This topic describes the Alibaba Cloud services that integrate with Alibaba Cloud RAM and Alibaba Cloud STS, the authorization granularity and policies supported by each service, and links to these services.

When a product is integrated with RAM, relevant permissions are granted to RAM users according to the following authorization granularities:

  • Service: RAM users are authorized by cloud product. A RAM user either has all permissions or has no permission on a cloud product.
  • Operation: RAM users are authorized by API. A RAM user can perform specified operations on specified resources of a specified cloud product.
  • Resource: RAM users are authorized by resource operation. For example, you can grant the permission of restarting a cloud server to a RAM user. Resource is the finest granularity of authorization in Alibaba Cloud RAM.

Supported services

The following tables detail the cloud services that support RAM and STS, and relevant content for your reference. Note that a circle (○) indicates the corresponding function is not applicable to the corresponding service.

Elastic Computing

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
Elastic Compute Service Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
ECS authorization rules
Server Load Balancer Resource
  • AliyunSLBFullAccess
  • AliyunSLBReadOnlyAccess
SLB authorization rules
Auto Scaling × × Resource
  • AliyunESSFullAccess
  • AliyunESSReadOnlyAccess
API usage instructions
Container Service for Kubernetes × × Resource AliyunCSFullAccess Use sub-accounts
Container Registry × × Resource
  • AliyunContainerRegistryFullAccess
  • AliyunContainerRegistryReadOnlyAccess
Repository access control
Resource Orchestration Service × × Resource
  • AliyunROSFullAccess
  • AliyunROSReadOnlyAccess
Use RAM to control resource access
BatchCompute × × Resource - -
Function Compute × Resource
  • AliyunFCFullAccess
  • AliyunFCInvocationAccess
  • AliyunFCReadOnlyAccess
-
E-HPC × × Operation
  • AliyunEHPCFullAccess
  • AliyunEHPCReadOnlyAccess
-
Simple Application Server × × Operation AliyunSWASFullAccess -

ApsaraDB

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
ApsaraDB for RDS Resource
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
ApsaraDB for MongoDB × × Resource
  • AliyunMongoDBFullAccess
  • AliyunMongoDBReadOnlyAccess
-
ApsaraDB for Redis × × Resource
  • AliyunKvstoreFullAccess
  • AliyunKvstoreReadOnlyAccess
-
ApsaraDB for Memcache × × Service
  • AliyunOCSFullAccess
  • AliyunOCSReadOnlyAccess
-
(High-Performance Time Series Database) HiTSDB × × Operation - -
HybridDB for PostgreSQL × × Resource
  • AliyunGPDBFullAccess
  • AliyunGPDBReadOnlyAccess
Authentication rules for APIs
Data Transmission Service × × Service
  • AliyunDTSFullAccess
  • AliyunDTSReadOnlyAccess
-
Distributed Relational Database Service × × Resource
  • AliyunDRDSFullAccess
  • AliyunDRDSReadOnlyAccess
-

Storage & CDN

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
Object Storage Service Resource
  • AliyunOSSFullAccess
  • AliyunOSSReadOnlyAccess
-

-

NAS × × Service
  • AliyunNASFullAccess
  • AliyunNASReadOnlyAccess
Table Store × × Resource
  • AliyunOTSFullAccess
  • AliyunOTSReadOnlyAccess
  • AliyunOTSWriteOnlyAccess
Alibaba Cloud CDN × × Resource
  • AliyunCDNFullAccess
  • AliyunCDNReadOnlyAccess
Cloud Storage Gateway × × Service AliyunHCSSGWFullAccess -
Hybrid Backup Recovery × × Resource
  • AliyunHBRFullAccess
  • AliyunHBRReadOnlyAccess
-

Networking

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
Virtual Private Cloud Resource
  • AliyunVPCFullAccess
  • AliyunVPCReadOnlyAccess
RAM authentication
Elastic IP Address × × Resource
  • AliyunEIPFullAccess
  • AliyunEIPReadOnlyAccess
-
Express Connect × × Resource
  • AliyunExpressConnectFullAccess
  • AliyunExpressConnectReadOnlyAccess
-
NAT Gateway × × Resource
  • AliyunNATGatewayReadOnlyAccess
  • AliyunNATGatewayFullAccess
-

Analysis

Service Supports console access? Supports API access? Authorization granularity (minimum) System policy Reference
E-MapReduce Service AliyunEMRFullAccess -
HybridDB for PostgreSQL Resource
  • AliyunGPDBFullAccess
  • AliyunGPDBReadOnlyAccess
Authentication rules for APIs

Cloud Communication

Service Supports console access? Supports API access? Authorization granularity (minimum) System policy Reference
Message Service Resource
  • AliyunMNSFullAccess
  • AliyunMNSReadOnlyAccess
-
Direct Mail Service
  • AliyunDirectMailFullAccess
  • AliyunDirectMailReadOnlyAccess
-
Short Message Service Service - -

Monitoring and Management

Service Supports console access? Supports API access? Authorization granularity (minimum) System policy Reference
CloudMonitor Service
  • AliyunCloudMonitorFullAccess
  • AliyunCloudMonitorReadOnlyAccess
ActionTrail Resource - RAM account authentication
Key Management Service Resource
  • AliyunKMSFullAccess
  • AliyunKMSReadOnlyAccess
  • AliyunKMSCryptoAccess
Use RAM for KMS resource authorization

Application Services

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
Log Service × × Resource
  • AliyunLogFullAccess
  • AliyunLogReadOnlyAccess
Authentication rules
API Gateway × × Service
  • AliyunApiGatewayFullAccess
  • AliyunApiGatewayReadOnlyAccess
-
Direct Mail × × Operation
  • AliyunDirectMailFullAccess
  • AliyunDirectMailReadOnlyAccess
-
Message Service × × Resource
  • AliyunMNSFullAccess
  • AliyunMNSReadOnlyAccess
-

Middleware

Service Supports console access? Supports API access? Authorization granularity (minimum) System policy Reference
Enterprise Distributed Application Service × Service AliyunEDASFullAccess Sub-accounts
Message Queue Resource
  • AliyunMQFullAccess
  • AliyunMQPubOnlyAccess
  • AliyunMQSubOnlyAccess
-
Application Real Time Monitoring Service × Service - -
Application Configuration Management Resource - -

Alibaba Cloud Mobile Services

Media Services

Service Supports console access? Supports API access? Authorization granularity (minimum) System policy Reference
Media Processing Service Service
  • AliyunMTSFullAccess
  • AliyunMTSPlayerAuth
Sub-account console operating instructions
ApsaraVideo VoD Service AliyunVODFullAccess -
ApsaraVideo Live Service AliyunLiveFullAccess API authentication rules

DTplus

Service Supports console access? Supports API access? Authorization granularity (minimum) System policy Reference
Quick BI Service - -
Machine Learning Service - -
DataV Service - -
Alibaba Cloud Elasticsearch Resource - -

Security

Service Supports console access? Supports API access? Authorization granularity (minimum) System policy Reference
Server Guard Service AliyunYundunAegisFullAccess -
Anti-DDoS Basic Service
  • AliyunYundunDDosFullAccess
  • AliyunYundunDDosReadOnlyAccess
-
Anti-DDoS Pro Service
  • AliyunYundunHighFullAccess
  • AliyunYundunHighReadOnlyAccess
-
Web Application Firewall Service
  • AliyunYundunWAFFullAccess
  • AliyunYundunWAFReadOnlyAccess
-
Content Moderation Service - -
Mobile Security Service AliyunYundunJaqFullAccess -
SSL Certificates Service
  • AliyunYundunCertFullAccess
  • AliyunYundunCertReadOnlyAccess
-

Marketplace

Service Supports console access? Supports API access? Authorization granularity (minimum) System policy Reference
Marketplace Service AliyunMarketplaceFullAccess -

Domains & Websites

Service Supports console access? Supports API access? Authorization granularity (minimum) System policy Reference
Alibaba Cloud DNS Service
  • AliyunDNSFullAccess
  • AliyunDNSReadOnlyAccess
-
Domains Resource AliyunDomainFullAccess Domain API Authentication Rules