pulumi-alicloud 3.77.0a1746076596__py3-none-any.whl → 3.77.0a1746220593__py3-none-any.whl

pulumi_alicloud/ram/security_preference.py

@@ -21,31 +21,72 @@ __all__ = ['SecurityPreferenceArgs', 'SecurityPreference']
 class SecurityPreferenceArgs:
     def __init__(__self__, *,
                  allow_user_to_change_password: Optional[pulumi.Input[builtins.bool]] = None,
+                 allow_user_to_login_with_passkey: Optional[pulumi.Input[builtins.bool]] = None,
                  allow_user_to_manage_access_keys: Optional[pulumi.Input[builtins.bool]] = None,
                  allow_user_to_manage_mfa_devices: Optional[pulumi.Input[builtins.bool]] = None,
+                 allow_user_to_manage_personal_ding_talk: Optional[pulumi.Input[builtins.bool]] = None,
                  enable_save_mfa_ticket: Optional[pulumi.Input[builtins.bool]] = None,
                  enforce_mfa_for_login: Optional[pulumi.Input[builtins.bool]] = None,
                  login_network_masks: Optional[pulumi.Input[builtins.str]] = None,
-                 login_session_duration: Optional[pulumi.Input[builtins.int]] = None):
+                 login_session_duration: Optional[pulumi.Input[builtins.int]] = None,
+                 mfa_operation_for_login: Optional[pulumi.Input[builtins.str]] = None,
+                 operation_for_risk_login: Optional[pulumi.Input[builtins.str]] = None,
+                 verification_types: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None):
         """
         The set of arguments for constructing a SecurityPreference resource.
-        :param pulumi.Input[builtins.bool] allow_user_to_change_password: Specifies whether RAM users can change their passwords. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.bool] allow_user_to_manage_access_keys: Specifies whether RAM users can manage their AccessKey pairs. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.bool] allow_user_to_manage_mfa_devices: Specifies whether RAM users can manage their MFA devices. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.bool] enable_save_mfa_ticket: Specifies whether to remember the MFA devices for seven days. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.bool] enforce_mfa_for_login: Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.str] login_network_masks: The subnet mask that specifies the IP addresses from which you can log on to the Alibaba Cloud Management Console. This parameter takes effect on password-based logon and single sign-on (SSO). However, this parameter does not take effect on API calls that are authenticated by using AccessKey pairs.**NOTE:** You can specify up to 25 subnet masks. The total length of the subnet masks can be a maximum of 512 characters.
-               * If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
-               * If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
-               * If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.
-        :param pulumi.Input[builtins.int] login_session_duration: The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.
+        :param pulumi.Input[builtins.bool] allow_user_to_change_password: Whether to allow RAM users to manage their own passwords. Value:
+               - true (default): Allowed.
+               - false: not allowed.
+        :param pulumi.Input[builtins.bool] allow_user_to_login_with_passkey: Whether to allow RAM users to log on using a passkey. Value:
+               - true (default): Allowed.
+               - false: not allowed.
+        :param pulumi.Input[builtins.bool] allow_user_to_manage_access_keys: Whether to allow RAM users to manage their own access keys. Value:
+               - true: Allow.
+               - false (default): Not allowed.
+        :param pulumi.Input[builtins.bool] allow_user_to_manage_mfa_devices: Whether to allow RAM users to manage multi-factor authentication devices. Value:
+               - true (default): Allowed.
+               - false: not allowed.
+        :param pulumi.Input[builtins.bool] allow_user_to_manage_personal_ding_talk: Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:
+               - true (default): Allowed.
+               - false: not allowed.
+        :param pulumi.Input[builtins.bool] enable_save_mfa_ticket: Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:
+               - true: Allow.
+               - false (default): Not allowed.
+        :param pulumi.Input[builtins.bool] enforce_mfa_for_login: Field `enforce_mfa_for_login` has been deprecated from provider version 1.248.0. New field `mfa_operation_for_login` instead. 
+               Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: `true` and `false`
+        :param pulumi.Input[builtins.str] login_network_masks: The login mask. The logon mask determines which IP addresses are affected by the logon console, including password logon and single sign-on (SSO), but API calls made using the access key are not affected.
+               - If the mask is specified, RAM users can only log on from the specified IP address.
+               - If you do not specify any mask, the login console function will apply to the entire network.
+               
+               When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.
+               
+               Configure a maximum of 40 logon masks, with a total length of 512 characters.
+        :param pulumi.Input[builtins.int] login_session_duration: The validity period of the logon session of RAM users.
+               Valid values: 1 to 24. Unit: hours.
+               Default value: 6.
+        :param pulumi.Input[builtins.str] mfa_operation_for_login: MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:
+               - mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
+               - independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
+               - adaptive: Used only during abnormal login.
+        :param pulumi.Input[builtins.str] operation_for_risk_login: Whether MFA is verified twice during abnormal logon. Value:
+               - autonomous (default): Skip, do not force binding.
+               - enforceVerify: Force binding validation.
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] verification_types: Means of multi-factor authentication. Value:
+               - sms: secure phone.
+               - email: Secure mailbox.
+               
+               The following arguments will be discarded. Please use new fields as soon as possible:
         """
         if allow_user_to_change_password is not None:
             pulumi.set(__self__, "allow_user_to_change_password", allow_user_to_change_password)
+        if allow_user_to_login_with_passkey is not None:
+            pulumi.set(__self__, "allow_user_to_login_with_passkey", allow_user_to_login_with_passkey)
         if allow_user_to_manage_access_keys is not None:
             pulumi.set(__self__, "allow_user_to_manage_access_keys", allow_user_to_manage_access_keys)
         if allow_user_to_manage_mfa_devices is not None:
             pulumi.set(__self__, "allow_user_to_manage_mfa_devices", allow_user_to_manage_mfa_devices)
+        if allow_user_to_manage_personal_ding_talk is not None:
+            pulumi.set(__self__, "allow_user_to_manage_personal_ding_talk", allow_user_to_manage_personal_ding_talk)
         if enable_save_mfa_ticket is not None:
             pulumi.set(__self__, "enable_save_mfa_ticket", enable_save_mfa_ticket)
         if enforce_mfa_for_login is not None:
@@ -54,12 +95,20 @@ class SecurityPreferenceArgs:
             pulumi.set(__self__, "login_network_masks", login_network_masks)
         if login_session_duration is not None:
             pulumi.set(__self__, "login_session_duration", login_session_duration)
+        if mfa_operation_for_login is not None:
+            pulumi.set(__self__, "mfa_operation_for_login", mfa_operation_for_login)
+        if operation_for_risk_login is not None:
+            pulumi.set(__self__, "operation_for_risk_login", operation_for_risk_login)
+        if verification_types is not None:
+            pulumi.set(__self__, "verification_types", verification_types)
 
     @property
     @pulumi.getter(name="allowUserToChangePassword")
     def allow_user_to_change_password(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
-        Specifies whether RAM users can change their passwords. Valid values: `true` and `false`
+        Whether to allow RAM users to manage their own passwords. Value:
+        - true (default): Allowed.
+        - false: not allowed.
         """
         return pulumi.get(self, "allow_user_to_change_password")
 
@@ -67,11 +116,27 @@ class SecurityPreferenceArgs:
     def allow_user_to_change_password(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "allow_user_to_change_password", value)
 
+    @property
+    @pulumi.getter(name="allowUserToLoginWithPasskey")
+    def allow_user_to_login_with_passkey(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        Whether to allow RAM users to log on using a passkey. Value:
+        - true (default): Allowed.
+        - false: not allowed.
+        """
+        return pulumi.get(self, "allow_user_to_login_with_passkey")
+
+    @allow_user_to_login_with_passkey.setter
+    def allow_user_to_login_with_passkey(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "allow_user_to_login_with_passkey", value)
+
     @property
     @pulumi.getter(name="allowUserToManageAccessKeys")
     def allow_user_to_manage_access_keys(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
-        Specifies whether RAM users can manage their AccessKey pairs. Valid values: `true` and `false`
+        Whether to allow RAM users to manage their own access keys. Value:
+        - true: Allow.
+        - false (default): Not allowed.
         """
         return pulumi.get(self, "allow_user_to_manage_access_keys")
 
@@ -83,7 +148,9 @@ class SecurityPreferenceArgs:
     @pulumi.getter(name="allowUserToManageMfaDevices")
     def allow_user_to_manage_mfa_devices(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
-        Specifies whether RAM users can manage their MFA devices. Valid values: `true` and `false`
+        Whether to allow RAM users to manage multi-factor authentication devices. Value:
+        - true (default): Allowed.
+        - false: not allowed.
         """
         return pulumi.get(self, "allow_user_to_manage_mfa_devices")
 
@@ -91,11 +158,27 @@ class SecurityPreferenceArgs:
     def allow_user_to_manage_mfa_devices(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "allow_user_to_manage_mfa_devices", value)
 
+    @property
+    @pulumi.getter(name="allowUserToManagePersonalDingTalk")
+    def allow_user_to_manage_personal_ding_talk(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:
+        - true (default): Allowed.
+        - false: not allowed.
+        """
+        return pulumi.get(self, "allow_user_to_manage_personal_ding_talk")
+
+    @allow_user_to_manage_personal_ding_talk.setter
+    def allow_user_to_manage_personal_ding_talk(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "allow_user_to_manage_personal_ding_talk", value)
+
     @property
     @pulumi.getter(name="enableSaveMfaTicket")
     def enable_save_mfa_ticket(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
-        Specifies whether to remember the MFA devices for seven days. Valid values: `true` and `false`
+        Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:
+        - true: Allow.
+        - false (default): Not allowed.
         """
         return pulumi.get(self, "enable_save_mfa_ticket")
 
@@ -107,6 +190,7 @@ class SecurityPreferenceArgs:
     @pulumi.getter(name="enforceMfaForLogin")
     def enforce_mfa_for_login(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
+        Field `enforce_mfa_for_login` has been deprecated from provider version 1.248.0. New field `mfa_operation_for_login` instead. 
         Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: `true` and `false`
         """
         return pulumi.get(self, "enforce_mfa_for_login")
@@ -119,10 +203,13 @@ class SecurityPreferenceArgs:
     @pulumi.getter(name="loginNetworkMasks")
     def login_network_masks(self) -> Optional[pulumi.Input[builtins.str]]:
         """
-        The subnet mask that specifies the IP addresses from which you can log on to the Alibaba Cloud Management Console. This parameter takes effect on password-based logon and single sign-on (SSO). However, this parameter does not take effect on API calls that are authenticated by using AccessKey pairs.**NOTE:** You can specify up to 25 subnet masks. The total length of the subnet masks can be a maximum of 512 characters.
-        * If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
-        * If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
-        * If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.
+        The login mask. The logon mask determines which IP addresses are affected by the logon console, including password logon and single sign-on (SSO), but API calls made using the access key are not affected.
+        - If the mask is specified, RAM users can only log on from the specified IP address.
+        - If you do not specify any mask, the login console function will apply to the entire network.
+
+        When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.
+
+        Configure a maximum of 40 logon masks, with a total length of 512 characters.
         """
         return pulumi.get(self, "login_network_masks")
 
@@ -134,7 +221,9 @@ class SecurityPreferenceArgs:
     @pulumi.getter(name="loginSessionDuration")
     def login_session_duration(self) -> Optional[pulumi.Input[builtins.int]]:
         """
-        The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.
+        The validity period of the logon session of RAM users.
+        Valid values: 1 to 24. Unit: hours.
+        Default value: 6.
         """
         return pulumi.get(self, "login_session_duration")
 
@@ -142,36 +231,122 @@ class SecurityPreferenceArgs:
     def login_session_duration(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "login_session_duration", value)
 
+    @property
+    @pulumi.getter(name="mfaOperationForLogin")
+    def mfa_operation_for_login(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:
+        - mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
+        - independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
+        - adaptive: Used only during abnormal login.
+        """
+        return pulumi.get(self, "mfa_operation_for_login")
+
+    @mfa_operation_for_login.setter
+    def mfa_operation_for_login(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "mfa_operation_for_login", value)
+
+    @property
+    @pulumi.getter(name="operationForRiskLogin")
+    def operation_for_risk_login(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        Whether MFA is verified twice during abnormal logon. Value:
+        - autonomous (default): Skip, do not force binding.
+        - enforceVerify: Force binding validation.
+        """
+        return pulumi.get(self, "operation_for_risk_login")
+
+    @operation_for_risk_login.setter
+    def operation_for_risk_login(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "operation_for_risk_login", value)
+
+    @property
+    @pulumi.getter(name="verificationTypes")
+    def verification_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+        """
+        Means of multi-factor authentication. Value:
+        - sms: secure phone.
+        - email: Secure mailbox.
+
+        The following arguments will be discarded. Please use new fields as soon as possible:
+        """
+        return pulumi.get(self, "verification_types")
+
+    @verification_types.setter
+    def verification_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+        pulumi.set(self, "verification_types", value)
+
 
 @pulumi.input_type
 class _SecurityPreferenceState:
     def __init__(__self__, *,
                  allow_user_to_change_password: Optional[pulumi.Input[builtins.bool]] = None,
+                 allow_user_to_login_with_passkey: Optional[pulumi.Input[builtins.bool]] = None,
                  allow_user_to_manage_access_keys: Optional[pulumi.Input[builtins.bool]] = None,
                  allow_user_to_manage_mfa_devices: Optional[pulumi.Input[builtins.bool]] = None,
+                 allow_user_to_manage_personal_ding_talk: Optional[pulumi.Input[builtins.bool]] = None,
                  enable_save_mfa_ticket: Optional[pulumi.Input[builtins.bool]] = None,
                  enforce_mfa_for_login: Optional[pulumi.Input[builtins.bool]] = None,
                  login_network_masks: Optional[pulumi.Input[builtins.str]] = None,
-                 login_session_duration: Optional[pulumi.Input[builtins.int]] = None):
+                 login_session_duration: Optional[pulumi.Input[builtins.int]] = None,
+                 mfa_operation_for_login: Optional[pulumi.Input[builtins.str]] = None,
+                 operation_for_risk_login: Optional[pulumi.Input[builtins.str]] = None,
+                 verification_types: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None):
         """
         Input properties used for looking up and filtering SecurityPreference resources.
-        :param pulumi.Input[builtins.bool] allow_user_to_change_password: Specifies whether RAM users can change their passwords. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.bool] allow_user_to_manage_access_keys: Specifies whether RAM users can manage their AccessKey pairs. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.bool] allow_user_to_manage_mfa_devices: Specifies whether RAM users can manage their MFA devices. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.bool] enable_save_mfa_ticket: Specifies whether to remember the MFA devices for seven days. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.bool] enforce_mfa_for_login: Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.str] login_network_masks: The subnet mask that specifies the IP addresses from which you can log on to the Alibaba Cloud Management Console. This parameter takes effect on password-based logon and single sign-on (SSO). However, this parameter does not take effect on API calls that are authenticated by using AccessKey pairs.**NOTE:** You can specify up to 25 subnet masks. The total length of the subnet masks can be a maximum of 512 characters.
-               * If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
-               * If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
-               * If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.
-        :param pulumi.Input[builtins.int] login_session_duration: The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.
+        :param pulumi.Input[builtins.bool] allow_user_to_change_password: Whether to allow RAM users to manage their own passwords. Value:
+               - true (default): Allowed.
+               - false: not allowed.
+        :param pulumi.Input[builtins.bool] allow_user_to_login_with_passkey: Whether to allow RAM users to log on using a passkey. Value:
+               - true (default): Allowed.
+               - false: not allowed.
+        :param pulumi.Input[builtins.bool] allow_user_to_manage_access_keys: Whether to allow RAM users to manage their own access keys. Value:
+               - true: Allow.
+               - false (default): Not allowed.
+        :param pulumi.Input[builtins.bool] allow_user_to_manage_mfa_devices: Whether to allow RAM users to manage multi-factor authentication devices. Value:
+               - true (default): Allowed.
+               - false: not allowed.
+        :param pulumi.Input[builtins.bool] allow_user_to_manage_personal_ding_talk: Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:
+               - true (default): Allowed.
+               - false: not allowed.
+        :param pulumi.Input[builtins.bool] enable_save_mfa_ticket: Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:
+               - true: Allow.
+               - false (default): Not allowed.
+        :param pulumi.Input[builtins.bool] enforce_mfa_for_login: Field `enforce_mfa_for_login` has been deprecated from provider version 1.248.0. New field `mfa_operation_for_login` instead. 
+               Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: `true` and `false`
+        :param pulumi.Input[builtins.str] login_network_masks: The login mask. The logon mask determines which IP addresses are affected by the logon console, including password logon and single sign-on (SSO), but API calls made using the access key are not affected.
+               - If the mask is specified, RAM users can only log on from the specified IP address.
+               - If you do not specify any mask, the login console function will apply to the entire network.
+               
+               When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.
+               
+               Configure a maximum of 40 logon masks, with a total length of 512 characters.
+        :param pulumi.Input[builtins.int] login_session_duration: The validity period of the logon session of RAM users.
+               Valid values: 1 to 24. Unit: hours.
+               Default value: 6.
+        :param pulumi.Input[builtins.str] mfa_operation_for_login: MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:
+               - mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
+               - independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
+               - adaptive: Used only during abnormal login.
+        :param pulumi.Input[builtins.str] operation_for_risk_login: Whether MFA is verified twice during abnormal logon. Value:
+               - autonomous (default): Skip, do not force binding.
+               - enforceVerify: Force binding validation.
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] verification_types: Means of multi-factor authentication. Value:
+               - sms: secure phone.
+               - email: Secure mailbox.
+               
+               The following arguments will be discarded. Please use new fields as soon as possible:
         """
         if allow_user_to_change_password is not None:
             pulumi.set(__self__, "allow_user_to_change_password", allow_user_to_change_password)
+        if allow_user_to_login_with_passkey is not None:
+            pulumi.set(__self__, "allow_user_to_login_with_passkey", allow_user_to_login_with_passkey)
         if allow_user_to_manage_access_keys is not None:
             pulumi.set(__self__, "allow_user_to_manage_access_keys", allow_user_to_manage_access_keys)
         if allow_user_to_manage_mfa_devices is not None:
             pulumi.set(__self__, "allow_user_to_manage_mfa_devices", allow_user_to_manage_mfa_devices)
+        if allow_user_to_manage_personal_ding_talk is not None:
+            pulumi.set(__self__, "allow_user_to_manage_personal_ding_talk", allow_user_to_manage_personal_ding_talk)
         if enable_save_mfa_ticket is not None:
             pulumi.set(__self__, "enable_save_mfa_ticket", enable_save_mfa_ticket)
         if enforce_mfa_for_login is not None:
@@ -180,12 +355,20 @@ class _SecurityPreferenceState:
             pulumi.set(__self__, "login_network_masks", login_network_masks)
         if login_session_duration is not None:
             pulumi.set(__self__, "login_session_duration", login_session_duration)
+        if mfa_operation_for_login is not None:
+            pulumi.set(__self__, "mfa_operation_for_login", mfa_operation_for_login)
+        if operation_for_risk_login is not None:
+            pulumi.set(__self__, "operation_for_risk_login", operation_for_risk_login)
+        if verification_types is not None:
+            pulumi.set(__self__, "verification_types", verification_types)
 
     @property
     @pulumi.getter(name="allowUserToChangePassword")
     def allow_user_to_change_password(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
-        Specifies whether RAM users can change their passwords. Valid values: `true` and `false`
+        Whether to allow RAM users to manage their own passwords. Value:
+        - true (default): Allowed.
+        - false: not allowed.
         """
         return pulumi.get(self, "allow_user_to_change_password")
 
@@ -193,11 +376,27 @@ class _SecurityPreferenceState:
     def allow_user_to_change_password(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "allow_user_to_change_password", value)
 
+    @property
+    @pulumi.getter(name="allowUserToLoginWithPasskey")
+    def allow_user_to_login_with_passkey(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        Whether to allow RAM users to log on using a passkey. Value:
+        - true (default): Allowed.
+        - false: not allowed.
+        """
+        return pulumi.get(self, "allow_user_to_login_with_passkey")
+
+    @allow_user_to_login_with_passkey.setter
+    def allow_user_to_login_with_passkey(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "allow_user_to_login_with_passkey", value)
+
     @property
     @pulumi.getter(name="allowUserToManageAccessKeys")
     def allow_user_to_manage_access_keys(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
-        Specifies whether RAM users can manage their AccessKey pairs. Valid values: `true` and `false`
+        Whether to allow RAM users to manage their own access keys. Value:
+        - true: Allow.
+        - false (default): Not allowed.
         """
         return pulumi.get(self, "allow_user_to_manage_access_keys")
 
@@ -209,7 +408,9 @@ class _SecurityPreferenceState:
     @pulumi.getter(name="allowUserToManageMfaDevices")
     def allow_user_to_manage_mfa_devices(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
-        Specifies whether RAM users can manage their MFA devices. Valid values: `true` and `false`
+        Whether to allow RAM users to manage multi-factor authentication devices. Value:
+        - true (default): Allowed.
+        - false: not allowed.
         """
         return pulumi.get(self, "allow_user_to_manage_mfa_devices")
 
@@ -217,11 +418,27 @@ class _SecurityPreferenceState:
     def allow_user_to_manage_mfa_devices(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "allow_user_to_manage_mfa_devices", value)
 
+    @property
+    @pulumi.getter(name="allowUserToManagePersonalDingTalk")
+    def allow_user_to_manage_personal_ding_talk(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:
+        - true (default): Allowed.
+        - false: not allowed.
+        """
+        return pulumi.get(self, "allow_user_to_manage_personal_ding_talk")
+
+    @allow_user_to_manage_personal_ding_talk.setter
+    def allow_user_to_manage_personal_ding_talk(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "allow_user_to_manage_personal_ding_talk", value)
+
     @property
     @pulumi.getter(name="enableSaveMfaTicket")
     def enable_save_mfa_ticket(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
-        Specifies whether to remember the MFA devices for seven days. Valid values: `true` and `false`
+        Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:
+        - true: Allow.
+        - false (default): Not allowed.
         """
         return pulumi.get(self, "enable_save_mfa_ticket")
 
@@ -233,6 +450,7 @@ class _SecurityPreferenceState:
     @pulumi.getter(name="enforceMfaForLogin")
     def enforce_mfa_for_login(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
+        Field `enforce_mfa_for_login` has been deprecated from provider version 1.248.0. New field `mfa_operation_for_login` instead. 
         Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: `true` and `false`
         """
         return pulumi.get(self, "enforce_mfa_for_login")
@@ -245,10 +463,13 @@ class _SecurityPreferenceState:
     @pulumi.getter(name="loginNetworkMasks")
     def login_network_masks(self) -> Optional[pulumi.Input[builtins.str]]:
         """
-        The subnet mask that specifies the IP addresses from which you can log on to the Alibaba Cloud Management Console. This parameter takes effect on password-based logon and single sign-on (SSO). However, this parameter does not take effect on API calls that are authenticated by using AccessKey pairs.**NOTE:** You can specify up to 25 subnet masks. The total length of the subnet masks can be a maximum of 512 characters.
-        * If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
-        * If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
-        * If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.
+        The login mask. The logon mask determines which IP addresses are affected by the logon console, including password logon and single sign-on (SSO), but API calls made using the access key are not affected.
+        - If the mask is specified, RAM users can only log on from the specified IP address.
+        - If you do not specify any mask, the login console function will apply to the entire network.
+
+        When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.
+
+        Configure a maximum of 40 logon masks, with a total length of 512 characters.
         """
         return pulumi.get(self, "login_network_masks")
 
@@ -260,7 +481,9 @@ class _SecurityPreferenceState:
     @pulumi.getter(name="loginSessionDuration")
     def login_session_duration(self) -> Optional[pulumi.Input[builtins.int]]:
         """
-        The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.
+        The validity period of the logon session of RAM users.
+        Valid values: 1 to 24. Unit: hours.
+        Default value: 6.
         """
         return pulumi.get(self, "login_session_duration")
 
@@ -268,6 +491,51 @@ class _SecurityPreferenceState:
     def login_session_duration(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "login_session_duration", value)
 
+    @property
+    @pulumi.getter(name="mfaOperationForLogin")
+    def mfa_operation_for_login(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:
+        - mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
+        - independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
+        - adaptive: Used only during abnormal login.
+        """
+        return pulumi.get(self, "mfa_operation_for_login")
+
+    @mfa_operation_for_login.setter
+    def mfa_operation_for_login(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "mfa_operation_for_login", value)
+
+    @property
+    @pulumi.getter(name="operationForRiskLogin")
+    def operation_for_risk_login(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        Whether MFA is verified twice during abnormal logon. Value:
+        - autonomous (default): Skip, do not force binding.
+        - enforceVerify: Force binding validation.
+        """
+        return pulumi.get(self, "operation_for_risk_login")
+
+    @operation_for_risk_login.setter
+    def operation_for_risk_login(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "operation_for_risk_login", value)
+
+    @property
+    @pulumi.getter(name="verificationTypes")
+    def verification_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+        """
+        Means of multi-factor authentication. Value:
+        - sms: secure phone.
+        - email: Secure mailbox.
+
+        The following arguments will be discarded. Please use new fields as soon as possible:
+        """
+        return pulumi.get(self, "verification_types")
+
+    @verification_types.setter
+    def verification_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+        pulumi.set(self, "verification_types", value)
+
 
 class SecurityPreference(pulumi.CustomResource):
 
@@ -278,53 +546,71 @@ class SecurityPreference(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  allow_user_to_change_password: Optional[pulumi.Input[builtins.bool]] = None,
+                 allow_user_to_login_with_passkey: Optional[pulumi.Input[builtins.bool]] = None,
                  allow_user_to_manage_access_keys: Optional[pulumi.Input[builtins.bool]] = None,
                  allow_user_to_manage_mfa_devices: Optional[pulumi.Input[builtins.bool]] = None,
+                 allow_user_to_manage_personal_ding_talk: Optional[pulumi.Input[builtins.bool]] = None,
                  enable_save_mfa_ticket: Optional[pulumi.Input[builtins.bool]] = None,
                  enforce_mfa_for_login: Optional[pulumi.Input[builtins.bool]] = None,
                  login_network_masks: Optional[pulumi.Input[builtins.str]] = None,
                  login_session_duration: Optional[pulumi.Input[builtins.int]] = None,
+                 mfa_operation_for_login: Optional[pulumi.Input[builtins.str]] = None,
+                 operation_for_risk_login: Optional[pulumi.Input[builtins.str]] = None,
+                 verification_types: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
                  __props__=None):
         """
-        Provides a RAM Security Preference resource.
-
-        For information about RAM Security Preference and how to use it, see [What is Security Preference](https://www.alibabacloud.com/help/en/doc-detail/186694.htm).
-
-        > **NOTE:** Available since v1.152.0.
-
-        ## Example Usage
-
-        Basic Usage
-
-        ```python
-        import pulumi
-        import pulumi_alicloud as alicloud
-
-        example = alicloud.ram.SecurityPreference("example",
-            enable_save_mfa_ticket=False,
-            allow_user_to_change_password=True)
-        ```
-
         ## Import
 
         RAM Security Preference can be imported using the id, e.g.
 
         ```sh
-        $ pulumi import alicloud:ram/securityPreference:SecurityPreference example <id>
+        $ pulumi import alicloud:ram/securityPreference:SecurityPreference example 
         ```
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.bool] allow_user_to_change_password: Specifies whether RAM users can change their passwords. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.bool] allow_user_to_manage_access_keys: Specifies whether RAM users can manage their AccessKey pairs. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.bool] allow_user_to_manage_mfa_devices: Specifies whether RAM users can manage their MFA devices. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.bool] enable_save_mfa_ticket: Specifies whether to remember the MFA devices for seven days. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.bool] enforce_mfa_for_login: Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.str] login_network_masks: The subnet mask that specifies the IP addresses from which you can log on to the Alibaba Cloud Management Console. This parameter takes effect on password-based logon and single sign-on (SSO). However, this parameter does not take effect on API calls that are authenticated by using AccessKey pairs.**NOTE:** You can specify up to 25 subnet masks. The total length of the subnet masks can be a maximum of 512 characters.
-               * If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
-               * If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
-               * If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.
-        :param pulumi.Input[builtins.int] login_session_duration: The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.
+        :param pulumi.Input[builtins.bool] allow_user_to_change_password: Whether to allow RAM users to manage their own passwords. Value:
+               - true (default): Allowed.
+               - false: not allowed.
+        :param pulumi.Input[builtins.bool] allow_user_to_login_with_passkey: Whether to allow RAM users to log on using a passkey. Value:
+               - true (default): Allowed.
+               - false: not allowed.
+        :param pulumi.Input[builtins.bool] allow_user_to_manage_access_keys: Whether to allow RAM users to manage their own access keys. Value:
+               - true: Allow.
+               - false (default): Not allowed.
+        :param pulumi.Input[builtins.bool] allow_user_to_manage_mfa_devices: Whether to allow RAM users to manage multi-factor authentication devices. Value:
+               - true (default): Allowed.
+               - false: not allowed.
+        :param pulumi.Input[builtins.bool] allow_user_to_manage_personal_ding_talk: Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:
+               - true (default): Allowed.
+               - false: not allowed.
+        :param pulumi.Input[builtins.bool] enable_save_mfa_ticket: Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:
+               - true: Allow.
+               - false (default): Not allowed.
+        :param pulumi.Input[builtins.bool] enforce_mfa_for_login: Field `enforce_mfa_for_login` has been deprecated from provider version 1.248.0. New field `mfa_operation_for_login` instead. 
+               Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: `true` and `false`
+        :param pulumi.Input[builtins.str] login_network_masks: The login mask. The logon mask determines which IP addresses are affected by the logon console, including password logon and single sign-on (SSO), but API calls made using the access key are not affected.
+               - If the mask is specified, RAM users can only log on from the specified IP address.
+               - If you do not specify any mask, the login console function will apply to the entire network.
+               
+               When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.
+               
+               Configure a maximum of 40 logon masks, with a total length of 512 characters.
+        :param pulumi.Input[builtins.int] login_session_duration: The validity period of the logon session of RAM users.
+               Valid values: 1 to 24. Unit: hours.
+               Default value: 6.
+        :param pulumi.Input[builtins.str] mfa_operation_for_login: MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:
+               - mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
+               - independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
+               - adaptive: Used only during abnormal login.
+        :param pulumi.Input[builtins.str] operation_for_risk_login: Whether MFA is verified twice during abnormal logon. Value:
+               - autonomous (default): Skip, do not force binding.
+               - enforceVerify: Force binding validation.
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] verification_types: Means of multi-factor authentication. Value:
+               - sms: secure phone.
+               - email: Secure mailbox.
+               
+               The following arguments will be discarded. Please use new fields as soon as possible:
         """
         ...
     @overload
@@ -333,31 +619,12 @@ class SecurityPreference(pulumi.CustomResource):
                  args: Optional[SecurityPreferenceArgs] = None,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
-        Provides a RAM Security Preference resource.
-
-        For information about RAM Security Preference and how to use it, see [What is Security Preference](https://www.alibabacloud.com/help/en/doc-detail/186694.htm).
-
-        > **NOTE:** Available since v1.152.0.
-
-        ## Example Usage
-
-        Basic Usage
-
-        ```python
-        import pulumi
-        import pulumi_alicloud as alicloud
-
-        example = alicloud.ram.SecurityPreference("example",
-            enable_save_mfa_ticket=False,
-            allow_user_to_change_password=True)
-        ```
-
         ## Import
 
         RAM Security Preference can be imported using the id, e.g.
 
         ```sh
-        $ pulumi import alicloud:ram/securityPreference:SecurityPreference example <id>
+        $ pulumi import alicloud:ram/securityPreference:SecurityPreference example 
         ```
 
         :param str resource_name: The name of the resource.
@@ -376,12 +643,17 @@ class SecurityPreference(pulumi.CustomResource):
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  allow_user_to_change_password: Optional[pulumi.Input[builtins.bool]] = None,
+                 allow_user_to_login_with_passkey: Optional[pulumi.Input[builtins.bool]] = None,
                  allow_user_to_manage_access_keys: Optional[pulumi.Input[builtins.bool]] = None,
                  allow_user_to_manage_mfa_devices: Optional[pulumi.Input[builtins.bool]] = None,
+                 allow_user_to_manage_personal_ding_talk: Optional[pulumi.Input[builtins.bool]] = None,
                  enable_save_mfa_ticket: Optional[pulumi.Input[builtins.bool]] = None,
                  enforce_mfa_for_login: Optional[pulumi.Input[builtins.bool]] = None,
                  login_network_masks: Optional[pulumi.Input[builtins.str]] = None,
                  login_session_duration: Optional[pulumi.Input[builtins.int]] = None,
+                 mfa_operation_for_login: Optional[pulumi.Input[builtins.str]] = None,
+                 operation_for_risk_login: Optional[pulumi.Input[builtins.str]] = None,
+                 verification_types: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -392,12 +664,17 @@ class SecurityPreference(pulumi.CustomResource):
             __props__ = SecurityPreferenceArgs.__new__(SecurityPreferenceArgs)
 
             __props__.__dict__["allow_user_to_change_password"] = allow_user_to_change_password
+            __props__.__dict__["allow_user_to_login_with_passkey"] = allow_user_to_login_with_passkey
             __props__.__dict__["allow_user_to_manage_access_keys"] = allow_user_to_manage_access_keys
             __props__.__dict__["allow_user_to_manage_mfa_devices"] = allow_user_to_manage_mfa_devices
+            __props__.__dict__["allow_user_to_manage_personal_ding_talk"] = allow_user_to_manage_personal_ding_talk
             __props__.__dict__["enable_save_mfa_ticket"] = enable_save_mfa_ticket
             __props__.__dict__["enforce_mfa_for_login"] = enforce_mfa_for_login
             __props__.__dict__["login_network_masks"] = login_network_masks
             __props__.__dict__["login_session_duration"] = login_session_duration
+            __props__.__dict__["mfa_operation_for_login"] = mfa_operation_for_login
+            __props__.__dict__["operation_for_risk_login"] = operation_for_risk_login
+            __props__.__dict__["verification_types"] = verification_types
         super(SecurityPreference, __self__).__init__(
             'alicloud:ram/securityPreference:SecurityPreference',
             resource_name,
@@ -409,12 +686,17 @@ class SecurityPreference(pulumi.CustomResource):
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
             allow_user_to_change_password: Optional[pulumi.Input[builtins.bool]] = None,
+            allow_user_to_login_with_passkey: Optional[pulumi.Input[builtins.bool]] = None,
             allow_user_to_manage_access_keys: Optional[pulumi.Input[builtins.bool]] = None,
             allow_user_to_manage_mfa_devices: Optional[pulumi.Input[builtins.bool]] = None,
+            allow_user_to_manage_personal_ding_talk: Optional[pulumi.Input[builtins.bool]] = None,
             enable_save_mfa_ticket: Optional[pulumi.Input[builtins.bool]] = None,
             enforce_mfa_for_login: Optional[pulumi.Input[builtins.bool]] = None,
             login_network_masks: Optional[pulumi.Input[builtins.str]] = None,
-            login_session_duration: Optional[pulumi.Input[builtins.int]] = None) -> 'SecurityPreference':
+            login_session_duration: Optional[pulumi.Input[builtins.int]] = None,
+            mfa_operation_for_login: Optional[pulumi.Input[builtins.str]] = None,
+            operation_for_risk_login: Optional[pulumi.Input[builtins.str]] = None,
+            verification_types: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None) -> 'SecurityPreference':
         """
         Get an existing SecurityPreference resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -422,43 +704,94 @@ class SecurityPreference(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.bool] allow_user_to_change_password: Specifies whether RAM users can change their passwords. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.bool] allow_user_to_manage_access_keys: Specifies whether RAM users can manage their AccessKey pairs. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.bool] allow_user_to_manage_mfa_devices: Specifies whether RAM users can manage their MFA devices. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.bool] enable_save_mfa_ticket: Specifies whether to remember the MFA devices for seven days. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.bool] enforce_mfa_for_login: Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: `true` and `false`
-        :param pulumi.Input[builtins.str] login_network_masks: The subnet mask that specifies the IP addresses from which you can log on to the Alibaba Cloud Management Console. This parameter takes effect on password-based logon and single sign-on (SSO). However, this parameter does not take effect on API calls that are authenticated by using AccessKey pairs.**NOTE:** You can specify up to 25 subnet masks. The total length of the subnet masks can be a maximum of 512 characters.
-               * If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
-               * If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
-               * If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.
-        :param pulumi.Input[builtins.int] login_session_duration: The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.
+        :param pulumi.Input[builtins.bool] allow_user_to_change_password: Whether to allow RAM users to manage their own passwords. Value:
+               - true (default): Allowed.
+               - false: not allowed.
+        :param pulumi.Input[builtins.bool] allow_user_to_login_with_passkey: Whether to allow RAM users to log on using a passkey. Value:
+               - true (default): Allowed.
+               - false: not allowed.
+        :param pulumi.Input[builtins.bool] allow_user_to_manage_access_keys: Whether to allow RAM users to manage their own access keys. Value:
+               - true: Allow.
+               - false (default): Not allowed.
+        :param pulumi.Input[builtins.bool] allow_user_to_manage_mfa_devices: Whether to allow RAM users to manage multi-factor authentication devices. Value:
+               - true (default): Allowed.
+               - false: not allowed.
+        :param pulumi.Input[builtins.bool] allow_user_to_manage_personal_ding_talk: Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:
+               - true (default): Allowed.
+               - false: not allowed.
+        :param pulumi.Input[builtins.bool] enable_save_mfa_ticket: Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:
+               - true: Allow.
+               - false (default): Not allowed.
+        :param pulumi.Input[builtins.bool] enforce_mfa_for_login: Field `enforce_mfa_for_login` has been deprecated from provider version 1.248.0. New field `mfa_operation_for_login` instead. 
+               Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: `true` and `false`
+        :param pulumi.Input[builtins.str] login_network_masks: The login mask. The logon mask determines which IP addresses are affected by the logon console, including password logon and single sign-on (SSO), but API calls made using the access key are not affected.
+               - If the mask is specified, RAM users can only log on from the specified IP address.
+               - If you do not specify any mask, the login console function will apply to the entire network.
+               
+               When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.
+               
+               Configure a maximum of 40 logon masks, with a total length of 512 characters.
+        :param pulumi.Input[builtins.int] login_session_duration: The validity period of the logon session of RAM users.
+               Valid values: 1 to 24. Unit: hours.
+               Default value: 6.
+        :param pulumi.Input[builtins.str] mfa_operation_for_login: MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:
+               - mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
+               - independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
+               - adaptive: Used only during abnormal login.
+        :param pulumi.Input[builtins.str] operation_for_risk_login: Whether MFA is verified twice during abnormal logon. Value:
+               - autonomous (default): Skip, do not force binding.
+               - enforceVerify: Force binding validation.
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] verification_types: Means of multi-factor authentication. Value:
+               - sms: secure phone.
+               - email: Secure mailbox.
+               
+               The following arguments will be discarded. Please use new fields as soon as possible:
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
         __props__ = _SecurityPreferenceState.__new__(_SecurityPreferenceState)
 
         __props__.__dict__["allow_user_to_change_password"] = allow_user_to_change_password
+        __props__.__dict__["allow_user_to_login_with_passkey"] = allow_user_to_login_with_passkey
         __props__.__dict__["allow_user_to_manage_access_keys"] = allow_user_to_manage_access_keys
         __props__.__dict__["allow_user_to_manage_mfa_devices"] = allow_user_to_manage_mfa_devices
+        __props__.__dict__["allow_user_to_manage_personal_ding_talk"] = allow_user_to_manage_personal_ding_talk
         __props__.__dict__["enable_save_mfa_ticket"] = enable_save_mfa_ticket
         __props__.__dict__["enforce_mfa_for_login"] = enforce_mfa_for_login
         __props__.__dict__["login_network_masks"] = login_network_masks
         __props__.__dict__["login_session_duration"] = login_session_duration
+        __props__.__dict__["mfa_operation_for_login"] = mfa_operation_for_login
+        __props__.__dict__["operation_for_risk_login"] = operation_for_risk_login
+        __props__.__dict__["verification_types"] = verification_types
         return SecurityPreference(resource_name, opts=opts, __props__=__props__)
 
     @property
     @pulumi.getter(name="allowUserToChangePassword")
     def allow_user_to_change_password(self) -> pulumi.Output[builtins.bool]:
         """
-        Specifies whether RAM users can change their passwords. Valid values: `true` and `false`
+        Whether to allow RAM users to manage their own passwords. Value:
+        - true (default): Allowed.
+        - false: not allowed.
         """
         return pulumi.get(self, "allow_user_to_change_password")
 
+    @property
+    @pulumi.getter(name="allowUserToLoginWithPasskey")
+    def allow_user_to_login_with_passkey(self) -> pulumi.Output[builtins.bool]:
+        """
+        Whether to allow RAM users to log on using a passkey. Value:
+        - true (default): Allowed.
+        - false: not allowed.
+        """
+        return pulumi.get(self, "allow_user_to_login_with_passkey")
+
     @property
     @pulumi.getter(name="allowUserToManageAccessKeys")
     def allow_user_to_manage_access_keys(self) -> pulumi.Output[builtins.bool]:
         """
-        Specifies whether RAM users can manage their AccessKey pairs. Valid values: `true` and `false`
+        Whether to allow RAM users to manage their own access keys. Value:
+        - true: Allow.
+        - false (default): Not allowed.
         """
         return pulumi.get(self, "allow_user_to_manage_access_keys")
 
@@ -466,15 +799,29 @@ class SecurityPreference(pulumi.CustomResource):
     @pulumi.getter(name="allowUserToManageMfaDevices")
     def allow_user_to_manage_mfa_devices(self) -> pulumi.Output[builtins.bool]:
         """
-        Specifies whether RAM users can manage their MFA devices. Valid values: `true` and `false`
+        Whether to allow RAM users to manage multi-factor authentication devices. Value:
+        - true (default): Allowed.
+        - false: not allowed.
         """
         return pulumi.get(self, "allow_user_to_manage_mfa_devices")
 
+    @property
+    @pulumi.getter(name="allowUserToManagePersonalDingTalk")
+    def allow_user_to_manage_personal_ding_talk(self) -> pulumi.Output[builtins.bool]:
+        """
+        Whether to allow RAM users to independently manage the binding and unbinding of personal DingTalk. Value:
+        - true (default): Allowed.
+        - false: not allowed.
+        """
+        return pulumi.get(self, "allow_user_to_manage_personal_ding_talk")
+
     @property
     @pulumi.getter(name="enableSaveMfaTicket")
     def enable_save_mfa_ticket(self) -> pulumi.Output[builtins.bool]:
         """
-        Specifies whether to remember the MFA devices for seven days. Valid values: `true` and `false`
+        Whether to save the verification status of a RAM user after logging in using multi-factor authentication. The validity period is 7 days. Value:
+        - true: Allow.
+        - false (default): Not allowed.
         """
         return pulumi.get(self, "enable_save_mfa_ticket")
 
@@ -482,6 +829,7 @@ class SecurityPreference(pulumi.CustomResource):
     @pulumi.getter(name="enforceMfaForLogin")
     def enforce_mfa_for_login(self) -> pulumi.Output[builtins.bool]:
         """
+        Field `enforce_mfa_for_login` has been deprecated from provider version 1.248.0. New field `mfa_operation_for_login` instead. 
         Specifies whether MFA is required for all RAM users when they log on to the Alibaba Cloud Management Console by using usernames and passwords. Valid values: `true` and `false`
         """
         return pulumi.get(self, "enforce_mfa_for_login")
@@ -490,10 +838,13 @@ class SecurityPreference(pulumi.CustomResource):
     @pulumi.getter(name="loginNetworkMasks")
     def login_network_masks(self) -> pulumi.Output[Optional[builtins.str]]:
         """
-        The subnet mask that specifies the IP addresses from which you can log on to the Alibaba Cloud Management Console. This parameter takes effect on password-based logon and single sign-on (SSO). However, this parameter does not take effect on API calls that are authenticated by using AccessKey pairs.**NOTE:** You can specify up to 25 subnet masks. The total length of the subnet masks can be a maximum of 512 characters.
-        * If you specify a subnet mask, RAM users can use only the IP addresses in the subnet mask to log on to the Alibaba Cloud Management Console.
-        * If you do not specify a subnet mask, RAM users can use all IP addresses to log on to the Alibaba Cloud Management Console.
-        * If you need to specify multiple subnet masks, separate the subnet masks with semicolons (;). Example: 192.168.0.0/16;10.0.0.0/8.
+        The login mask. The logon mask determines which IP addresses are affected by the logon console, including password logon and single sign-on (SSO), but API calls made using the access key are not affected.
+        - If the mask is specified, RAM users can only log on from the specified IP address.
+        - If you do not specify any mask, the login console function will apply to the entire network.
+
+        When you need to configure multiple login masks, use a semicolon (;) to separate them, for example: 192.168.0.0/16;10.0.0.0/8.
+
+        Configure a maximum of 40 logon masks, with a total length of 512 characters.
         """
         return pulumi.get(self, "login_network_masks")
 
@@ -501,7 +852,42 @@ class SecurityPreference(pulumi.CustomResource):
     @pulumi.getter(name="loginSessionDuration")
     def login_session_duration(self) -> pulumi.Output[builtins.int]:
         """
-        The validity period of the logon session of RAM users. Valid values: 6 to 24. Unit: hours. Default value: 6.
+        The validity period of the logon session of RAM users.
+        Valid values: 1 to 24. Unit: hours.
+        Default value: 6.
         """
         return pulumi.get(self, "login_session_duration")
 
+    @property
+    @pulumi.getter(name="mfaOperationForLogin")
+    def mfa_operation_for_login(self) -> pulumi.Output[builtins.str]:
+        """
+        MFA must be used during logon (replace the original EnforceMFAForLogin parameter, the original parameter is still valid, we recommend that you update it to a new parameter). Value:
+        - mandatory: mandatory for all RAM users. The original value of EnforceMFAForLogin is true.
+        - independent (default): depends on the independent configuration of each RAM user. The original value of EnforceMFAForLogin is false.
+        - adaptive: Used only during abnormal login.
+        """
+        return pulumi.get(self, "mfa_operation_for_login")
+
+    @property
+    @pulumi.getter(name="operationForRiskLogin")
+    def operation_for_risk_login(self) -> pulumi.Output[builtins.str]:
+        """
+        Whether MFA is verified twice during abnormal logon. Value:
+        - autonomous (default): Skip, do not force binding.
+        - enforceVerify: Force binding validation.
+        """
+        return pulumi.get(self, "operation_for_risk_login")
+
+    @property
+    @pulumi.getter(name="verificationTypes")
+    def verification_types(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+        """
+        Means of multi-factor authentication. Value:
+        - sms: secure phone.
+        - email: Secure mailbox.
+
+        The following arguments will be discarded. Please use new fields as soon as possible:
+        """
+        return pulumi.get(self, "verification_types")
+