You can use RAM users to avoid sharing the AccessKey pair of your Alibaba Cloud account with other users. You can grant permissions to RAM users based on the principle of least privilege to minimize security risks for your enterprise. This topic describes how to grant RAM users the permissions on prefix lists.

Background information

This topic describes how to grant RAM users the permissions on prefix lists. If you want to use other resources in the Resource Access Management (RAM) console, you must attach policies that correspond to the resources to RAM users. For example, you can click System Policy and click AliyunECSReadOnlyAccess to grant the read-only permissions on Elastic Compute Service (ECS).

Procedure

  1. Log on to the RAM console by using your Alibaba Cloud account.
  2. Create the policies on prefix lists. For more information, see Create a custom policy.
    PrefixListPolicy
    Create the PrefixListPolicy policy. The following code shows the content of the policy:
    {
        "Statement": [
            {
                "Action": [
                    "ecs:CreatePrefixList",
                    "ecs:ModifyPrefixList",
                    "ecs:DescribePrefixLists",
                    "ecs:DescribePrefixListAssociations",
                    "ecs:DescribePrefixListAttributes",
                    "ecs:DeletePrefixList"
                ],
                "Resource": "*",
                "Effect": "Allow"
            }
        ],
        "Version": "1"
    }
    Note The preceding code shows only authentication rules for prefix lists. For more information about ECS-related authentication rules, see Authentication rules.
  3. Grant RAM users the permissions on prefix lists. For more information, see Grant permissions to a RAM user.
    Grant permissions
    After the permissions are granted, you can use the RAM users to manage prefix lists.