To implement fine-grained access control and improve account security, you can use Resource Access Management (RAM) to grant management permissions on ApsaraDB for Redis instances to RAM users. The authorized RAM users can then access ApsaraDB for Redis instances.
Background information
RAM is an identity and access control service that is provided by Alibaba Cloud. RAM allows you to create and manage RAM users for employees, systems, applications, and other identities. You can manage the permissions of RAM users to control their access to Alibaba Cloud resources.
If multiple users in your enterprise need to access the same resources, you can use RAM to grant the minimum permissions to these users. This eliminates the need to share the AccessKey pair of your Alibaba Cloud account with these users and reduces security risks. For more information, see What is RAM?
Scenarios
- Authorize a RAM user to manage ApsaraDB for Redis instances in the specified Resource Group.
- Authorize a RAM user to manage all ApsaraDB for Redis instances within your Alibaba Cloud account.
You can create a custom policy to provide finer-grained access control if the default system policies provided by RAM cannot meet your requirements. For more information, see Authorize RAM users to manage ApsaraDB for Redis instances by using custom policies.
Procedure
- Log on to the RAM console with an Alibaba Cloud account.
- Create a RAM user.
- In the left-side navigation pane, choose .
- On the Users page, find the RAM user to which you want to attach the custom policy, and click Add Permissions in the Actions column.
- In the Add Permissions panel, grant permissions to the RAM user.
- Click OK.
- Click Complete.