Control
Provides a Resource Manager Control Policy resource. For information about Resource Manager Control Policy and how to use it, see What is Control Policy.
NOTE: Available since v1.120.0.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const config = new pulumi.Config();
const name = config.get("name") || "tf-example";
const example = new alicloud.resourcemanager.ControlPolicy("example", {
controlPolicyName: name,
description: name,
effectScope: "RAM",
policyDocument: ` {
"Version": "1",
"Statement": [
{
"Effect": "Deny",
"Action": [
"ram:UpdateRole",
"ram:DeleteRole",
"ram:AttachPolicyToRole",
"ram:DetachPolicyFromRole"
],
"Resource": "acs:ram:*:*:role/ResourceDirectoryAccountAccessRole"
}
]
}
`,
});Content copied to clipboard
import pulumi
import pulumi_alicloud as alicloud
config = pulumi.Config()
name = config.get("name")
if name is None:
name = "tf-example"
example = alicloud.resourcemanager.ControlPolicy("example",
control_policy_name=name,
description=name,
effect_scope="RAM",
policy_document=""" {
"Version": "1",
"Statement": [
{
"Effect": "Deny",
"Action": [
"ram:UpdateRole",
"ram:DeleteRole",
"ram:AttachPolicyToRole",
"ram:DetachPolicyFromRole"
],
"Resource": "acs:ram:*:*:role/ResourceDirectoryAccountAccessRole"
}
]
}
""")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var name = config.Get("name") ?? "tf-example";
var example = new AliCloud.ResourceManager.ControlPolicy("example", new()
{
ControlPolicyName = name,
Description = name,
EffectScope = "RAM",
PolicyDocument = @" {
""Version"": ""1"",
""Statement"": [
{
""Effect"": ""Deny"",
""Action"": [
""ram:UpdateRole"",
""ram:DeleteRole"",
""ram:AttachPolicyToRole"",
""ram:DetachPolicyFromRole""
],
""Resource"": ""acs:ram:*:*:role/ResourceDirectoryAccountAccessRole""
}
]
}
",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/resourcemanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
name := "tf-example"
if param := cfg.Get("name"); param != "" {
name = param
}
_, err := resourcemanager.NewControlPolicy(ctx, "example", &resourcemanager.ControlPolicyArgs{
ControlPolicyName: pulumi.String(name),
Description: pulumi.String(name),
EffectScope: pulumi.String("RAM"),
PolicyDocument: pulumi.String(` {
"Version": "1",
"Statement": [
{
"Effect": "Deny",
"Action": [
"ram:UpdateRole",
"ram:DeleteRole",
"ram:AttachPolicyToRole",
"ram:DetachPolicyFromRole"
],
"Resource": "acs:ram:*:*:role/ResourceDirectoryAccountAccessRole"
}
]
}
`),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.resourcemanager.ControlPolicy;
import com.pulumi.alicloud.resourcemanager.ControlPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var name = config.get("name").orElse("tf-example");
var example = new ControlPolicy("example", ControlPolicyArgs.builder()
.controlPolicyName(name)
.description(name)
.effectScope("RAM")
.policyDocument("""
{
"Version": "1",
"Statement": [
{
"Effect": "Deny",
"Action": [
"ram:UpdateRole",
"ram:DeleteRole",
"ram:AttachPolicyToRole",
"ram:DetachPolicyFromRole"
],
"Resource": "acs:ram:*:*:role/ResourceDirectoryAccountAccessRole"
}
]
}
""")
.build());
}
}Content copied to clipboard
configuration:
name:
type: string
default: tf-example
resources:
example:
type: alicloud:resourcemanager:ControlPolicy
properties:
controlPolicyName: ${name}
description: ${name}
effectScope: RAM
policyDocument: |2
{
"Version": "1",
"Statement": [
{
"Effect": "Deny",
"Action": [
"ram:UpdateRole",
"ram:DeleteRole",
"ram:AttachPolicyToRole",
"ram:DetachPolicyFromRole"
],
"Resource": "acs:ram:*:*:role/ResourceDirectoryAccountAccessRole"
}
]
}Content copied to clipboard
Import
Resource Manager Control Policy can be imported using the id, e.g.
$ pulumi import alicloud:resourcemanager/controlPolicy:ControlPolicy example <id>Content copied to clipboard
Properties
Link copied to clipboard
The name of control policy.
Link copied to clipboard
The description of control policy.
Link copied to clipboard
The effect scope. Valid values RAM.
Link copied to clipboard
The policy document of control policy.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard