-
Notifications
You must be signed in to change notification settings - Fork 35
/
managed-policy.yml
85 lines (85 loc) · 2.24 KB
/
managed-policy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 创建自定义RAM策略,定义指定服务操作权限与资源范围,支持允许或拒绝效应。
en: Create custom RAM policies to define specified service operation permissions
and resource scopes, supporting both Allow and Deny effects.
Parameters:
PolicyName:
Type: String
Label:
zh-cn: 策略名称
en: Policy Name
Description:
zh-cn: 可包含大小写字母、数字以及中划线(-)
en: May contain uppercase and lowercase letters, numbers, and hyphens (-)
Default: TestManagedPolicy
Description:
Type: String
Label:
zh-cn: 备注
en: Description
Default: Customize Managed Policy
Action:
Type: Json
Label:
zh-cn: 操作
en: Action
Description:
zh-cn: 该策略定义的对产品服务的操作
en: The operation of products and services defined by the strategy
Default:
- vpc:*Describe*
- vpc:*VSwitch*
Resource:
Type: Json
Label:
en: Resource
zh-cn: 资源
Description:
zh-cn: 适用于操作的资源,详情请参考<a href='https://help.aliyun.com/document_detail/93738.html'>权限策略基本元素</a>。
en: Resources for operations, refer to <a href='https://www.alibabacloud.com/help/doc-detail/93738.htm'>Policy
elements</a> for more info.
Default:
- '*'
Effect:
Type: String
Label:
zh-cn: 权限效力
en: Authority
Description:
zh-cn: 允许/拒绝对资源的操作
en: Allow/Deny Action for Resource
Default: Allow
AllowedValues:
- Allow
- Deny
Resources:
ManagedPolicy:
Type: ALIYUN::RAM::ManagedPolicy
Properties:
PolicyName:
Ref: PolicyName
Description:
Ref: Description
PolicyDocument:
Version: '1'
Statement:
- Effect:
Ref: Effect
Action:
Ref: Action
Resource:
Ref: Resource
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- PolicyName
- Description
- Action
- Resource
- Effect
Label:
default: Policy
TemplateTags:
- acs:example:安全:RAM策略管理