In the latest version of Cloud Firewall, the Internet access analysis feature is included. To enable this feature, Cloud Firewall has to display your IP addresses and port information. Therefore, you must grant Cloud Firewall the permission to call the SLB API.


To grant Cloud Firewall the access to cloud resources, you must have one of the following accounts:

  • An Alibaba Cloud primary account
  • A RAM user account with the AliyunRAMFullAccess permission
Note You cannot use a RAM user account without the AliyunRAMFullAccess permission to grant Cloud Firewall the access to cloud resources.

Authorization procedure

  1. Click Confirm Authorization Policy.
    This grants Cloud Firewall the following permissions:
    • AliyunCloudFirewallAccessingECSRole: Allows Cloud Firewall to access ECS instances.
    • AliyunCloudFirewallDefautlRole: Allows Cloud Firewall to access other cloud services, such as OSS and SLB.

    After the authorization is complete, the system automatically returns to the Cloud Firewall console.

    Note AliyunCloudFirewallAccessingECSRole and AliyunCloudFirewallDefautlRole are default permissions and are both required.