Use RAM to limit the time of access to Alibaba Cloud resources

Solution

To allow a RAM user to access Alibaba Cloud resources only during a specified period, create a custom policy and attach the policy to the RAM user.

1. Create a RAM user. For more information, see Create a RAM user.
2. Create a custom policy. For more information, see Create a custom policy.
3. Attach the policy to the RAM user. For more information, see Grant permissions to a RAM user.

Create a custom policy

1. In the left-side navigation pane, click Policies under Permissions.
2. On the Policies page, click Create Policy.
3. On the Create Custom Policy page, specify the Policy Name and Note parameters.
4. In the Configuration Mode section, select Script. Copy and paste the following sample script to the Policy Document section, and then edit the script based on your business requirements.
   

   If the following policy is attached to a RAM user, the RAM user can access ECS instances only before 17:00 on August 12, 2019 (UTC+8). This is because the acs:CurrentTime parameter in the Condition element is set to 2019-08-12T17:00:00+08:00.

   {
     "Statement": [
       {
         "Action": "ecs:*",
         "Effect": "Allow",
         "Resource": "*",
         "Condition": {
             "DateLessThan": {
                 "acs:CurrentTime": "2019-08-12T17:00:00+08:00"
             }
         }
       }
     ],
     "Version": "1"
   }

   Note The Condition element applies only to the actions that are specified in the policy. You can change the 2019-08-12T17:00:00+08:00 value based on your business requirements.
5. Click OK.