All Products
Search
Document Center

Elastic Compute Service:Grant a RAM user permissions on prefix lists

Last Updated:Aug 03, 2023

You can create Resource Access Management (RAM) users and grant them minimum permissions. This eliminates the need to share the AccessKey pair of your Alibaba Cloud account with other users and reduces security risks for your enterprises. This topic describes how to grant a RAM user permissions on prefix lists.

Background information

This topic describes how to grant a RAM user permissions on prefix lists. If you want to use other resources in the Alibaba Cloud Management Console as a RAM user, you must attach policies that correspond to the resources to the RAM user in the RAM console. For example, you can attach the system policy AliyunECSReadOnlyAccess to grant the read-only permissions on Elastic Compute Service (ECS).

Procedure

  1. Log on to the RAM console with your Alibaba Cloud account.

  2. Create a policy on prefix lists. For more information, see the "Create a custom policy on the JSON tab" section of Create a custom policy.

    Create a policy named PrefixListPolicy and enter the following content for the policy:

    {
        "Statement": [
            {
                "Action": [
                    "ecs:CreatePrefixList",
                    "ecs:ModifyPrefixList",
                    "ecs:DescribePrefixLists",
                    "ecs:DescribePrefixListAssociations",
                    "ecs:DescribePrefixListAttributes",
                    "ecs:DeletePrefixList"
                ],
                "Resource": "*",
                "Effect": "Allow"
            }
        ],
        "Version": "1"
    }
    Note

    The preceding code shows only authentication rules for prefix lists. For more information about ECS related authentication rules, see Authorization rules.

  3. Attach the PrefixListPolicy policy that you created in the preceding step to grant your RAM user permissions on prefix lists. For more information, see Grant permissions to RAM users.

    11.png

    After the permissions are granted, you can use the RAM user to manage prefix lists.