After you add tags to your Elastic Compute Service (ECS) resources, you can use the tags to categorize the resources and control access to them. This topic describes how to attach a policy to a RAM user so that the user can use tags to control access to ECS instances.
Prerequisites
A RAM user is created by using your Alibaba Cloud account. For more information, see Create a RAM user.
Background information
Tags are used to identify cloud resources. You can use tags to categorize, search for, and aggregate cloud resources that have the same characteristics. This simplifies resource management. You can add multiple tags to each cloud resource.
Alibaba Cloud implements policy-based access control. You can configure RAM policies based on roles of RAM users. You can define multiple tags in each policy and attach one or more policies to RAM users or RAM user groups. If you want to control which resources are accessible to RAM users, you can create custom policies that contain tags to implement access control on resources.
You can add tags to ECS resources and resources of other Alibaba Cloud services. By default, all resources within the current region are displayed in the resource list. If you want to control which resources are accessible to RAM users, you can create custom policies that contain tags to implement access control on resources.
Step 1: Create a RAM policy by using your Alibaba Cloud account and attach the policy to a RAM user
This section describes how to use an Alibaba Cloud account to create a custom policy
that contains specific tags and attach this policy to a RAM user. In the example,
the UseTagAccessRes custom policy, the userTest RAM user, and the owner: zhangsan
and environment: production
tags are used.
Step 2: Add tags to existing resources by using your Alibaba Cloud account
You can attach tags to existing resources to control access to the resources. This section describes how to use an Alibaba Cloud account to create an ECS instance and add a tag to the instance.
- Log on to the ECS console.
- In the left-side navigation pane, click Tags.
- On the Tags page, click Create Custom Tags. In the Create Custom Tags dialog box, create the
owner: zhangsan
andenvironment: production
tags and add them to existing ECS instances. For more information about how to add a tag to a resource, see Create or bind a tag.
Step 3: Access instances to which tags are added by using the RAM user
Use the userTest RAM user who is attached with the UseTagAccessRes policy to log on to the ECS console and access instances to which tags are added.