edit-icon download-icon

Cloud services supporting RAM

Last Updated: May 21, 2018

A large number of Alibaba Cloud services have been integrated with RAM. This document lists these services and provides relevant links for your quick reference.

When each product is being integrated with RAM functions, different levels of authorization granularity have been defined for RAM users:

  • Service level: Authorization is performed at the cloud product level. A RAM user either has all permissions or has no permission for the product.
  • Operation level: Authorization is performed at the API level. A RAM user can perform specified operations on a certain type of resource for a specified product.
  • Resource level: Authorization is performed at the operation level, which is the finest authorization granularity level. For example, authorizing a RAM user to restart only a specified cloud server.

Cloud services that work with RAM

The following tables list the cloud services that can access RAM either on the management console or from calling an API. In this table,

  • The right mark ( √ ) indicates available.
  • The circular mark ( ○ ) indicates unavailable.
  • The hyphen ( - ) indicates none.

Elastic Computing

Service Console API Authorization granularity System policy Reference
Elastic Compute Service Resource level AliyunECSFullAccess
AliyunECSReadOnlyAccess
Authentication rules
Auto Scaling Service level AliyunESSFullAccess
AliyunESSReadOnlyAccess
API usage instructions
Container Service Service level - -
Resource Orchestration Service level - Use RAM to control resource access

Database Services

Service Console API Authorization granularity System policy Reference
ApsaraDB for RDS Resource level AliyunRDSFullAccess
AliyunRDSReadOnlyAccess
RDS API authentication rules
ApsaraDB for MongoDB Resource level AliyunMongoDBFullAccess
AliyunMongoDBReadOnlyAccess
MongoDB API authentication rules
ApsaraDB for Redis Resource level AliyunKvstoreFullAccess
AliyunKvstoreReadOnlyAccess
Redis API authentication rules
ApsaraDB for Memcache Service level AliyunOCSFullAccess
AliyunOCSReadOnlyAccess
-

Storage & CDN

Service Console API Authorization granularity System policy Reference
Object Storage Service Resource level AliyunOSSFullAccess
AliyunOSSReadOnlyAccess
-
Network Attached Storage Service level AliyunNASFullAccess
AliyunNASReadOnlyAccess
Use permission groups
Table Store Resource level AliyunOTSFullAccess
AliyunOTSReadOnlyAccess
AliyunOTSWriteOnlyAccess
Customize permissions
CDN Resource level AliyunCDNFullAccess
AliyunCDNReadOnlyAccess
CDN API authentication rules

Networking

Service Console API Authorization granularity System policy Reference
Server Load Balancer Resource level AliyunSLBFullAccess
AliyunSLBReadOnlyAccess
SLB authentication rules
Virtual Private Cloud Resource level AliyunVPCFullAccess
AliyunVPCReadOnlyAccess
-
EIP Resource level AliyunEIPFullAccess
AliyunEIPReadOnlyAccess
-
Express Connect Resource level AliyunExpressConnectFullAccess
AliyunExpressConnectReadOnlyAccess
Authentication rules for Express Connect APIs

Analytics

Service Console API Authorization granularity System policy Reference
E-MapReduce Service level AliyunEMRFullAccess E-MapReduce role authorization

Cloud Communication

Service Console API Authorization granularity System policy Reference
Message Service Resource level AliyunMNSFullAccess
AliyunMNSReadOnlyAccess
-
Direct Mail Service level AliyunDirectMailFullAccess
AliyunDirectMailReadOnlyAccess
-

Monitoring & Management

Service Console API Authorization granularity System policy Reference
CloudMonitor Service level AliyunCloudMonitorFullAccess
AliyunCloudMonitorReadOnlyAccess
RAM for CloudMonitor
Resource Access Management Resource level AliyunRAMFullAccess
AliyunRAMReadOnlyAccess
AliyunSTSAssumeRoleAccess
RAM introduction
Key Management Service Resource level - KMS authentication rules

Application Service

Service Console API Authorization granularity System policy Reference
Log Service Resource level AliyunLogFullAccess
AliyunLogReadOnlyAccess
Use Log Service as a RAM sub-user
Authentication rules
API Gateway Service level AliyunApiGatewayFullAccess
AliyunApiGatewayReadOnlyAccess
-

Middleware

Service Console API Authorization granularity System policy Reference
Enterprise Distributed Application Service × Service level AliyunEDASFullAccess EDAS sub-accounts

Media Services

Service Console API Authorization granularity System policy Reference
ApsaraVideo for Media Processing Service level AliyunMTSFullAccess
AliyunMTSPlayerAuth
Sub-account console operating instructions
ApsaraVideo for Live Service level AliyunMTSFullAccess -

Security

Service Console API Authorization granularity System policy Reference
Server Guard Service level AliyunYundunAegisFullAccess
AliyunYundunAegisReadOnlyAccess
-
Anti-DDoS Pro Service level AliyunYundunHighFullAccess
AliyunYundunHighReadOnlyAccess
-
Web Application Firewall Service level AliyunYundunWAFFullAccess
AliyunYundunWAFReadOnlyAccess
-
Mobile Security Service level AliyunYundunJaqFullAccess -
Certificates Service Service level AliyunYundunCertFullAccess
AliyunYundunCertReadOnlyAccess
-

Alibaba Cloud Marketplace

Service Console API Authorization granularity System policy Reference
Alibaba Cloud Marketplace Service level AliyunMarketplaceFullAccess -

Domains & Websites

Service Console API Authorization granularity System policy Reference
Alibaba Cloud DNS Service level AliyunDNSFullAccess
AliyunDNSReadOnlyAccess
-
HTTPDNS Service level AliyunHTTPDNSFullAccess
AliyunHTTPDNSReadOnlyAccess
-

Cloud services that work with STS

The following table lists the cloud services that work with STS.

Service Console API
Elastic Compute Service
ApsaraDB for RDS
Server Load Balancer
Object Storage Service
Virtual Private Cloud
Thank you! We've received your feedback.