forked from aliyun/ros-templates
-
Notifications
You must be signed in to change notification settings - Fork 0
/
attach-policy-to-role.yml
43 lines (43 loc) · 1.12 KB
/
attach-policy-to-role.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 创建RAM角色并绑定预设权限策略,支持自定义角色名与选择系统或自定义策略类型。
en: Create RAM roles and attach predefined permission policies, supporting customization
of role names and selection of system or custom policy types.
Parameters:
RoleName:
Type: String
Description: Specifies the role name, containing up to 64 characters.
Default: mytest
PolicyName:
Type: String
Default: ReadOnlyAccess
PolicyType:
Type: String
Default: System
AllowedValues:
- System
- Custom
Resources:
Role:
Type: ALIYUN::RAM::Role
Properties:
RoleName:
Ref: RoleName
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service:
- actiontrail.aliyuncs.com
Version: '1'
AttachPolicyToRole:
Type: ALIYUN::RAM::AttachPolicyToRole
Properties:
PolicyName:
Ref: PolicyName
PolicyType: System
RoleName:
Fn::GetAtt:
- Role
- RoleName