This topic describes how to create a RAM role for a trusted Alibaba Cloud service. You can create a RAM role for three types of trusted entities: trusted Alibaba Cloud accounts, trusted Alibaba Cloud services, and trusted identity providers (IdPs).


  1. Log on to the RAM console.
  2. In the left-side navigation pane, click RAM Roles.
  3. Click Create RAM Role, select Alibaba Cloud Service, and then click Next.
  4. Enter a RAM role name and description.
  5. Select a trusted Alibaba Cloud service and click OK.
    Note For more information about the trusted services, see the RAM console.

What to do next

After you create a RAM role, you can click Add Permissions to RAM Role to grant permission to this role. For more information, see Grant permission to a RAM user.