
properties:
policyName: tf-example-${default.result}
policyDocument: |2
{
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:GetObject"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:mybucket",
"acs:oss:*:*:mybucket/*"
]
}
],
"Version": "1"
}
description: this is a policy testImport
RAM policy can be imported using the id or name, e.g.
$ pulumi import alicloud:ram/policy:Policy example my-policyConstructors
Properties
Description of the RAM policy. This name can have a string of 1 to 1024 characters.
Document of the RAM policy. It is required when the statement is not specified.
Name of the RAM policy. This name can have a string of 1 to 128 characters, must contain only alphanumeric characters or hyphen "-", and must not begin with a hyphen.
The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values: None, DeleteOldestNonDefaultVersionWhenLimitExceeded. Default to None.
(It has been deprecated since version 1.49.0, and use field 'document' to replace.) Statements of the RAM policy document. It is required when the document is not specified. See statement below.