All Products
Search
Document Center

Resource Access Management:Release notes

Last Updated:Oct 26, 2023

This topic describes the release notes for Resource Access Management (RAM) features and provides links to the relevant references.

May 2023

Feature

Feature description

Release date

Region

References

Permission diagnostics New

The permission diagnostics feature is provided to troubleshoot access errors that are reported due to no permissions.

2023-05

N/A

How do I troubleshoot an access error that is reported due to no permissions?

March 2023

Feature

Feature description

Release date

Region

References

Services that work with RAM

RAM is available for Remote Service of Hybrid Cloud Storage.

2023-03

N/A

Services that work with RAM

Services that work with STS

STS is available for Remote Service of Hybrid Cloud Storage.

2023-03

N/A

Services that work with STS

STS

The ExternalId parameter is supported by STS. When you call an STS operation to assume a RAM role, you must specify the external ID of the RAM role. This helps prevent the confused deputy problem and enhance security during RAM role assuming.

2023-03

N/A

February 2023

Feature

Feature description

Release date

Region

References

Services that work with RAM

RAM is available for Resource Center.

2023-02

N/A

Services that work with RAM

Services that work with STS

STS is available for Resource Center.

2023-02

N/A

Services that work with STS

Recycle bin New

RAM supports the recycle bin feature. When you delete RAM users or the AccessKey pairs of a RAM user, the RAM users or the AccessKey pairs are first moved to the recycle bin. Then, the RAM users or the AccessKey pairs are automatically deleted from the recycle bin on a regular basis. You can also manually delete or restore the RAM users or the AccessKey pairs from the recycle bin. This feature helps minimize the adverse impacts that are caused by accidental deletion of RAM users or AccessKey pairs.

2023-02

N/A

January 2023

Feature

Feature description

Release date

Region

References

Multi-factor authentication (MFA) optimization

Only one verification code is required when you bind a virtual MFA device to a RAM user.

2023-01

N/A

Bind an MFA device to a RAM user

December 2022

Feature

Feature description

Release date

Region

References

Tags

Tags can be added to RAM users. This way, you can manage the RAM users based on the tags.

2022-12

N/A

Add a tag to a RAM user

November 2022

Feature

Feature description

Release date

Region

References

Services that work with RAM

RAM is available for IPv6 Gateway.

2022-11

N/A

Services that work with RAM

RAM is available for VPC peering connection.

Services that work with STS

STS is available for IPv6 Gateway.

2022-11

N/A

Services that work with STS

STS is available for VPC peering connection.

August 2022

Feature

Feature description

Release date

Region

References

Services that work with RAM

RAM is available for virtual private cloud (VPC) prefix lists.

2022-08

N/A

Services that work with RAM

Services that work with STS

STS is available for VPC prefix lists.

2022-08

N/A

Services that work with STS

July 2022

Feature

Feature description

Release date

Region

References

Services that work with RAM

RAM is available for Cloud Data Transfer (CDT).

2022-07

N/A

Services that work with RAM

RAM is available for Network SLB Service (NLB).

RAM is available for Elastic Block Storage (EBS).

Services that work with STS

STS is available for CDT.

2022-07

N/A

Services that work with STS

STS is available for NLB.

STS is available for EBS.

June 2022

Feature

Feature description

Release date

Region

References

Services that work with RAM

RAM is available for Anycast Elastic IP Address (Anycast EIP).

2022-06

N/A

Services that work with RAM

Services that work with STS

STS is available for Anycast EIP.

2022-06

N/A

Services that work with STS

April 2022

Feature

Feature description

Release date

Region

References

Custom policy creation by importing templates

Policy templates that are created based on years of business practices are provided. The policy templates are suitable for common scenarios. For example, RAM provides policy templates that are applicable to system administrators, financial personnel, and network administrators. You need to only import an appropriate policy template and modify the template based on your business requirements. This way, you can create a custom policy in a convenient manner.

2022-04

N/A

Create a custom policy by importing a policy template

March 2022

Feature

Feature description

Release date

Region

References

Services that work with RAM

RAM is available for the industry-specific plug-in PAI-Plugin that is provided by Machine Learning.

2022-03

N/A

Services that work with RAM

RAM is available for Alibaba Cloud Distributed Cloud Container Platform (ACK One).

Services that work with STS

STS is available for the industry-specific plug-in PAI-Plugin that is provided by Machine Learning.

2022-03

N/A

Services that work with STS

STS is available for ACK One.

December 2021

Feature

Feature description

Release date

Region

References

Services that work with RAM

RAM is available for Compute Nest.

2021-12

N/A

Services that work with RAM

Services that work with STS

STS is available for Compute Nest.

2021-12

N/A

Services that work with STS

November 2021

Feature

Feature description

Release date

Region

References

OIDC-based SSO

OpenID Connect (OIDC)-based single sign-on (SSO) is supported. An enterprise can use an OIDC token that is issued by an identity provider (IdP) to call an Alibaba Cloud operation to assume a specific RAM role and use the OIDC token to obtain an STS token. Then, the enterprise can use the STS token to access Alibaba Cloud resources.

2021-11

N/A

Overview of OIDC-based SSO

MFA for sensitive operations

MFA is required for sensitive operations. If a RAM user for which MFA is enabled wants to perform a sensitive operation in the Alibaba Cloud Management Console, risk control is triggered and the RAM user is required to pass MFA again. The RAM user can perform the sensitive operation only after the RAM user enters a valid MFA verification code.

2021-11

N/A

MFA for sensitive operations MFA for sensitive operations

Services that work with RAM

RAM is available for Alibaba Cloud Genomics Service (AGS).

2021-11

N/A

Services that work with RAM

Services that work with STS

STS is available for AGS.

2021-11

N/A

Services that work with STS

September 2021

Feature

Feature description

Release date

Region

References

Services that work with RAM

RAM is available for Cloud Governance Center.

2021-09

N/A

Services that work with RAM

Services that work with STS

STS is available for Cloud Governance Center.

2021-09

N/A

Services that work with STS

August 2021

Feature

Feature description

Release date

Region

References

CloudSSO

CloudSSO is integrated with Alibaba Cloud Resource Directory to provide unified multi-account identity management and access control. You can use CloudSSO to centrally manage users of an enterprise who need to access Alibaba Cloud resources and assign access permissions on the accounts in a resource directory to the users. You can also configure settings to implement SSO access to Alibaba Cloud resources from an IdP. You need to configure the settings only once.

2021-08

China (Shanghai) and US (Silicon Valley)

What is CloudSSO?

Services that work with RAM

RAM is available for Machine Translation.

2021-08

N/A

Services that work with RAM

RAM is available for CloudSSO.

Services that work with STS

STS is available for Machine Translation.

2021-08

N/A

Services that work with STS

STS is available for CloudSSO.

STS is available for Simple Application Server.

STS is available for Application Real-Time Monitoring Service.

STS is available for Enterprise Distributed Application Service.

STS is available for Fraud Detection.

April 2021

Feature

Feature description

Release date

Region

References

Services that work with RAM

RAM is available for Alibaba Cloud Public DNS.

2021-04

N/A

Services that work with RAM

Services that work with STS

STS is available for Alibaba Cloud Public DNS.

2021-04

N/A

Services that work with STS

March 2021

Feature

Feature description

Release date

Region

References

FIDO U2F

FIDO Universal 2nd Factor (FIDO U2F) is a widely used MFA protocol that is created by the FIDO Alliance. U2F security keys are a type of MFA device that supports the U2F protocol. For more information, visit FIDO Alliance.

After a U2F security key is enabled, two authentication factors are required when a RAM user logs on to Alibaba Cloud.

  1. First factor: Enter the username and password of the RAM user.

  2. Second factor: Plug the U2F security key into a USB port on a computer and tap the key to complete the logon process.

2021-03

All regions

September 2020

Feature

Feature description

Release date

Region

References

Services that work with RAM

RAM is available for the Tag service.

2020-09

N/A

Services that work with RAM

Services that work with STS

STS is available for the Tag service.

2020-09

N/A

Services that work with STS

July 2020

Feature

Feature description

Release date

Region

References

Resource group-based authorization in the RAM console

A RAM user, RAM user group, or RAM role can be granted permissions in the RAM or Resource Management console. The permissions on the resources of an Alibaba Cloud account or on a specific resource group can be granted. The permissions of a RAM user, RAM user group, or RAM role can also be revoked.

2020-07

All regions

N/A

June 2020

Feature

Feature description

Release date

Region

References

Services that work with RAM

RAM is available for Time Series Database (TSDB) for InfluxDB.

2020-06

N/A

Services that work with RAM

Version rotation of custom policies

When you modify a custom policy that has five versions in the RAM console, the earliest version that is not in use can be replaced with the latest version.

2020-06

All regions

Manage custom policy versions

May 2020

Feature

Feature description

Release date

Region

References

Configuration of the maximum role session duration

The maximum role session duration can be configured in the RAM console. The configuration applies when you log on to the console by using role-based SSO or when you use the console or call an API operation to assume a RAM role.

2020-05

All regions

Specify the maximum session duration for a RAM role

March 2020

Feature

Feature description

Release date

Region

References

Services that work with RAM

RAM is available for AnalyticDB for MySQL.

2020-03

N/A

Services that work with RAM

Services that work with STS

STS is available for Elastic High Performance Computing (E-HPC).

2020-03

N/A

Services that work with STS

Service-linked role

Service-linked roles are provided by Alibaba Cloud RAM. Service-linked roles can be used to simplify the process of authorizing an Alibaba Cloud service to access other services and use a specific feature. Alibaba Cloud RAM provides service-linked roles for such scenarios.

2020-03

All regions

Service-linked roles

Configuration of the maximum role session duration

A new parameter named MaxSessionDuration is provided in API operations to specify the maximum session duration of a RAM role.

2020-03

All regions

February 2020

Feature

Feature description

Release date

Region

References

Services that work with STS

STS is available for Dynamic Route for CDN (DCDN).

2020-02

N/A

Services that work with STS

January 2020

Feature

Feature description

Release date

Region

References

Services that work with STS

STS is available for ApsaraVideo Live.

2020-01

N/A

Services that work with STS

December 2019

Feature

Feature description

Release date

Region

References

Services that work with RAM

RAM is available for Server Migration Center (SMC).

2019-12

N/A

Services that work with RAM

November 2019

Feature

Feature description

Release date

Region

References

User credential report

A user credential report that contains the details of your Alibaba Cloud account and RAM users can be generated and downloaded in the RAM console. The details include logon passwords, AccessKey pairs, and MFA devices.

2019-11-15

All regions

Generate and download user credential reports

Services that work with STS

STS is available for Cloud Backup.

2019-11

N/A

Services that work with STS

October 2019

Feature

Feature description

Release date

Region

References

Services that work with RAM

RAM is available for ID Verification for Financial Services.

2019-10

N/A

Services that work with RAM

RAM is available for AnalyticDB for PostgreSQL.

Services that work with STS

STS is available for Cloud Enterprise Network.

2019-10

N/A

Services that work with STS

STS is available for E-MapReduce.

Services that work with STS

September 2019

Feature

Feature description

Release date

Region

References

Enabling or disabling of console logons for RAM users

The access of RAM users to the console can be enabled and disabled. You can retain the password, MFA, and other logon settings when you disable the access of RAM users to the console. You can also clear console logon settings.

2019-09-09

All regions

Manage console logon settings for a RAM user

Services that work with RAM

RAM is available for Logic Composer.

2019-09

N/A

Services that work with RAM

June 2019

Feature

Feature description

Release date

Region

References

Auxiliary domain names for user-based SSO

The configuration of user-based SSO can be simplified by using auxiliary domain names.

2019-06-28

All regions

Overview of user-based SSO

April 2019

Feature

Feature description

Release date

Region

References

SSO

Alibaba Cloud supports Security Assertion Markup Language (SAML) 2.0-based SSO. This feature is also known as identity federation. SSO can be implemented between an enterprise identity service and Alibaba Cloud.

2019-04-04

All regions

SSO overview

November 2018

Feature

Feature description

Release date

Region

References

RAM console

The RAM console is updated.

2018-11-15

All regions

RAM documentation