ecs-ram-role.yml

ROSTemplateFormatVersion: '2015-09-01'
Description:
  zh-cn: 创建ECS实例RAM角色，定义访问策略，生成角色ARN与名称。
  en: Create an ECS instance RAM role, define the access policy, and generate the
    role ARN and name.
Parameters:
  RoleName:
    Type: String
    Label:
      en: RoleName
      zh-cn: Ram角色名
    Description:
      en: Ram role name, 1 to 64 characters in length, beginning with English letters
        or numbers, hyphens allowed, unique in the account.
      zh-cn: Ram角色名称，长度为1-64个字符，以英文字母或数字开头，允许使用连字符，账号内唯一。
    ConstraintDescription:
      en: 1 to 64 characters in length, beginning with English letters or numbers,
        hyphens allowed.
      zn-cn: 长度为1-64个字符，以英文字母或数字开头，允许使用连字符。
    Default: EcsRamRoleDocumentTesting
    MinLength: 1
    MaxLength: 64
  PolicyAction:
    Type: Json
    Label:
      en: Action
      zh-cn: 操作
    Description:
      en: Operations allowed by the policy granted to the RAM role.
      zh-cn: 授权给RAM角色的策略允许的操作。
    Default:
    - oss:Get*
    - oss:List*
Resources:
  ECSRole:
    Type: ALIYUN::RAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
        - Action: sts:AssumeRole
          Effect: Allow
          Principal:
            Service:
            - ecs.aliyuncs.com
        Version: '1'
      Policies:
      - PolicyDocument:
          Statement:
          - Action:
              Ref: PolicyAction
            Effect: Allow
            Resource:
            - '*'
          Version: '1'
        PolicyName:
          Fn::Sub: EcsRamRolePolicy-${ALIYUN::StackId}
      RoleName:
        Ref: RoleName
Outputs:
  Arn:
    Value:
      Fn::GetAtt:
      - ECSRole
      - Arn
  RoleName:
    Value:
      Fn::GetAtt:
      - ECSRole
      - RoleName
Metadata:
  ALIYUN::ROS::Interface:
    ParameterGroups:
    - Parameters:
      - RoleName
      - PolicyAction
      Label:
        default: RAM
    TemplateTags:
    - acs:example:安全:ECS实例RAM角色