You can create RAM roles for three types of trusted entity: Alibaba Cloud account, Alibaba Cloud service, and identity provider (IdP). This topic describes how to create a RAM role for a trusted Alibaba Cloud service.

Background information

Two types of RAM role are available for a trusted Alibaba Cloud service:

  • Normal service role: You need to name the RAM role, select a trusted service, and attach permission policies to the RAM role.
  • Service linked role: You only need to select a trusted service. The name and policy of the RAM role are predefined by the service. For more information, see Service linked roles.

Create a normal service role

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, click RAM Roles.
  3. On the RAM Roles page, click Create RAM Role.
  4. In the Create RAM Role pane, select Alibaba Cloud Service for the Trusted Entity Type parameter, and then click Next.
  5. Select Normal Service Role for the Role Type parameter.
  6. Specify the RAM Role Name and Note parameters.
  7. Select a trusted service.
    Note Available services are listed in the Select Trusted Service drop-down list.
  8. Click OK.

After you create a RAM role, the RAM role has no permissions by default. You can click Add Permissions to RAM Role to grant permissions to the RAM role. For more information, see Grant permissions to a RAM role.

Create a service linked role

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, click RAM Roles.
  3. On the RAM Roles page, click Create RAM Role.
  4. In the Create RAM Role pane, select Alibaba Cloud Service for the Trusted Entity Type parameter, and then click Next.
  5. Select Service Linked Role for the Role Type parameter.
  6. Select a service.
    After you select a service, you can view the name, description, and policy that are predefined for the service linked role. You can click View Policy Details to view the detailed information of the policy.
    Note Available services are listed in the Select Trusted Service drop-down list.
  7. Click OK.