alicloud_accountalicloud_action_trailalicloud_cas_certificatealicloud_cms_monitor_hostalicloud_cs_kubernetes_clusteralicloud_cs_kubernetes_cluster_nodealicloud_ecs_auto_provisioning_groupalicloud_ecs_autoscaling_groupalicloud_ecs_diskalicloud_ecs_disk_metric_read_iopsalicloud_ecs_disk_metric_read_iops_dailyalicloud_ecs_disk_metric_read_iops_hourlyalicloud_ecs_disk_metric_write_iopsalicloud_ecs_disk_metric_write_iops_dailyalicloud_ecs_disk_metric_write_iops_hourlyalicloud_ecs_imagealicloud_ecs_instancealicloud_ecs_instance_metric_cpu_utilization_dailyalicloud_ecs_instance_metric_cpu_utilization_hourlyalicloud_ecs_key_pairalicloud_ecs_launch_templatealicloud_ecs_network_interfacealicloud_ecs_regionalicloud_ecs_security_groupalicloud_ecs_snapshotalicloud_ecs_zonealicloud_kms_keyalicloud_kms_secretalicloud_oss_bucketalicloud_ram_access_keyalicloud_ram_credential_reportalicloud_ram_groupalicloud_ram_password_policyalicloud_ram_policyalicloud_ram_rolealicloud_ram_security_preferencealicloud_ram_useralicloud_rds_backupalicloud_rds_databasealicloud_rds_instancealicloud_rds_instance_metric_connectionsalicloud_rds_instance_metric_connections_dailyalicloud_rds_instance_metric_cpu_utilizationalicloud_rds_instance_metric_cpu_utilization_dailyalicloud_rds_instance_metric_cpu_utilization_hourlyalicloud_security_center_field_statisticsalicloud_security_center_versionalicloud_slb_load_balanceralicloud_vpcalicloud_vpc_dhcp_options_setalicloud_vpc_eipalicloud_vpc_flow_logalicloud_vpc_nat_gatewayalicloud_vpc_network_aclalicloud_vpc_route_entryalicloud_vpc_route_tablealicloud_vpc_ssl_vpn_client_certalicloud_vpc_ssl_vpn_serveralicloud_vpc_vpn_connectionalicloud_vpc_vpn_customer_gatewayalicloud_vpc_vpn_gatewayalicloud_vpc_vswitch
Table: alicloud_ram_policy
Permissions are specified by a statement within a policy that allows or denies access to a specific Alibaba Cloud resource.
A policy defines a set of permissions that are described based on the policy structure and syntax. A policy can accurately describe the authorized resource sets, authorized operation sets, and authorization conditions.
Examples
Basic info
select policy_name, policy_type, description, default_version, policy_documentfrom alicloud_ram_policy;
List system policies
select policy_name, policy_type, description, default_version, policy_documentfrom alicloud_ram_policywhere policy_type = 'System';
List custom policies
select policy_name, policy_type, description, default_version, policy_documentfrom alicloud_ram_policywhere policy_type = 'Custom';
List policies with statements granting full access
select policy_name, policy_type, action, s ->> 'Effect' as effectfrom alicloud_ram_policy, jsonb_array_elements(policy_document_std -> 'Statement') as s, jsonb_array_elements_text(s -> 'Action') as actionwhere action in ('*', '*:*') and s ->> 'Effect' = 'Allow';
Query examples
- ram_all_policies_for_user
- ram_policies_for_ram_group
- ram_policies_for_ram_role
- ram_policies_for_ram_user
- ram_policy_alicloud_managed
- ram_policy_attached
- ram_policy_input
- ram_policy_overview
- ram_policy_std_for_ram_policy
- ram_user_manage_policies_sankey
.inspect alicloud_ram_policy
Alibaba Cloud RAM Policy
Name | Type | Description |
---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
account_id | text | The Alicloud Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. |
attachment_count | bigint | The number of references to the policy. |
create_date | timestamp with time zone | Policy creation date |
default_version | text | Deafult version of the policy |
description | text | The policy description |
policy_document | jsonb | Contains the details about the policy. |
policy_document_std | jsonb | Contains the policy document in a canonical form for easier searching. |
policy_name | text | The name of the policy. |
policy_type | text | The type of the policy. Valid values: System and Custom. |
region | text | The Alicloud region in which the resource is located. |
title | text | Title of the resource. |
update_date | timestamp with time zone | Last time when policy got updated |