This topic describes the release notes for Resource Access Management (RAM) features and provides links to the relevant references.
May 2023
Feature | Feature description | Release date | Region | References |
Permission diagnostics | The permission diagnostics feature is provided to troubleshoot access errors that are reported due to no permissions. | 2023-05 | N/A | How do I troubleshoot an access error that is reported due to no permissions? |
March 2023
Feature | Feature description | Release date | Region | References |
Services that work with RAM | RAM is available for Remote Service of Hybrid Cloud Storage. | 2023-03 | N/A | |
Services that work with STS | STS is available for Remote Service of Hybrid Cloud Storage. | 2023-03 | N/A | |
STS | The | 2023-03 | N/A |
February 2023
Feature | Feature description | Release date | Region | References |
Services that work with RAM | RAM is available for Resource Center. | 2023-02 | N/A | |
Services that work with STS | STS is available for Resource Center. | 2023-02 | N/A | |
Recycle bin | RAM supports the recycle bin feature. When you delete RAM users or the AccessKey pairs of a RAM user, the RAM users or the AccessKey pairs are first moved to the recycle bin. Then, the RAM users or the AccessKey pairs are automatically deleted from the recycle bin on a regular basis. You can also manually delete or restore the RAM users or the AccessKey pairs from the recycle bin. This feature helps minimize the adverse impacts that are caused by accidental deletion of RAM users or AccessKey pairs. | 2023-02 | N/A |
January 2023
Feature | Feature description | Release date | Region | References |
Multi-factor authentication (MFA) optimization | Only one verification code is required when you bind a virtual MFA device to a RAM user. | 2023-01 | N/A |
December 2022
Feature | Feature description | Release date | Region | References |
Tags | Tags can be added to RAM users. This way, you can manage the RAM users based on the tags. | 2022-12 | N/A |
November 2022
Feature | Feature description | Release date | Region | References |
Services that work with RAM | RAM is available for IPv6 Gateway. | 2022-11 | N/A | |
RAM is available for VPC peering connection. | ||||
Services that work with STS | STS is available for IPv6 Gateway. | 2022-11 | N/A | |
STS is available for VPC peering connection. |
August 2022
Feature | Feature description | Release date | Region | References |
Services that work with RAM | RAM is available for virtual private cloud (VPC) prefix lists. | 2022-08 | N/A | |
Services that work with STS | STS is available for VPC prefix lists. | 2022-08 | N/A |
July 2022
Feature | Feature description | Release date | Region | References |
Services that work with RAM | RAM is available for Cloud Data Transfer (CDT). | 2022-07 | N/A | |
RAM is available for Network SLB Service (NLB). | ||||
RAM is available for Elastic Block Storage (EBS). | ||||
Services that work with STS | STS is available for CDT. | 2022-07 | N/A | |
STS is available for NLB. | ||||
STS is available for EBS. |
June 2022
Feature | Feature description | Release date | Region | References |
Services that work with RAM | RAM is available for Anycast Elastic IP Address (Anycast EIP). | 2022-06 | N/A | |
Services that work with STS | STS is available for Anycast EIP. | 2022-06 | N/A |
April 2022
Feature | Feature description | Release date | Region | References |
Custom policy creation by importing templates | Policy templates that are created based on years of business practices are provided. The policy templates are suitable for common scenarios. For example, RAM provides policy templates that are applicable to system administrators, financial personnel, and network administrators. You need to only import an appropriate policy template and modify the template based on your business requirements. This way, you can create a custom policy in a convenient manner. | 2022-04 | N/A |
March 2022
Feature | Feature description | Release date | Region | References |
Services that work with RAM | RAM is available for the industry-specific plug-in PAI-Plugin that is provided by Machine Learning. | 2022-03 | N/A | |
RAM is available for Alibaba Cloud Distributed Cloud Container Platform (ACK One). | ||||
Services that work with STS | STS is available for the industry-specific plug-in PAI-Plugin that is provided by Machine Learning. | 2022-03 | N/A | |
STS is available for ACK One. |
December 2021
Feature | Feature description | Release date | Region | References |
Services that work with RAM | RAM is available for Compute Nest. | 2021-12 | N/A | |
Services that work with STS | STS is available for Compute Nest. | 2021-12 | N/A |
November 2021
Feature | Feature description | Release date | Region | References |
OIDC-based SSO | OpenID Connect (OIDC)-based single sign-on (SSO) is supported. An enterprise can use an OIDC token that is issued by an identity provider (IdP) to call an Alibaba Cloud operation to assume a specific RAM role and use the OIDC token to obtain an STS token. Then, the enterprise can use the STS token to access Alibaba Cloud resources. | 2021-11 | N/A | |
MFA for sensitive operations | MFA is required for sensitive operations. If a RAM user for which MFA is enabled wants to perform a sensitive operation in the Alibaba Cloud Management Console, risk control is triggered and the RAM user is required to pass MFA again. The RAM user can perform the sensitive operation only after the RAM user enters a valid MFA verification code. | 2021-11 | N/A | MFA for sensitive operations MFA for sensitive operations |
Services that work with RAM | RAM is available for Alibaba Cloud Genomics Service (AGS). | 2021-11 | N/A | |
Services that work with STS | STS is available for AGS. | 2021-11 | N/A |
September 2021
Feature | Feature description | Release date | Region | References |
Services that work with RAM | RAM is available for Cloud Governance Center. | 2021-09 | N/A | |
Services that work with STS | STS is available for Cloud Governance Center. | 2021-09 | N/A |
August 2021
Feature | Feature description | Release date | Region | References |
CloudSSO | CloudSSO is integrated with Alibaba Cloud Resource Directory to provide unified multi-account identity management and access control. You can use CloudSSO to centrally manage users of an enterprise who need to access Alibaba Cloud resources and assign access permissions on the accounts in a resource directory to the users. You can also configure settings to implement SSO access to Alibaba Cloud resources from an IdP. You need to configure the settings only once. | 2021-08 | China (Shanghai) and US (Silicon Valley) | |
Services that work with RAM | RAM is available for Machine Translation. | 2021-08 | N/A | |
RAM is available for CloudSSO. | ||||
Services that work with STS | STS is available for Machine Translation. | 2021-08 | N/A | |
STS is available for CloudSSO. | ||||
STS is available for Simple Application Server. | ||||
STS is available for Application Real-Time Monitoring Service. | ||||
STS is available for Enterprise Distributed Application Service. | ||||
STS is available for Fraud Detection. |
April 2021
Feature | Feature description | Release date | Region | References |
Services that work with RAM | RAM is available for Alibaba Cloud Public DNS. | 2021-04 | N/A | |
Services that work with STS | STS is available for Alibaba Cloud Public DNS. | 2021-04 | N/A |
March 2021
Feature | Feature description | Release date | Region | References |
FIDO U2F | FIDO Universal 2nd Factor (FIDO U2F) is a widely used MFA protocol that is created by the FIDO Alliance. U2F security keys are a type of MFA device that supports the U2F protocol. For more information, visit FIDO Alliance. After a U2F security key is enabled, two authentication factors are required when a RAM user logs on to Alibaba Cloud.
| 2021-03 | All regions |
September 2020
Feature | Feature description | Release date | Region | References |
Services that work with RAM | RAM is available for the Tag service. | 2020-09 | N/A | |
Services that work with STS | STS is available for the Tag service. | 2020-09 | N/A |
July 2020
Feature | Feature description | Release date | Region | References |
Resource group-based authorization in the RAM console | A RAM user, RAM user group, or RAM role can be granted permissions in the RAM or Resource Management console. The permissions on the resources of an Alibaba Cloud account or on a specific resource group can be granted. The permissions of a RAM user, RAM user group, or RAM role can also be revoked. | 2020-07 | All regions | N/A |
June 2020
Feature | Feature description | Release date | Region | References |
Services that work with RAM | RAM is available for Time Series Database (TSDB) for InfluxDB. | 2020-06 | N/A | |
Version rotation of custom policies | When you modify a custom policy that has five versions in the RAM console, the earliest version that is not in use can be replaced with the latest version. | 2020-06 | All regions |
May 2020
Feature | Feature description | Release date | Region | References |
Configuration of the maximum role session duration | The maximum role session duration can be configured in the RAM console. The configuration applies when you log on to the console by using role-based SSO or when you use the console or call an API operation to assume a RAM role. | 2020-05 | All regions |
March 2020
Feature | Feature description | Release date | Region | References |
Services that work with RAM | RAM is available for AnalyticDB for MySQL. | 2020-03 | N/A | |
Services that work with STS | STS is available for Elastic High Performance Computing (E-HPC). | 2020-03 | N/A | |
Service-linked role | Service-linked roles are provided by Alibaba Cloud RAM. Service-linked roles can be used to simplify the process of authorizing an Alibaba Cloud service to access other services and use a specific feature. Alibaba Cloud RAM provides service-linked roles for such scenarios. | 2020-03 | All regions | |
Configuration of the maximum role session duration | A new parameter named MaxSessionDuration is provided in API operations to specify the maximum session duration of a RAM role. | 2020-03 | All regions |
February 2020
Feature | Feature description | Release date | Region | References |
Services that work with STS | STS is available for Dynamic Route for CDN (DCDN). | 2020-02 | N/A |
January 2020
Feature | Feature description | Release date | Region | References |
Services that work with STS | STS is available for ApsaraVideo Live. | 2020-01 | N/A |
December 2019
Feature | Feature description | Release date | Region | References |
Services that work with RAM | RAM is available for Server Migration Center (SMC). | 2019-12 | N/A |
November 2019
Feature | Feature description | Release date | Region | References |
User credential report | A user credential report that contains the details of your Alibaba Cloud account and RAM users can be generated and downloaded in the RAM console. The details include logon passwords, AccessKey pairs, and MFA devices. | 2019-11-15 | All regions | |
Services that work with STS | STS is available for Cloud Backup. | 2019-11 | N/A |
October 2019
Feature | Feature description | Release date | Region | References |
Services that work with RAM | RAM is available for ID Verification for Financial Services. | 2019-10 | N/A | |
RAM is available for AnalyticDB for PostgreSQL. | ||||
Services that work with STS | STS is available for Cloud Enterprise Network. | 2019-10 | N/A | |
STS is available for E-MapReduce. |
September 2019
Feature | Feature description | Release date | Region | References |
Enabling or disabling of console logons for RAM users | The access of RAM users to the console can be enabled and disabled. You can retain the password, MFA, and other logon settings when you disable the access of RAM users to the console. You can also clear console logon settings. | 2019-09-09 | All regions | |
Services that work with RAM | RAM is available for Logic Composer. | 2019-09 | N/A |
June 2019
Feature | Feature description | Release date | Region | References |
Auxiliary domain names for user-based SSO | The configuration of user-based SSO can be simplified by using auxiliary domain names. | 2019-06-28 | All regions |
April 2019
Feature | Feature description | Release date | Region | References |
SSO | Alibaba Cloud supports Security Assertion Markup Language (SAML) 2.0-based SSO. This feature is also known as identity federation. SSO can be implemented between an enterprise identity service and Alibaba Cloud. | 2019-04-04 | All regions |
November 2018
Feature | Feature description | Release date | Region | References |
RAM console | The RAM console is updated. | 2018-11-15 | All regions |