alicloud_ram_role

Provides a RAM Role resource.

Example Usage

# Create a new RAM Role.
resource "alicloud_ram_role" "role" {
  name = "test_role"
  ram_users = ["acs:ram::${your_account_id}:root", "acs:ram::${other_account_id}:user/username"]
  services = ["apigateway.aliyuncs.com", "ecs.aliyuncs.com"]
  description = "this is a role test."
  force = true
}

Argument Reference

The following arguments are supported:

  • name - (Required, Forces new resource) Name of the RAM role. This name can have a string of 1 to 64 characters, must contain only alphanumeric characters or hyphens, such as "-", "_", and must not begin with a hyphen.
  • services - (Optional, Type: list, Conflicts with document) List of services which can assume the RAM role. The format of each item in this list is ${service}.aliyuncs.com or ${account_id}@${service}.aliyuncs.com, such as ecs.aliyuncs.com and [email protected]. The ${service} can be ecs, log, apigateway and so on, the ${account_id} refers to someone's Alicloud account id.
  • ram_users - (Optional, Type: list, Conflicts with document) List of ram users who can assume the RAM role. The format of each item in this list is acs:ram::${account_id}:root or acs:ram::${account_id}:user/${user_name}, such as acs:ram::1234567890000:root and acs:ram::1234567890001:user/Mary. The ${user_name} is the name of a RAM user which must exists in the Alicloud account indicated by the ${account_id}.
  • version - (Optional, Conflicts with document) Version of the RAM role policy document. Valid value is 1. Default value is 1.
  • document - (Optional, Conflicts with services, ram_users and version) Authorization strategy of the RAM role. It is required when the services and ram_users are not specified.
  • description - (Optional, Forces new resource) Description of the RAM role. This name can have a string of 1 to 1024 characters.
  • force - (Optional) This parameter is used for resource destroy. Default value is false.

Attributes Reference

The following attributes are exported:

  • id - The role ID.
  • name - The role name.
  • arn - The role arn.
  • description - The role description.
  • version - The role policy document version.
  • document - Authorization strategy of the role.
  • ram_users - List of services which can assume the RAM role.
  • services - List of services which can assume the RAM role.

Import

RAM role can be imported using the id or name, e.g.

$ terraform import alicloud_ram_role.example my-role

© 2018 HashiCorp
Licensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/alicloud/r/ram_role.html