Alibaba Cloud v3.77.0, May 2 25

Alibaba Cloud v3.77.0 published on Friday, May 2, 2025 by Pulumi

alicloud.ram.SecurityPreference

Explore with Pulumi AI

Alibaba Cloud v3.77.0 published on Friday, May 2, 2025 by Pulumi

pulumi/pulumi-alicloud

Import

RAM Security Preference can be imported using the id, e.g.

$ pulumi import alicloud:ram/securityPreference:SecurityPreference example

Create SecurityPreference Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SecurityPreference(name: string, args?: SecurityPreferenceArgs, opts?: CustomResourceOptions);

@overload
def SecurityPreference(resource_name: str,
                       args: Optional[SecurityPreferenceArgs] = None,
                       opts: Optional[ResourceOptions] = None)

@overload
def SecurityPreference(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       allow_user_to_change_password: Optional[bool] = None,
                       allow_user_to_login_with_passkey: Optional[bool] = None,
                       allow_user_to_manage_access_keys: Optional[bool] = None,
                       allow_user_to_manage_mfa_devices: Optional[bool] = None,
                       allow_user_to_manage_personal_ding_talk: Optional[bool] = None,
                       enable_save_mfa_ticket: Optional[bool] = None,
                       enforce_mfa_for_login: Optional[bool] = None,
                       login_network_masks: Optional[str] = None,
                       login_session_duration: Optional[int] = None,
                       mfa_operation_for_login: Optional[str] = None,
                       operation_for_risk_login: Optional[str] = None,
                       verification_types: Optional[Sequence[str]] = None)

func NewSecurityPreference(ctx *Context, name string, args *SecurityPreferenceArgs, opts ...ResourceOption) (*SecurityPreference, error)

public SecurityPreference(string name, SecurityPreferenceArgs? args = null, CustomResourceOptions? opts = null)

public SecurityPreference(String name, SecurityPreferenceArgs args)
public SecurityPreference(String name, SecurityPreferenceArgs args, CustomResourceOptions options)

type: alicloud:ram:SecurityPreference
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecurityPreferenceArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecurityPreferenceArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecurityPreferenceArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecurityPreferenceArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecurityPreferenceArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var securityPreferenceResource = new AliCloud.Ram.SecurityPreference("securityPreferenceResource", new()
{
    AllowUserToChangePassword = false,
    AllowUserToLoginWithPasskey = false,
    AllowUserToManageAccessKeys = false,
    AllowUserToManageMfaDevices = false,
    AllowUserToManagePersonalDingTalk = false,
    EnableSaveMfaTicket = false,
    EnforceMfaForLogin = false,
    LoginNetworkMasks = "string",
    LoginSessionDuration = 0,
    MfaOperationForLogin = "string",
    OperationForRiskLogin = "string",
    VerificationTypes = new[]
    {
        "string",
    },
});

example, err := ram.NewSecurityPreference(ctx, "securityPreferenceResource", &ram.SecurityPreferenceArgs{
	AllowUserToChangePassword:         pulumi.Bool(false),
	AllowUserToLoginWithPasskey:       pulumi.Bool(false),
	AllowUserToManageAccessKeys:       pulumi.Bool(false),
	AllowUserToManageMfaDevices:       pulumi.Bool(false),
	AllowUserToManagePersonalDingTalk: pulumi.Bool(false),
	EnableSaveMfaTicket:               pulumi.Bool(false),
	EnforceMfaForLogin:                pulumi.Bool(false),
	LoginNetworkMasks:                 pulumi.String("string"),
	LoginSessionDuration:              pulumi.Int(0),
	MfaOperationForLogin:              pulumi.String("string"),
	OperationForRiskLogin:             pulumi.String("string"),
	VerificationTypes: pulumi.StringArray{
		pulumi.String("string"),
	},
})

var securityPreferenceResource = new SecurityPreference("securityPreferenceResource", SecurityPreferenceArgs.builder()
    .allowUserToChangePassword(false)
    .allowUserToLoginWithPasskey(false)
    .allowUserToManageAccessKeys(false)
    .allowUserToManageMfaDevices(false)
    .allowUserToManagePersonalDingTalk(false)
    .enableSaveMfaTicket(false)
    .enforceMfaForLogin(false)
    .loginNetworkMasks("string")
    .loginSessionDuration(0)
    .mfaOperationForLogin("string")
    .operationForRiskLogin("string")
    .verificationTypes("string")
    .build());

security_preference_resource = alicloud.ram.SecurityPreference("securityPreferenceResource",
    allow_user_to_change_password=False,
    allow_user_to_login_with_passkey=False,
    allow_user_to_manage_access_keys=False,
    allow_user_to_manage_mfa_devices=False,
    allow_user_to_manage_personal_ding_talk=False,
    enable_save_mfa_ticket=False,
    enforce_mfa_for_login=False,
    login_network_masks="string",
    login_session_duration=0,
    mfa_operation_for_login="string",
    operation_for_risk_login="string",
    verification_types=["string"])

const securityPreferenceResource = new alicloud.ram.SecurityPreference("securityPreferenceResource", {
    allowUserToChangePassword: false,
    allowUserToLoginWithPasskey: false,
    allowUserToManageAccessKeys: false,
    allowUserToManageMfaDevices: false,
    allowUserToManagePersonalDingTalk: false,
    enableSaveMfaTicket: false,
    enforceMfaForLogin: false,
    loginNetworkMasks: "string",
    loginSessionDuration: 0,
    mfaOperationForLogin: "string",
    operationForRiskLogin: "string",
    verificationTypes: ["string"],
});

type: alicloud:ram:SecurityPreference
properties:
    allowUserToChangePassword: false
    allowUserToLoginWithPasskey: false
    allowUserToManageAccessKeys: false
    allowUserToManageMfaDevices: false
    allowUserToManagePersonalDingTalk: false
    enableSaveMfaTicket: false
    enforceMfaForLogin: false
    loginNetworkMasks: string
    loginSessionDuration: 0
    mfaOperationForLogin: string
    operationForRiskLogin: string
    verificationTypes:
        - string

SecurityPreference Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SecurityPreference resource accepts the following input properties:

AllowUserToChangePassword bool

Whether to allow RAM users to manage their own passwords. Value:

true (default): Allowed.
false: not allowed.

AllowUserToLoginWithPasskey bool

Whether to allow RAM users to log on using a passkey. Value:

true (default): Allowed.
false: not allowed.

AllowUserToManageAccessKeys bool

Whether to allow RAM users to manage their own access keys. Value:

true: Allow.
false (default): Not allowed.

AllowUserToManageMfaDevices bool

Whether to allow RAM users to manage multi-factor authentication devices. Value:

true (default): Allowed.
false: not allowed.

AllowUserToManagePersonalDingTalk bool

Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:

true (default): Allowed.
false: not allowed.

EnableSaveMfaTicket bool

Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:

true: Allow.
false (default): Not allowed.

EnforceMfaForLogin bool

Field enforce_mfa_for_login has been deprecated from provider version 1.248.0. New field mfa_operation_for_login instead. Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: true and false

LoginNetworkMasks string

The login mask. The logon mask determines which IP addresses are affected by the logon console, including password logon and single sign-on (SSO), but API calls made using the access key are not affected.

If the mask is specified, RAM users can only log on from the specified IP address.
If you do not specify any mask, the login console function will apply to the entire network.

When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.

Configure a maximum of 40 logon masks, with a total length of 512 characters.

LoginSessionDuration int

The validity period of the logon session of RAM users. Valid values: 1 to 24. Unit: hours. Default value: 6.

MfaOperationForLogin string

MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:

mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
adaptive: Used only during abnormal login.

OperationForRiskLogin string

Whether MFA is verified twice during abnormal logon. Value:

autonomous (default): Skip, do not force binding.
enforceVerify: Force binding validation.

VerificationTypes List<string>

Means of multi-factor authentication. Value:

sms: secure phone.
email: Secure mailbox.

The following arguments will be discarded. Please use new fields as soon as possible:

AllowUserToChangePassword bool

Whether to allow RAM users to manage their own passwords. Value:

true (default): Allowed.
false: not allowed.

AllowUserToLoginWithPasskey bool

Whether to allow RAM users to log on using a passkey. Value:

true (default): Allowed.
false: not allowed.

AllowUserToManageAccessKeys bool

Whether to allow RAM users to manage their own access keys. Value:

true: Allow.
false (default): Not allowed.

AllowUserToManageMfaDevices bool

Whether to allow RAM users to manage multi-factor authentication devices. Value:

true (default): Allowed.
false: not allowed.

AllowUserToManagePersonalDingTalk bool

Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:

true (default): Allowed.
false: not allowed.

EnableSaveMfaTicket bool

Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:

true: Allow.
false (default): Not allowed.

EnforceMfaForLogin bool

LoginNetworkMasks string

If the mask is specified, RAM users can only log on from the specified IP address.
If you do not specify any mask, the login console function will apply to the entire network.

When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.

Configure a maximum of 40 logon masks, with a total length of 512 characters.

LoginSessionDuration int

The validity period of the logon session of RAM users. Valid values: 1 to 24. Unit: hours. Default value: 6.

MfaOperationForLogin string

MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:

mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
adaptive: Used only during abnormal login.

OperationForRiskLogin string

Whether MFA is verified twice during abnormal logon. Value:

autonomous (default): Skip, do not force binding.
enforceVerify: Force binding validation.

VerificationTypes []string

Means of multi-factor authentication. Value:

sms: secure phone.
email: Secure mailbox.

The following arguments will be discarded. Please use new fields as soon as possible:

allowUserToChangePassword Boolean

Whether to allow RAM users to manage their own passwords. Value:

true (default): Allowed.
false: not allowed.

allowUserToLoginWithPasskey Boolean

Whether to allow RAM users to log on using a passkey. Value:

true (default): Allowed.
false: not allowed.

allowUserToManageAccessKeys Boolean

Whether to allow RAM users to manage their own access keys. Value:

true: Allow.
false (default): Not allowed.

allowUserToManageMfaDevices Boolean

Whether to allow RAM users to manage multi-factor authentication devices. Value:

true (default): Allowed.
false: not allowed.

allowUserToManagePersonalDingTalk Boolean

Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:

true (default): Allowed.
false: not allowed.

enableSaveMfaTicket Boolean

Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:

true: Allow.
false (default): Not allowed.

enforceMfaForLogin Boolean

loginNetworkMasks String

If the mask is specified, RAM users can only log on from the specified IP address.
If you do not specify any mask, the login console function will apply to the entire network.

When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.

Configure a maximum of 40 logon masks, with a total length of 512 characters.

loginSessionDuration Integer

The validity period of the logon session of RAM users. Valid values: 1 to 24. Unit: hours. Default value: 6.

mfaOperationForLogin String

MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:

mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
adaptive: Used only during abnormal login.

operationForRiskLogin String

Whether MFA is verified twice during abnormal logon. Value:

autonomous (default): Skip, do not force binding.
enforceVerify: Force binding validation.

verificationTypes List<String>

Means of multi-factor authentication. Value:

sms: secure phone.
email: Secure mailbox.

The following arguments will be discarded. Please use new fields as soon as possible:

allowUserToChangePassword boolean

Whether to allow RAM users to manage their own passwords. Value:

true (default): Allowed.
false: not allowed.

allowUserToLoginWithPasskey boolean

Whether to allow RAM users to log on using a passkey. Value:

true (default): Allowed.
false: not allowed.

allowUserToManageAccessKeys boolean

Whether to allow RAM users to manage their own access keys. Value:

true: Allow.
false (default): Not allowed.

allowUserToManageMfaDevices boolean

Whether to allow RAM users to manage multi-factor authentication devices. Value:

true (default): Allowed.
false: not allowed.

allowUserToManagePersonalDingTalk boolean

Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:

true (default): Allowed.
false: not allowed.

enableSaveMfaTicket boolean

Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:

true: Allow.
false (default): Not allowed.

enforceMfaForLogin boolean

loginNetworkMasks string

If the mask is specified, RAM users can only log on from the specified IP address.
If you do not specify any mask, the login console function will apply to the entire network.

When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.

Configure a maximum of 40 logon masks, with a total length of 512 characters.

loginSessionDuration number

The validity period of the logon session of RAM users. Valid values: 1 to 24. Unit: hours. Default value: 6.

mfaOperationForLogin string

MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:

mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
adaptive: Used only during abnormal login.

operationForRiskLogin string

Whether MFA is verified twice during abnormal logon. Value:

autonomous (default): Skip, do not force binding.
enforceVerify: Force binding validation.

verificationTypes string[]

Means of multi-factor authentication. Value:

sms: secure phone.
email: Secure mailbox.

The following arguments will be discarded. Please use new fields as soon as possible:

allow_user_to_change_password bool

Whether to allow RAM users to manage their own passwords. Value:

true (default): Allowed.
false: not allowed.

allow_user_to_login_with_passkey bool

Whether to allow RAM users to log on using a passkey. Value:

true (default): Allowed.
false: not allowed.

allow_user_to_manage_access_keys bool

Whether to allow RAM users to manage their own access keys. Value:

true: Allow.
false (default): Not allowed.

allow_user_to_manage_mfa_devices bool

Whether to allow RAM users to manage multi-factor authentication devices. Value:

true (default): Allowed.
false: not allowed.

allow_user_to_manage_personal_ding_talk bool

Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:

true (default): Allowed.
false: not allowed.

enable_save_mfa_ticket bool

Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:

true: Allow.
false (default): Not allowed.

enforce_mfa_for_login bool

login_network_masks str

If the mask is specified, RAM users can only log on from the specified IP address.
If you do not specify any mask, the login console function will apply to the entire network.

When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.

Configure a maximum of 40 logon masks, with a total length of 512 characters.

login_session_duration int

The validity period of the logon session of RAM users. Valid values: 1 to 24. Unit: hours. Default value: 6.

mfa_operation_for_login str

MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:

mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
adaptive: Used only during abnormal login.

operation_for_risk_login str

Whether MFA is verified twice during abnormal logon. Value:

autonomous (default): Skip, do not force binding.
enforceVerify: Force binding validation.

verification_types Sequence[str]

Means of multi-factor authentication. Value:

sms: secure phone.
email: Secure mailbox.

The following arguments will be discarded. Please use new fields as soon as possible:

allowUserToChangePassword Boolean

Whether to allow RAM users to manage their own passwords. Value:

true (default): Allowed.
false: not allowed.

allowUserToLoginWithPasskey Boolean

Whether to allow RAM users to log on using a passkey. Value:

true (default): Allowed.
false: not allowed.

allowUserToManageAccessKeys Boolean

Whether to allow RAM users to manage their own access keys. Value:

true: Allow.
false (default): Not allowed.

allowUserToManageMfaDevices Boolean

Whether to allow RAM users to manage multi-factor authentication devices. Value:

true (default): Allowed.
false: not allowed.

allowUserToManagePersonalDingTalk Boolean

Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:

true (default): Allowed.
false: not allowed.

enableSaveMfaTicket Boolean

Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:

true: Allow.
false (default): Not allowed.

enforceMfaForLogin Boolean

loginNetworkMasks String

If the mask is specified, RAM users can only log on from the specified IP address.
If you do not specify any mask, the login console function will apply to the entire network.

When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.

Configure a maximum of 40 logon masks, with a total length of 512 characters.

loginSessionDuration Number

The validity period of the logon session of RAM users. Valid values: 1 to 24. Unit: hours. Default value: 6.

mfaOperationForLogin String

MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:

mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
adaptive: Used only during abnormal login.

operationForRiskLogin String

Whether MFA is verified twice during abnormal logon. Value:

autonomous (default): Skip, do not force binding.
enforceVerify: Force binding validation.

verificationTypes List<String>

Means of multi-factor authentication. Value:

sms: secure phone.
email: Secure mailbox.

The following arguments will be discarded. Please use new fields as soon as possible:

Outputs

All input properties are implicitly available as output properties. Additionally, the SecurityPreference resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing SecurityPreference Resource

Get an existing SecurityPreference resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecurityPreferenceState, opts?: CustomResourceOptions): SecurityPreference

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allow_user_to_change_password: Optional[bool] = None,
        allow_user_to_login_with_passkey: Optional[bool] = None,
        allow_user_to_manage_access_keys: Optional[bool] = None,
        allow_user_to_manage_mfa_devices: Optional[bool] = None,
        allow_user_to_manage_personal_ding_talk: Optional[bool] = None,
        enable_save_mfa_ticket: Optional[bool] = None,
        enforce_mfa_for_login: Optional[bool] = None,
        login_network_masks: Optional[str] = None,
        login_session_duration: Optional[int] = None,
        mfa_operation_for_login: Optional[str] = None,
        operation_for_risk_login: Optional[str] = None,
        verification_types: Optional[Sequence[str]] = None) -> SecurityPreference

func GetSecurityPreference(ctx *Context, name string, id IDInput, state *SecurityPreferenceState, opts ...ResourceOption) (*SecurityPreference, error)

public static SecurityPreference Get(string name, Input<string> id, SecurityPreferenceState? state, CustomResourceOptions? opts = null)

public static SecurityPreference get(String name, Output<String> id, SecurityPreferenceState state, CustomResourceOptions options)

resources:  _:    type: alicloud:ram:SecurityPreference    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowUserToChangePassword bool

Whether to allow RAM users to manage their own passwords. Value:

true (default): Allowed.
false: not allowed.

AllowUserToLoginWithPasskey bool

Whether to allow RAM users to log on using a passkey. Value:

true (default): Allowed.
false: not allowed.

AllowUserToManageAccessKeys bool

Whether to allow RAM users to manage their own access keys. Value:

true: Allow.
false (default): Not allowed.

AllowUserToManageMfaDevices bool

Whether to allow RAM users to manage multi-factor authentication devices. Value:

true (default): Allowed.
false: not allowed.

AllowUserToManagePersonalDingTalk bool

Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:

true (default): Allowed.
false: not allowed.

EnableSaveMfaTicket bool

Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:

true: Allow.
false (default): Not allowed.

EnforceMfaForLogin bool

LoginNetworkMasks string

If the mask is specified, RAM users can only log on from the specified IP address.
If you do not specify any mask, the login console function will apply to the entire network.

When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.

Configure a maximum of 40 logon masks, with a total length of 512 characters.

LoginSessionDuration int

The validity period of the logon session of RAM users. Valid values: 1 to 24. Unit: hours. Default value: 6.

MfaOperationForLogin string

MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:

mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
adaptive: Used only during abnormal login.

OperationForRiskLogin string

Whether MFA is verified twice during abnormal logon. Value:

autonomous (default): Skip, do not force binding.
enforceVerify: Force binding validation.

VerificationTypes List<string>

Means of multi-factor authentication. Value:

sms: secure phone.
email: Secure mailbox.

The following arguments will be discarded. Please use new fields as soon as possible:

AllowUserToChangePassword bool

Whether to allow RAM users to manage their own passwords. Value:

true (default): Allowed.
false: not allowed.

AllowUserToLoginWithPasskey bool

Whether to allow RAM users to log on using a passkey. Value:

true (default): Allowed.
false: not allowed.

AllowUserToManageAccessKeys bool

Whether to allow RAM users to manage their own access keys. Value:

true: Allow.
false (default): Not allowed.

AllowUserToManageMfaDevices bool

Whether to allow RAM users to manage multi-factor authentication devices. Value:

true (default): Allowed.
false: not allowed.

AllowUserToManagePersonalDingTalk bool

Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:

true (default): Allowed.
false: not allowed.

EnableSaveMfaTicket bool

Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:

true: Allow.
false (default): Not allowed.

EnforceMfaForLogin bool

LoginNetworkMasks string

If the mask is specified, RAM users can only log on from the specified IP address.
If you do not specify any mask, the login console function will apply to the entire network.

When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.

Configure a maximum of 40 logon masks, with a total length of 512 characters.

LoginSessionDuration int

The validity period of the logon session of RAM users. Valid values: 1 to 24. Unit: hours. Default value: 6.

MfaOperationForLogin string

MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:

mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
adaptive: Used only during abnormal login.

OperationForRiskLogin string

Whether MFA is verified twice during abnormal logon. Value:

autonomous (default): Skip, do not force binding.
enforceVerify: Force binding validation.

VerificationTypes []string

Means of multi-factor authentication. Value:

sms: secure phone.
email: Secure mailbox.

The following arguments will be discarded. Please use new fields as soon as possible:

allowUserToChangePassword Boolean

Whether to allow RAM users to manage their own passwords. Value:

true (default): Allowed.
false: not allowed.

allowUserToLoginWithPasskey Boolean

Whether to allow RAM users to log on using a passkey. Value:

true (default): Allowed.
false: not allowed.

allowUserToManageAccessKeys Boolean

Whether to allow RAM users to manage their own access keys. Value:

true: Allow.
false (default): Not allowed.

allowUserToManageMfaDevices Boolean

Whether to allow RAM users to manage multi-factor authentication devices. Value:

true (default): Allowed.
false: not allowed.

allowUserToManagePersonalDingTalk Boolean

Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:

true (default): Allowed.
false: not allowed.

enableSaveMfaTicket Boolean

Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:

true: Allow.
false (default): Not allowed.

enforceMfaForLogin Boolean

loginNetworkMasks String

If the mask is specified, RAM users can only log on from the specified IP address.
If you do not specify any mask, the login console function will apply to the entire network.

When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.

Configure a maximum of 40 logon masks, with a total length of 512 characters.

loginSessionDuration Integer

The validity period of the logon session of RAM users. Valid values: 1 to 24. Unit: hours. Default value: 6.

mfaOperationForLogin String

MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:

mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
adaptive: Used only during abnormal login.

operationForRiskLogin String

Whether MFA is verified twice during abnormal logon. Value:

autonomous (default): Skip, do not force binding.
enforceVerify: Force binding validation.

verificationTypes List<String>

Means of multi-factor authentication. Value:

sms: secure phone.
email: Secure mailbox.

The following arguments will be discarded. Please use new fields as soon as possible:

allowUserToChangePassword boolean

Whether to allow RAM users to manage their own passwords. Value:

true (default): Allowed.
false: not allowed.

allowUserToLoginWithPasskey boolean

Whether to allow RAM users to log on using a passkey. Value:

true (default): Allowed.
false: not allowed.

allowUserToManageAccessKeys boolean

Whether to allow RAM users to manage their own access keys. Value:

true: Allow.
false (default): Not allowed.

allowUserToManageMfaDevices boolean

Whether to allow RAM users to manage multi-factor authentication devices. Value:

true (default): Allowed.
false: not allowed.

allowUserToManagePersonalDingTalk boolean

Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:

true (default): Allowed.
false: not allowed.

enableSaveMfaTicket boolean

Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:

true: Allow.
false (default): Not allowed.

enforceMfaForLogin boolean

loginNetworkMasks string

If the mask is specified, RAM users can only log on from the specified IP address.
If you do not specify any mask, the login console function will apply to the entire network.

When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.

Configure a maximum of 40 logon masks, with a total length of 512 characters.

loginSessionDuration number

The validity period of the logon session of RAM users. Valid values: 1 to 24. Unit: hours. Default value: 6.

mfaOperationForLogin string

MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:

mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
adaptive: Used only during abnormal login.

operationForRiskLogin string

Whether MFA is verified twice during abnormal logon. Value:

autonomous (default): Skip, do not force binding.
enforceVerify: Force binding validation.

verificationTypes string[]

Means of multi-factor authentication. Value:

sms: secure phone.
email: Secure mailbox.

The following arguments will be discarded. Please use new fields as soon as possible:

allow_user_to_change_password bool

Whether to allow RAM users to manage their own passwords. Value:

true (default): Allowed.
false: not allowed.

allow_user_to_login_with_passkey bool

Whether to allow RAM users to log on using a passkey. Value:

true (default): Allowed.
false: not allowed.

allow_user_to_manage_access_keys bool

Whether to allow RAM users to manage their own access keys. Value:

true: Allow.
false (default): Not allowed.

allow_user_to_manage_mfa_devices bool

Whether to allow RAM users to manage multi-factor authentication devices. Value:

true (default): Allowed.
false: not allowed.

allow_user_to_manage_personal_ding_talk bool

Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:

true (default): Allowed.
false: not allowed.

enable_save_mfa_ticket bool

Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:

true: Allow.
false (default): Not allowed.

enforce_mfa_for_login bool

login_network_masks str

If the mask is specified, RAM users can only log on from the specified IP address.
If you do not specify any mask, the login console function will apply to the entire network.

When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.

Configure a maximum of 40 logon masks, with a total length of 512 characters.

login_session_duration int

The validity period of the logon session of RAM users. Valid values: 1 to 24. Unit: hours. Default value: 6.

mfa_operation_for_login str

MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:

mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
adaptive: Used only during abnormal login.

operation_for_risk_login str

Whether MFA is verified twice during abnormal logon. Value:

autonomous (default): Skip, do not force binding.
enforceVerify: Force binding validation.

verification_types Sequence[str]

Means of multi-factor authentication. Value:

sms: secure phone.
email: Secure mailbox.

The following arguments will be discarded. Please use new fields as soon as possible:

allowUserToChangePassword Boolean

Whether to allow RAM users to manage their own passwords. Value:

true (default): Allowed.
false: not allowed.

allowUserToLoginWithPasskey Boolean

Whether to allow RAM users to log on using a passkey. Value:

true (default): Allowed.
false: not allowed.

allowUserToManageAccessKeys Boolean

Whether to allow RAM users to manage their own access keys. Value:

true: Allow.
false (default): Not allowed.

allowUserToManageMfaDevices Boolean

Whether to allow RAM users to manage multi-factor authentication devices. Value:

true (default): Allowed.
false: not allowed.

allowUserToManagePersonalDingTalk Boolean

Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:

true (default): Allowed.
false: not allowed.

enableSaveMfaTicket Boolean

Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:

true: Allow.
false (default): Not allowed.

enforceMfaForLogin Boolean

loginNetworkMasks String

If the mask is specified, RAM users can only log on from the specified IP address.
If you do not specify any mask, the login console function will apply to the entire network.

When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.

Configure a maximum of 40 logon masks, with a total length of 512 characters.

loginSessionDuration Number

The validity period of the logon session of RAM users. Valid values: 1 to 24. Unit: hours. Default value: 6.

mfaOperationForLogin String

MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:

mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
adaptive: Used only during abnormal login.

operationForRiskLogin String

Whether MFA is verified twice during abnormal logon. Value:

autonomous (default): Skip, do not force binding.
enforceVerify: Force binding validation.

verificationTypes List<String>

Means of multi-factor authentication. Value:

sms: secure phone.
email: Secure mailbox.

The following arguments will be discarded. Please use new fields as soon as possible:

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.77.0 published on Friday, May 2, 2025 by Pulumi

pulumi/pulumi-alicloud

alicloud.ram.SecurityPreference

On this page

On this page

Import

Create SecurityPreference Resource

Constructor syntax

Parameters

Constructor example

SecurityPreference Resource Properties

Inputs

Outputs

Look up Existing SecurityPreference Resource

Package Details

On this page

On this page