Docs Home
Alibaba Cloud v3.76.0 published on Tuesday, Apr 8, 2025 by Pulumi
alicloud.ram.getPolicies
Explore with Pulumi AI
This data source provides a list of RAM policies in an Alibaba Cloud account according to the specified filters.
NOTE: Available since v1.0.0+.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
import * as random from "@pulumi/random";
const _default = new random.index.Integer("default", {
min: 10000,
max: 99999,
});
const group = new alicloud.ram.Group("group", {
name: `groupName-${_default.result}`,
comments: "this is a group comments.",
});
const policy = new alicloud.ram.Policy("policy", {
policyName: `tf-example-${_default.result}`,
policyDocument: ` {
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:GetObject"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:mybucket",
"acs:oss:*:*:mybucket/*"
]
}
],
"Version": "1"
}
`,
description: "this is a policy test",
});
const attach = new alicloud.ram.GroupPolicyAttachment("attach", {
policyName: policy.policyName,
policyType: policy.type,
groupName: group.name,
});
const policiesDs = alicloud.ram.getPoliciesOutput({
groupName: attach.groupName,
type: "Custom",
});
export const firstPolicyName = policiesDs.apply(policiesDs => policiesDs.policies?.[0]?.name);
import pulumi
import pulumi_alicloud as alicloud
import pulumi_random as random
default = random.index.Integer("default",
min=10000,
max=99999)
group = alicloud.ram.Group("group",
name=f"groupName-{default['result']}",
comments="this is a group comments.")
policy = alicloud.ram.Policy("policy",
policy_name=f"tf-example-{default['result']}",
policy_document=""" {
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:GetObject"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:mybucket",
"acs:oss:*:*:mybucket/*"
]
}
],
"Version": "1"
}
""",
description="this is a policy test")
attach = alicloud.ram.GroupPolicyAttachment("attach",
policy_name=policy.policy_name,
policy_type=policy.type,
group_name=group.name)
policies_ds = alicloud.ram.get_policies_output(group_name=attach.group_name,
type="Custom")
pulumi.export("firstPolicyName", policies_ds.policies[0].name)
package main
import (
"fmt"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ram"
"github.com/pulumi/pulumi-random/sdk/v4/go/random"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := random.NewInteger(ctx, "default", &random.IntegerArgs{
Min: 10000,
Max: 99999,
})
if err != nil {
return err
}
group, err := ram.NewGroup(ctx, "group", &ram.GroupArgs{
Name: pulumi.Sprintf("groupName-%v", _default.Result),
Comments: pulumi.String("this is a group comments."),
})
if err != nil {
return err
}
policy, err := ram.NewPolicy(ctx, "policy", &ram.PolicyArgs{
PolicyName: pulumi.Sprintf("tf-example-%v", _default.Result),
PolicyDocument: pulumi.String(` {
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:GetObject"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:mybucket",
"acs:oss:*:*:mybucket/*"
]
}
],
"Version": "1"
}
`),
Description: pulumi.String("this is a policy test"),
})
if err != nil {
return err
}
attach, err := ram.NewGroupPolicyAttachment(ctx, "attach", &ram.GroupPolicyAttachmentArgs{
PolicyName: policy.PolicyName,
PolicyType: policy.Type,
GroupName: group.Name,
})
if err != nil {
return err
}
policiesDs := ram.GetPoliciesOutput(ctx, ram.GetPoliciesOutputArgs{
GroupName: attach.GroupName,
Type: pulumi.String("Custom"),
}, nil)
ctx.Export("firstPolicyName", policiesDs.ApplyT(func(policiesDs ram.GetPoliciesResult) (*string, error) {
return &policiesDs.Policies[0].Name, nil
}).(pulumi.StringPtrOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
using Random = Pulumi.Random;
return await Deployment.RunAsync(() =>
{
var @default = new Random.Index.Integer("default", new()
{
Min = 10000,
Max = 99999,
});
var @group = new AliCloud.Ram.Group("group", new()
{
Name = $"groupName-{@default.Result}",
Comments = "this is a group comments.",
});
var policy = new AliCloud.Ram.Policy("policy", new()
{
PolicyName = $"tf-example-{@default.Result}",
PolicyDocument = @" {
""Statement"": [
{
""Action"": [
""oss:ListObjects"",
""oss:GetObject""
],
""Effect"": ""Allow"",
""Resource"": [
""acs:oss:*:*:mybucket"",
""acs:oss:*:*:mybucket/*""
]
}
],
""Version"": ""1""
}
",
Description = "this is a policy test",
});
var attach = new AliCloud.Ram.GroupPolicyAttachment("attach", new()
{
PolicyName = policy.PolicyName,
PolicyType = policy.Type,
GroupName = @group.Name,
});
var policiesDs = AliCloud.Ram.GetPolicies.Invoke(new()
{
GroupName = attach.GroupName,
Type = "Custom",
});
return new Dictionary<string, object?>
{
["firstPolicyName"] = policiesDs.Apply(getPoliciesResult => getPoliciesResult.Policies[0]?.Name),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.random.integer;
import com.pulumi.random.IntegerArgs;
import com.pulumi.alicloud.ram.Group;
import com.pulumi.alicloud.ram.GroupArgs;
import com.pulumi.alicloud.ram.Policy;
import com.pulumi.alicloud.ram.PolicyArgs;
import com.pulumi.alicloud.ram.GroupPolicyAttachment;
import com.pulumi.alicloud.ram.GroupPolicyAttachmentArgs;
import com.pulumi.alicloud.ram.RamFunctions;
import com.pulumi.alicloud.ram.inputs.GetPoliciesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Integer("default", IntegerArgs.builder()
.min(10000)
.max(99999)
.build());
var group = new Group("group", GroupArgs.builder()
.name(String.format("groupName-%s", default_.result()))
.comments("this is a group comments.")
.build());
var policy = new Policy("policy", PolicyArgs.builder()
.policyName(String.format("tf-example-%s", default_.result()))
.policyDocument("""
{
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:GetObject"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:mybucket",
"acs:oss:*:*:mybucket/*"
]
}
],
"Version": "1"
}
""")
.description("this is a policy test")
.build());
var attach = new GroupPolicyAttachment("attach", GroupPolicyAttachmentArgs.builder()
.policyName(policy.policyName())
.policyType(policy.type())
.groupName(group.name())
.build());
final var policiesDs = RamFunctions.getPolicies(GetPoliciesArgs.builder()
.groupName(attach.groupName())
.type("Custom")
.build());
ctx.export("firstPolicyName", policiesDs.applyValue(getPoliciesResult -> getPoliciesResult).applyValue(policiesDs -> policiesDs.applyValue(getPoliciesResult -> getPoliciesResult.policies()[0].name())));
}
}
resources:
group:
type: alicloud:ram:Group
properties:
name: groupName-${default.result}
comments: this is a group comments.
default:
type: random:integer
properties:
min: 10000
max: 99999
policy:
type: alicloud:ram:Policy
properties:
policyName: tf-example-${default.result}
policyDocument: |2
{
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:GetObject"
],
"Effect": "Allow",
"Resource": [
"acs:oss:*:*:mybucket",
"acs:oss:*:*:mybucket/*"
]
}
],
"Version": "1"
}
description: this is a policy test
attach:
type: alicloud:ram:GroupPolicyAttachment
properties:
policyName: ${policy.policyName}
policyType: ${policy.type}
groupName: ${group.name}
variables:
policiesDs:
fn::invoke:
function: alicloud:ram:getPolicies
arguments:
groupName: ${attach.groupName}
type: Custom
outputs:
firstPolicyName: ${policiesDs.policies[0].name}
Using getPolicies
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getPolicies(args: GetPoliciesArgs, opts?: InvokeOptions): Promise<GetPoliciesResult>
function getPoliciesOutput(args: GetPoliciesOutputArgs, opts?: InvokeOptions): Output<GetPoliciesResult>def get_policies(enable_details: Optional[bool] = None,
group_name: Optional[str] = None,
ids: Optional[Sequence[str]] = None,
name_regex: Optional[str] = None,
output_file: Optional[str] = None,
role_name: Optional[str] = None,
type: Optional[str] = None,
user_name: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetPoliciesResult
def get_policies_output(enable_details: Optional[pulumi.Input[bool]] = None,
group_name: Optional[pulumi.Input[str]] = None,
ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
name_regex: Optional[pulumi.Input[str]] = None,
output_file: Optional[pulumi.Input[str]] = None,
role_name: Optional[pulumi.Input[str]] = None,
type: Optional[pulumi.Input[str]] = None,
user_name: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetPoliciesResult]func GetPolicies(ctx *Context, args *GetPoliciesArgs, opts ...InvokeOption) (*GetPoliciesResult, error)
func GetPoliciesOutput(ctx *Context, args *GetPoliciesOutputArgs, opts ...InvokeOption) GetPoliciesResultOutput> Note: This function is named GetPolicies in the Go SDK.
public static class GetPolicies
{
public static Task<GetPoliciesResult> InvokeAsync(GetPoliciesArgs args, InvokeOptions? opts = null)
public static Output<GetPoliciesResult> Invoke(GetPoliciesInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetPoliciesResult> getPolicies(GetPoliciesArgs args, InvokeOptions options)
public static Output<GetPoliciesResult> getPolicies(GetPoliciesArgs args, InvokeOptions options)
fn::invoke:
function: alicloud:ram/getPolicies:getPolicies
arguments:
# arguments dictionaryThe following arguments are supported:
- Enable
Details bool - Default to
true. Set it to true can output more details. - Group
Name 
Changes to this property will trigger replacement. - Filter results by a specific group name. Returned policies are attached to the specified group.
- Ids
- A list of ram group IDs.
- Name
Regex - A regex string to filter resulting policies by name.
- Output
File string - File name where to save data source results (after running
pulumi preview). - Role
Name - Filter results by a specific role name. Returned policies are attached to the specified role.
- Type
- Filter results by a specific policy type. Valid values are
CustomandSystem. - User
Name - Filter results by a specific user name. Returned policies are attached to the specified user.
- Enable
Details bool - Default to
true. Set it to true can output more details. - Group
Name - Filter results by a specific group name. Returned policies are attached to the specified group.
- Ids
- A list of ram group IDs.
- Name
Regex - A regex string to filter resulting policies by name.
- Output
File string - File name where to save data source results (after running
pulumi preview). - Role
Name - Filter results by a specific role name. Returned policies are attached to the specified role.
- Type
- Filter results by a specific policy type. Valid values are
CustomandSystem. - User
Name - Filter results by a specific user name. Returned policies are attached to the specified user.
- enable
Details Boolean - Default to
true. Set it to true can output more details. - group
Name - Filter results by a specific group name. Returned policies are attached to the specified group.
- ids
- A list of ram group IDs.
- name
Regex - A regex string to filter resulting policies by name.
- output
File String - File name where to save data source results (after running
pulumi preview). - role
Name - Filter results by a specific role name. Returned policies are attached to the specified role.
- type
- Filter results by a specific policy type. Valid values are
CustomandSystem. - user
Name - Filter results by a specific user name. Returned policies are attached to the specified user.
- enable
Details boolean - Default to
true. Set it to true can output more details. - group
Name - Filter results by a specific group name. Returned policies are attached to the specified group.
- ids
- A list of ram group IDs.
- name
Regex - A regex string to filter resulting policies by name.
- output
File string - File name where to save data source results (after running
pulumi preview). - role
Name - Filter results by a specific role name. Returned policies are attached to the specified role.
- type
- Filter results by a specific policy type. Valid values are
CustomandSystem. - user
Name - Filter results by a specific user name. Returned policies are attached to the specified user.
- enable_
details bool - Default to
true. Set it to true can output more details. - group_
name - Filter results by a specific group name. Returned policies are attached to the specified group.
- ids
- A list of ram group IDs.
- name_
regex - A regex string to filter resulting policies by name.
- output_
file str - File name where to save data source results (after running
pulumi preview). - role_
name - Filter results by a specific role name. Returned policies are attached to the specified role.
- type
- Filter results by a specific policy type. Valid values are
CustomandSystem. - user_
name - Filter results by a specific user name. Returned policies are attached to the specified user.
- enable
Details Boolean - Default to
true. Set it to true can output more details. - group
Name - Filter results by a specific group name. Returned policies are attached to the specified group.
- ids
- A list of ram group IDs.
- name
Regex - A regex string to filter resulting policies by name.
- output
File String - File name where to save data source results (after running
pulumi preview). - role
Name - Filter results by a specific role name. Returned policies are attached to the specified role.
- type
- Filter results by a specific policy type. Valid values are
CustomandSystem. - user
Name - Filter results by a specific user name. Returned policies are attached to the specified user.
getPolicies Result
The following output properties are available:
- Id string
- The provider-assigned unique ID for this managed resource.
- Ids List<string>
- Names List<string>
- A list of ram group names.
- Policies
List<Pulumi.
Ali Cloud. Ram. Outputs. Get Policies Policy> - A list of policies. Each element contains the following attributes:
- Enable
Details bool - Group
Name string - Name
Regex string - Output
File string - Role
Name string - Type string
- Type of the policy.
- User
Name string - The user name of policy.
- Id string
- The provider-assigned unique ID for this managed resource.
- Ids []string
- Names []string
- A list of ram group names.
- Policies
[]Get
Policies Policy - A list of policies. Each element contains the following attributes:
- Enable
Details bool - Group
Name string - Name
Regex string - Output
File string - Role
Name string - Type string
- Type of the policy.
- User
Name string - The user name of policy.
- id String
- The provider-assigned unique ID for this managed resource.
- ids List<String>
- names List<String>
- A list of ram group names.
- policies
List<Get
Policies Policy> - A list of policies. Each element contains the following attributes:
- enable
Details Boolean - group
Name String - name
Regex String - output
File String - role
Name String - type String
- Type of the policy.
- user
Name String - The user name of policy.
- id string
- The provider-assigned unique ID for this managed resource.
- ids string[]
- names string[]
- A list of ram group names.
- policies
Get
Policies Policy[] - A list of policies. Each element contains the following attributes:
- enable
Details boolean - group
Name string - name
Regex string - output
File string - role
Name string - type string
- Type of the policy.
- user
Name string - The user name of policy.
- id str
- The provider-assigned unique ID for this managed resource.
- ids Sequence[str]
- names Sequence[str]
- A list of ram group names.
- policies
Sequence[Get
Policies Policy] - A list of policies. Each element contains the following attributes:
- enable_
details bool - group_
name str - name_
regex str - output_
file str - role_
name str - type str
- Type of the policy.
- user_
name str - The user name of policy.
- id String
- The provider-assigned unique ID for this managed resource.
- ids List<String>
- names List<String>
- A list of ram group names.
- policies List<Property Map>
- A list of policies. Each element contains the following attributes:
- enable
Details Boolean - group
Name String - name
Regex String - output
File String - role
Name String - type String
- Type of the policy.
- user
Name String - The user name of policy.
Supporting Types
GetPoliciesPolicy
- Attachment
Count This property is required. int - Attachment count of the policy.
- Create
Date This property is required. string - Creation date of the policy.
- Default
Version This property is required. string - Default version of the policy.
- Description
This property is required. string - Description of the policy.
- Document
This property is required. string - Policy document of the policy.
- Id
This property is required. string - ID of the policy.
- Name
This property is required. string - Name of the policy.
- Policy
Document This property is required. string - Policy document of the policy.
- Policy
Name This property is required. string - Name of the policy.
- Type
This property is required. string - Filter results by a specific policy type. Valid values are
CustomandSystem. - Update
Date This property is required. string - Update date of the policy.
- User
Name This property is required. string - Filter results by a specific user name. Returned policies are attached to the specified user.
- Version
Id This property is required. string - The ID of default policy.
- Attachment
Count This property is required. int - Attachment count of the policy.
- Create
Date This property is required. string - Creation date of the policy.
- Default
Version This property is required. string - Default version of the policy.
- Description
This property is required. string - Description of the policy.
- Document
This property is required. string - Policy document of the policy.
- Id
This property is required. string - ID of the policy.
- Name
This property is required. string - Name of the policy.
- Policy
Document This property is required. string - Policy document of the policy.
- Policy
Name This property is required. string - Name of the policy.
- Type
This property is required. string - Filter results by a specific policy type. Valid values are
CustomandSystem. - Update
Date This property is required. string - Update date of the policy.
- User
Name This property is required. string - Filter results by a specific user name. Returned policies are attached to the specified user.
- Version
Id This property is required. string - The ID of default policy.
- attachment
Count This property is required. Integer - Attachment count of the policy.
- create
Date This property is required. String - Creation date of the policy.
- default
Version This property is required. String - Default version of the policy.
- description
This property is required. String - Description of the policy.
- document
This property is required. String - Policy document of the policy.
- id
This property is required. String - ID of the policy.
- name
This property is required. String - Name of the policy.
- policy
Document This property is required. String - Policy document of the policy.
- policy
Name This property is required. String - Name of the policy.
- type
This property is required. String - Filter results by a specific policy type. Valid values are
CustomandSystem. - update
Date This property is required. String - Update date of the policy.
- user
Name This property is required. String - Filter results by a specific user name. Returned policies are attached to the specified user.
- version
Id This property is required. String - The ID of default policy.
- attachment
Count This property is required. number - Attachment count of the policy.
- create
Date This property is required. string - Creation date of the policy.
- default
Version This property is required. string - Default version of the policy.
- description
This property is required. string - Description of the policy.
- document
This property is required. string - Policy document of the policy.
- id
This property is required. string - ID of the policy.
- name
This property is required. string - Name of the policy.
- policy
Document This property is required. string - Policy document of the policy.
- policy
Name This property is required. string - Name of the policy.
- type
This property is required. string - Filter results by a specific policy type. Valid values are
CustomandSystem. - update
Date This property is required. string - Update date of the policy.
- user
Name This property is required. string - Filter results by a specific user name. Returned policies are attached to the specified user.
- version
Id This property is required. string - The ID of default policy.
- attachment_
count This property is required. int - Attachment count of the policy.
- create_
date This property is required. str - Creation date of the policy.
- default_
version This property is required. str - Default version of the policy.
- description
This property is required. str - Description of the policy.
- document
This property is required. str - Policy document of the policy.
- id
This property is required. str - ID of the policy.
- name
This property is required. str - Name of the policy.
- policy_
document This property is required. str - Policy document of the policy.
- policy_
name This property is required. str - Name of the policy.
- type
This property is required. str - Filter results by a specific policy type. Valid values are
CustomandSystem. - update_
date This property is required. str - Update date of the policy.
- user_
name This property is required. str - Filter results by a specific user name. Returned policies are attached to the specified user.
- version_
id This property is required. str - The ID of default policy.
- attachment
Count This property is required. Number - Attachment count of the policy.
- create
Date This property is required. String - Creation date of the policy.
- default
Version This property is required. String - Default version of the policy.
- description
This property is required. String - Description of the policy.
- document
This property is required. String - Policy document of the policy.
- id
This property is required. String - ID of the policy.
- name
This property is required. String - Name of the policy.
- policy
Document This property is required. String - Policy document of the policy.
- policy
Name This property is required. String - Name of the policy.
- type
This property is required. String - Filter results by a specific policy type. Valid values are
CustomandSystem. - update
Date This property is required. String - Update date of the policy.
- user
Name This property is required. String - Filter results by a specific user name. Returned policies are attached to the specified user.
- version
Id This property is required. String - The ID of default policy.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloudTerraform Provider.