Skip to main content

alicloud_ram_policies Resource

Use the alicloud_ram_policies InSpec audit resource to test properties of a collection of Alicloud RAM Policies.


An alicloud_ram_policies resource returns a collection of RAM Policies and allows testing of that collection.

describe alicloud_ram_policies do
  its('policy_names') { should include('test-policy-1') }


type (optional)

This resource allows filtering by PolicyType. To list only Alicloud managed policies, set type to System. To list only the customer managed policies in your Alicloud account, set type to Custom. If type is not supplied, both types of policies are returned.

only_attached (optional)

This resource allows filtering by attached entities. When only_attached is true, the returned list contains only the policies that are attached to a RAM user, group, or role. When only_attached is false, or when the parameter is not included, all policies of the specified type(s) (System and/or Custom) are returned, whether they are attached to any RAM users, groups, or roles, or not.

region (optional)

The Alicloud Region ID - see the Alicloud documentation on Regions and Zones.
If provided, it must be passed as region: 'value'.
If not provided, the ALICLOUD_REGION environment variable will be used.

See also the Alicloud documentation on RAM Policy.


The policy names.
The ‘default_version’ value of each policy.
The count of attached entities for each policy.
The list of group names of the groups attached to each policy.
The list of role names of the roles attached to each policy.
The list of usernames of the users attached to each policy.
Provides access to the raw results of the query, which can be treated as an array of hashes.


Ensure a policy exists.

describe alicloud_ram_policies do
  its('policy_names') { should include('test-policy-1') }

Allow at most 100 RAM Policies on the account.

describe alicloud_ram_policies do
  its('entries.count') { should be <= 100}


For a full list of available matchers, please visit our matchers page.


The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe alicloud_ram_policies.where( <property>: <value>) do
  it { should exist }
describe alicloud_ram_policies.where( <property>: <value>) do
  it { should_not exist }

Alicloud Permissions

Your Principal will need the ram:ListPolicies and ram:ListEntitiesForPolicy actions with Effect set to Allow.

See the Alibaba Cloud Resource Access Management documentation. See the documentation on authentication to RAM APIs.

Edit this page on GitHub

Thank you for your feedback!


Search Results