pulumi-alicloud-kotlin/com.pulumi.alicloud.ram.kotlin/RoleArgs

RoleArgs

data class RoleArgs(val description: Output<String>? = null, val document: Output<String>? = null, val force: Output<Boolean>? = null, val maxSessionDuration: Output<Int>? = null, val name: Output<String>? = null, val ramUsers: Output<List<String>>? = null, val services: Output<List<String>>? = null, val version: Output<String>? = null) : ConvertibleToJava<RoleArgs>

Provides a RAM Role resource.

NOTE: When you want to destroy this resource forcefully(means remove all the relationships associated with it automatically and then destroy it) without set force with true at beginning, you need add force = true to configuration file and run pulumi preview, then you can delete resource forcefully. NOTE: Available since v1.0.0+.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
// Create a new RAM Role.
const role = new alicloud.ram.Role("role", {
    name: "terraform-example",
    document: `  {
    "Statement": [
      {
        "Action": "sts:AssumeRole",
        "Effect": "Allow",
        "Principal": {
          "Service": [
            "apigateway.aliyuncs.com",
            "ecs.aliyuncs.com"
          ]
        }
      }
    ],
    "Version": "1"
  }
`,
    description: "this is a role test.",
});
Content copied to clipboard
import pulumi
import pulumi_alicloud as alicloud
# Create a new RAM Role.
role = alicloud.ram.Role("role",
    name="terraform-example",
    document="""  {
    "Statement": [
      {
        "Action": "sts:AssumeRole",
        "Effect": "Allow",
        "Principal": {
          "Service": [
            "apigateway.aliyuncs.com",
            "ecs.aliyuncs.com"
          ]
        }
      }
    ],
    "Version": "1"
  }
""",
    description="this is a role test.")
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
    // Create a new RAM Role.
    var role = new AliCloud.Ram.Role("role", new()
    {
        Name = "terraform-example",
        Document = @"  {
    ""Statement"": [
      {
        ""Action"": ""sts:AssumeRole"",
        ""Effect"": ""Allow"",
        ""Principal"": {
          ""Service"": [
            ""apigateway.aliyuncs.com"",
            ""ecs.aliyuncs.com""
          ]
        }
      }
    ],
    ""Version"": ""1""
  }
",
        Description = "this is a role test.",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ram"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// Create a new RAM Role.
		_, err := ram.NewRole(ctx, "role", &ram.RoleArgs{
			Name: pulumi.String("terraform-example"),
			Document: pulumi.String(`  {
    "Statement": [
      {
        "Action": "sts:AssumeRole",
        "Effect": "Allow",
        "Principal": {
          "Service": [
            "apigateway.aliyuncs.com",
            "ecs.aliyuncs.com"
          ]
        }
      }
    ],
    "Version": "1"
  }
`),
			Description: pulumi.String("this is a role test."),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ram.Role;
import com.pulumi.alicloud.ram.RoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        // Create a new RAM Role.
        var role = new Role("role", RoleArgs.builder()
            .name("terraform-example")
            .document("""
  {
    "Statement": [
      {
        "Action": "sts:AssumeRole",
        "Effect": "Allow",
        "Principal": {
          "Service": [
            "apigateway.aliyuncs.com",
            "ecs.aliyuncs.com"
          ]
        }
      }
    ],
    "Version": "1"
  }
            """)
            .description("this is a role test.")
            .build());
    }
}
Content copied to clipboard
resources:
  # Create a new RAM Role.
  role:
    type: alicloud:ram:Role
    properties:
      name: terraform-example
      document: "  {\n    \"Statement\": [\n      {\n        \"Action\": \"sts:AssumeRole\",\n        \"Effect\": \"Allow\",\n        \"Principal\": {\n          \"Service\": [\n            \"apigateway&#46;aliyuncs&#46;com\", \n            \"ecs&#46;aliyuncs&#46;com\"\n          ]\n        }\n      }\n    ],\n    \"Version\": \"1\"\n  }\n"
      description: this is a role test.
Content copied to clipboard

Import

RAM role can be imported using the id or name, e.g.

$ pulumi import alicloud:ram/role:Role example my-role
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(description: Output<String>? = null, document: Output<String>? = null, force: Output<Boolean>? = null, maxSessionDuration: Output<Int>? = null, name: Output<String>? = null, ramUsers: Output<List<String>>? = null, services: Output<List<String>>? = null, version: Output<String>? = null)

Properties

Link copied to clipboard
val description: Output<String>? = null

Description of the RAM role. This name can have a string of 1 to 1024 characters. NOTE: The description supports modification since V1.144.0.

Link copied to clipboard
val document: Output<String>? = null

Authorization strategy of the RAM role. It is required when the services and ram_users are not specified.

Link copied to clipboard
val force: Output<Boolean>? = null

This parameter is used for resource destroy. Default value is false.

Link copied to clipboard
val maxSessionDuration: Output<Int>? = null

The maximum session duration of the RAM role. Valid values: 3600 to 43200. Unit: seconds. Default value: 3600. The default value is used if the parameter is not specified.

Link copied to clipboard
val name: Output<String>? = null

Name of the RAM role. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-", "_", and must not begin with a hyphen.

Link copied to clipboard
val ramUsers: Output<List<String>>? = null

(It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of ram users who can assume the RAM role. The format of each item in this list is acs:ram::${account_id}:root or acs:ram::${account_id}:user/${user_name}, such as acs:ram::1234567890000:root and acs:ram::1234567890001:user/Mary. The ${user_name} is the name of a RAM user which must exists in the Alicloud account indicated by the ${account_id}.

Link copied to clipboard
val services: Output<List<String>>? = null

(It has been deprecated since version 1.49.0, and use field 'document' to replace.) List of services which can assume the RAM role. The format of each item in this list is ${service}.aliyuncs.com or ${account_id}@${service}.aliyuncs.com, such as ecs.aliyuncs.com and 1234567890000@ots.aliyuncs.com. The ${service} can be ecs, log, apigateway and so on, the ${account_id} refers to someone's Alicloud account id.

Link copied to clipboard
val version: Output<String>? = null

(It has been deprecated since version 1.49.0, and use field 'document' to replace.) Version of the RAM role policy document. Valid value is 1. Default value is 1.

Functions

Link copied to clipboard
open override fun toJava(): RoleArgs