Alibaba Cloud v3.62.1, Sep 16 24

Alibaba Cloud v3.62.1 published on Monday, Sep 16, 2024 by Pulumi

alicloud.ram.SecurityPreference

Explore with Pulumi AI

Alibaba Cloud v3.62.1 published on Monday, Sep 16, 2024 by Pulumi

pulumi/pulumi-alicloud

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const example = new alicloud.ram.SecurityPreference("example", {
    enableSaveMfaTicket: false,
    allowUserToChangePassword: true,
});

import pulumi
import pulumi_alicloud as alicloud

example = alicloud.ram.SecurityPreference("example",
    enable_save_mfa_ticket=False,
    allow_user_to_change_password=True)

package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ram"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ram.NewSecurityPreference(ctx, "example", &ram.SecurityPreferenceArgs{
			EnableSaveMfaTicket:       pulumi.Bool(false),
			AllowUserToChangePassword: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    var example = new AliCloud.Ram.SecurityPreference("example", new()
    {
        EnableSaveMfaTicket = false,
        AllowUserToChangePassword = true,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ram.SecurityPreference;
import com.pulumi.alicloud.ram.SecurityPreferenceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new SecurityPreference("example", SecurityPreferenceArgs.builder()
            .enableSaveMfaTicket(false)
            .allowUserToChangePassword(true)
            .build());

    }
}

resources:
  example:
    type: alicloud:ram:SecurityPreference
    properties:
      enableSaveMfaTicket: false
      allowUserToChangePassword: true

Create SecurityPreference Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SecurityPreference(name: string, args?: SecurityPreferenceArgs, opts?: CustomResourceOptions);

@overload
def SecurityPreference(resource_name: str,
                       args: Optional[SecurityPreferenceArgs] = None,
                       opts: Optional[ResourceOptions] = None)

@overload
def SecurityPreference(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       allow_user_to_change_password: Optional[bool] = None,
                       allow_user_to_manage_access_keys: Optional[bool] = None,
                       allow_user_to_manage_mfa_devices: Optional[bool] = None,
                       enable_save_mfa_ticket: Optional[bool] = None,
                       enforce_mfa_for_login: Optional[bool] = None,
                       login_network_masks: Optional[str] = None,
                       login_session_duration: Optional[int] = None)

func NewSecurityPreference(ctx *Context, name string, args *SecurityPreferenceArgs, opts ...ResourceOption) (*SecurityPreference, error)

public SecurityPreference(string name, SecurityPreferenceArgs? args = null, CustomResourceOptions? opts = null)

public SecurityPreference(String name, SecurityPreferenceArgs args)
public SecurityPreference(String name, SecurityPreferenceArgs args, CustomResourceOptions options)

type: alicloud:ram:SecurityPreference
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecurityPreferenceArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecurityPreferenceArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecurityPreferenceArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecurityPreferenceArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecurityPreferenceArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var securityPreferenceResource = new AliCloud.Ram.SecurityPreference("securityPreferenceResource", new()
{
    AllowUserToChangePassword = false,
    AllowUserToManageAccessKeys = false,
    AllowUserToManageMfaDevices = false,
    EnableSaveMfaTicket = false,
    EnforceMfaForLogin = false,
    LoginNetworkMasks = "string",
    LoginSessionDuration = 0,
});

example, err := ram.NewSecurityPreference(ctx, "securityPreferenceResource", &ram.SecurityPreferenceArgs{
	AllowUserToChangePassword:   pulumi.Bool(false),
	AllowUserToManageAccessKeys: pulumi.Bool(false),
	AllowUserToManageMfaDevices: pulumi.Bool(false),
	EnableSaveMfaTicket:         pulumi.Bool(false),
	EnforceMfaForLogin:          pulumi.Bool(false),
	LoginNetworkMasks:           pulumi.String("string"),
	LoginSessionDuration:        pulumi.Int(0),
})

var securityPreferenceResource = new SecurityPreference("securityPreferenceResource", SecurityPreferenceArgs.builder()
    .allowUserToChangePassword(false)
    .allowUserToManageAccessKeys(false)
    .allowUserToManageMfaDevices(false)
    .enableSaveMfaTicket(false)
    .enforceMfaForLogin(false)
    .loginNetworkMasks("string")
    .loginSessionDuration(0)
    .build());

security_preference_resource = alicloud.ram.SecurityPreference("securityPreferenceResource",
    allow_user_to_change_password=False,
    allow_user_to_manage_access_keys=False,
    allow_user_to_manage_mfa_devices=False,
    enable_save_mfa_ticket=False,
    enforce_mfa_for_login=False,
    login_network_masks="string",
    login_session_duration=0)

const securityPreferenceResource = new alicloud.ram.SecurityPreference("securityPreferenceResource", {
    allowUserToChangePassword: false,
    allowUserToManageAccessKeys: false,
    allowUserToManageMfaDevices: false,
    enableSaveMfaTicket: false,
    enforceMfaForLogin: false,
    loginNetworkMasks: "string",
    loginSessionDuration: 0,
});

type: alicloud:ram:SecurityPreference
properties:
    allowUserToChangePassword: false
    allowUserToManageAccessKeys: false
    allowUserToManageMfaDevices: false
    enableSaveMfaTicket: false
    enforceMfaForLogin: false
    loginNetworkMasks: string
    loginSessionDuration: 0

SecurityPreference Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The SecurityPreference resource accepts the following input properties:

AllowUserToChangePassword bool

Specifies whether RAM users can change their passwords. Valid values: true and false

AllowUserToManageAccessKeys bool

Specifies whether RAM users can manage their AccessKey pairs. Valid values: true and false

AllowUserToManageMfaDevices bool

Specifies whether RAM users can manage their MFA devices. Valid values: true and false

EnableSaveMfaTicket bool

Specifies whether to remember the MFA devices for seven days. Valid values: true and false

EnforceMfaForLogin bool

Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: true and false

LoginNetworkMasks string

The subnet mask that specifies the IP addresses from which you can log on to the Alibaba Cloud Management Console. This parameter takes effect on password-based logon and single sign-on (SSO). However, this parameter does not take effect on API calls that are authenticated by using AccessKey pairs.NOTE: You can specify up to 25 subnet masks. The total length of the subnet masks can be a maximum of 512 characters.

If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.

LoginSessionDuration int

The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.

AllowUserToChangePassword bool

Specifies whether RAM users can change their passwords. Valid values: true and false

AllowUserToManageAccessKeys bool

Specifies whether RAM users can manage their AccessKey pairs. Valid values: true and false

AllowUserToManageMfaDevices bool

Specifies whether RAM users can manage their MFA devices. Valid values: true and false

EnableSaveMfaTicket bool

Specifies whether to remember the MFA devices for seven days. Valid values: true and false

EnforceMfaForLogin bool

Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: true and false

LoginNetworkMasks string

If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.

LoginSessionDuration int

The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.

allowUserToChangePassword Boolean

Specifies whether RAM users can change their passwords. Valid values: true and false

allowUserToManageAccessKeys Boolean

Specifies whether RAM users can manage their AccessKey pairs. Valid values: true and false

allowUserToManageMfaDevices Boolean

Specifies whether RAM users can manage their MFA devices. Valid values: true and false

enableSaveMfaTicket Boolean

Specifies whether to remember the MFA devices for seven days. Valid values: true and false

enforceMfaForLogin Boolean

Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: true and false

loginNetworkMasks String

If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.

loginSessionDuration Integer

The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.

allowUserToChangePassword boolean

Specifies whether RAM users can change their passwords. Valid values: true and false

allowUserToManageAccessKeys boolean

Specifies whether RAM users can manage their AccessKey pairs. Valid values: true and false

allowUserToManageMfaDevices boolean

Specifies whether RAM users can manage their MFA devices. Valid values: true and false

enableSaveMfaTicket boolean

Specifies whether to remember the MFA devices for seven days. Valid values: true and false

enforceMfaForLogin boolean

Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: true and false

loginNetworkMasks string

If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.

loginSessionDuration number

The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.

allow_user_to_change_password bool

Specifies whether RAM users can change their passwords. Valid values: true and false

allow_user_to_manage_access_keys bool

Specifies whether RAM users can manage their AccessKey pairs. Valid values: true and false

allow_user_to_manage_mfa_devices bool

Specifies whether RAM users can manage their MFA devices. Valid values: true and false

enable_save_mfa_ticket bool

Specifies whether to remember the MFA devices for seven days. Valid values: true and false

enforce_mfa_for_login bool

Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: true and false

login_network_masks str

If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.

login_session_duration int

The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.

allowUserToChangePassword Boolean

Specifies whether RAM users can change their passwords. Valid values: true and false

allowUserToManageAccessKeys Boolean

Specifies whether RAM users can manage their AccessKey pairs. Valid values: true and false

allowUserToManageMfaDevices Boolean

Specifies whether RAM users can manage their MFA devices. Valid values: true and false

enableSaveMfaTicket Boolean

Specifies whether to remember the MFA devices for seven days. Valid values: true and false

enforceMfaForLogin Boolean

Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: true and false

loginNetworkMasks String

If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.

loginSessionDuration Number

The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecurityPreference resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing SecurityPreference Resource

Get an existing SecurityPreference resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecurityPreferenceState, opts?: CustomResourceOptions): SecurityPreference

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allow_user_to_change_password: Optional[bool] = None,
        allow_user_to_manage_access_keys: Optional[bool] = None,
        allow_user_to_manage_mfa_devices: Optional[bool] = None,
        enable_save_mfa_ticket: Optional[bool] = None,
        enforce_mfa_for_login: Optional[bool] = None,
        login_network_masks: Optional[str] = None,
        login_session_duration: Optional[int] = None) -> SecurityPreference

func GetSecurityPreference(ctx *Context, name string, id IDInput, state *SecurityPreferenceState, opts ...ResourceOption) (*SecurityPreference, error)

public static SecurityPreference Get(string name, Input<string> id, SecurityPreferenceState? state, CustomResourceOptions? opts = null)

public static SecurityPreference get(String name, Output<String> id, SecurityPreferenceState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowUserToChangePassword bool

Specifies whether RAM users can change their passwords. Valid values: true and false

AllowUserToManageAccessKeys bool

Specifies whether RAM users can manage their AccessKey pairs. Valid values: true and false

AllowUserToManageMfaDevices bool

Specifies whether RAM users can manage their MFA devices. Valid values: true and false

EnableSaveMfaTicket bool

Specifies whether to remember the MFA devices for seven days. Valid values: true and false

EnforceMfaForLogin bool

Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: true and false

LoginNetworkMasks string

If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.

LoginSessionDuration int

The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.

AllowUserToChangePassword bool

Specifies whether RAM users can change their passwords. Valid values: true and false

AllowUserToManageAccessKeys bool

Specifies whether RAM users can manage their AccessKey pairs. Valid values: true and false

AllowUserToManageMfaDevices bool

Specifies whether RAM users can manage their MFA devices. Valid values: true and false

EnableSaveMfaTicket bool

Specifies whether to remember the MFA devices for seven days. Valid values: true and false

EnforceMfaForLogin bool

Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: true and false

LoginNetworkMasks string

If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.

LoginSessionDuration int

The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.

allowUserToChangePassword Boolean

Specifies whether RAM users can change their passwords. Valid values: true and false

allowUserToManageAccessKeys Boolean

Specifies whether RAM users can manage their AccessKey pairs. Valid values: true and false

allowUserToManageMfaDevices Boolean

Specifies whether RAM users can manage their MFA devices. Valid values: true and false

enableSaveMfaTicket Boolean

Specifies whether to remember the MFA devices for seven days. Valid values: true and false

enforceMfaForLogin Boolean

Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: true and false

loginNetworkMasks String

If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.

loginSessionDuration Integer

The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.

allowUserToChangePassword boolean

Specifies whether RAM users can change their passwords. Valid values: true and false

allowUserToManageAccessKeys boolean

Specifies whether RAM users can manage their AccessKey pairs. Valid values: true and false

allowUserToManageMfaDevices boolean

Specifies whether RAM users can manage their MFA devices. Valid values: true and false

enableSaveMfaTicket boolean

Specifies whether to remember the MFA devices for seven days. Valid values: true and false

enforceMfaForLogin boolean

Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: true and false

loginNetworkMasks string

If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.

loginSessionDuration number

The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.

allow_user_to_change_password bool

Specifies whether RAM users can change their passwords. Valid values: true and false

allow_user_to_manage_access_keys bool

Specifies whether RAM users can manage their AccessKey pairs. Valid values: true and false

allow_user_to_manage_mfa_devices bool

Specifies whether RAM users can manage their MFA devices. Valid values: true and false

enable_save_mfa_ticket bool

Specifies whether to remember the MFA devices for seven days. Valid values: true and false

enforce_mfa_for_login bool

Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: true and false

login_network_masks str

If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.

login_session_duration int

The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.

allowUserToChangePassword Boolean

Specifies whether RAM users can change their passwords. Valid values: true and false

allowUserToManageAccessKeys Boolean

Specifies whether RAM users can manage their AccessKey pairs. Valid values: true and false

allowUserToManageMfaDevices Boolean

Specifies whether RAM users can manage their MFA devices. Valid values: true and false

enableSaveMfaTicket Boolean

Specifies whether to remember the MFA devices for seven days. Valid values: true and false

enforceMfaForLogin Boolean

Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: true and false

loginNetworkMasks String

If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.

loginSessionDuration Number

The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.

Import

RAM Security Preference can be imported using the id, e.g.

$ pulumi import alicloud:ram/securityPreference:SecurityPreference example <id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.62.1 published on Monday, Sep 16, 2024 by Pulumi

pulumi/pulumi-alicloud

alicloud.ram.SecurityPreference

On this page

On this page

Example Usage

Create SecurityPreference Resource

Constructor syntax

Parameters

Constructor example

SecurityPreference Resource Properties

Inputs

Outputs

Look up Existing SecurityPreference Resource

Import

Package Details

On this page

On this page