This topic describes how to create a Resource Access Management (RAM) user by using Terraform.

Method 1: Use a Terraform resource

  1. Create a RAM user.
    1. Create the terraform.tf file, enter the following content, and save the file to the current working directory.
      resource "alicloud_ram_user" "user" {
        name         = "user_test"
        display_name = "TestAccount"
        mobile       = "86-18688888888"
        email        = "example@example.com"
        comments     = "yoyoyo"
        force        = true                   
      }
    2. Run the terraform apply command to create the RAM user.
    3. Run the terraform show command to view the created RAM user. You can also log on to the RAM console to view the created user.
  2. Specify the console logon password.
    1. In terraform.tf, add the following content:
      resource "alicloud_ram_login_profile" "profile" {
        user_name = alicloud_ram_user.user.name
        password  = "! Test@123456"
      }
    2. Run the terraform apply command to create the account password security policy.
    3. Run the terraform show command to view the created account password security policy. You can also use the newly created user to log on to the RAM console and view the policy.
  3. Create an AccessKey pair.
    1. In terraform.tf, add the following content:
      resource "alicloud_ram_access_key" "ak" {
        user_name   = alicloud_ram_user.user.name
        secret_file = "accesskey.txt"                # Save the AccessKey file name.
      }
    2. Run the terraform apply command to create the AccessKey pair.
    3. Open accesskey.txt to view the created AccessKey pair.
  4. Create a RAM user group.
    1. In terraform.tf, add the following content:
      resource "alicloud_ram_group" "group" {
        name     = "test_ram_group"
        force    = true
      }
    2. Run the terraform apply command to create the RAM user group.
    3. Run the terraform show command to view the created RAM user group. You can also log on to the RAM console to view the user group.
  5. Add users to the user group.
    1. In terraform.tf, add the following content:
      resource "alicloud_ram_group_membership" "membership" {
        group_name = alicloud_ram_group.group.name
        user_names = [alicloud_ram_user.user.name]
      }
    2. Run the terraform apply command to add users to the user group.
    3. Run the terraform show command to view users in the RAM user group. You can also log on to the RAM console to view users in the RAM user group.
The complete code is as follows:
provider "alicloud" {
}

resource "alicloud_ram_user" "user" {
  name         = "user_test"
  display_name = "TestAccount"
  mobile       = "86-18688888888"
  email        = "example@example.com"
  comments     = "yoyoyo"
  force        = true
}

resource "alicloud_ram_login_profile" "profile" {
  user_name = alicloud_ram_user.user.name
  password  = "! Test@123456"
}

resource "alicloud_ram_access_key" "ak" {
  user_name   = alicloud_ram_user.user.name
  secret_file = "accesskey.txt"
}

resource "alicloud_ram_group" "group" {
  name     = "test_ram_group"
  comments = "this is a group comments."
  force    = true
}

resource "alicloud_ram_group_membership" "membership" {
  group_name = alicloud_ram_group.group.name
  user_names = [alicloud_ram_user.user.name]
}

Method 2: Use a Terraform module

To facilitate RAM resource creation, Alibaba Cloud provides a Terraform module called terraform-alicloud-ram. The following code provides a simple example of how to use the module:
module "ram_user" {
   // Reference the source URL of the module.
   source = "terraform-alicloud-modules/ram/alicloud"
   // Specify the name of the RAM user.
   name = "terraformtest1"
   // Specify whether to create a console logon credential.
   create_ram_user_login_profile = true
   // Specify the console logon password.
   password = "User@123"
   // Specify whether to create an AccessKey pair.
   create_ram_access_key = true
   // Specify whether to grant administrator permissions.
   is_admin = true
 }

When create_ram_access_key is set to true, a secret.txt file used to store key information is generated in the current path. When is_admin is set to true, certain administrator permissions are automatically granted to the user.