A large number of Alibaba Cloud services have been integrated with RAM. This document lists these services and provides relevant links for your quick reference.

When each product is being integrated with RAM functions, different levels of authorization granularity have been defined for RAM users:

  • Service level: Authorization is performed at the cloud product level. A RAM user either has all permissions or has no permission for the product.
  • Operation level: Authorization is performed at the API level. A RAM user can perform specified operations on a certain type of resource for a specified product.
  • Resource level: Authorization is performed at the operation level, which is the finest authorization granularity level. For example, authorizing a RAM user to restart only a specified cloud server.

List of cloud services supporting RAM

The following tables list the cloud services that support RAM in the following categories: Elastic Computing, Database Services, Storage & CDN, Networking, Analytics, Cloud Communication, Monitoring and Management, Application Service, Middleware, Mobile Service, Media Services, Big Data (data plus), Security (Alibaba Cloud Security), Cloud Marketplace, and Domain and Hosting.

Each table contains the following information:

  • Service: name of the cloud service that supports RAM
  • Console: whether the current service supports RAM through the console; “∨” indicates "supported", “×” indicates "not supported", and “○” indicates "not available".
  • API: whether the current service supports RAM through the API; “∨” indicates "supported", “×” indicates "not supported", and “○” indicates "not available".
  • Authorization granularity: minimum authorization granularity provided by the current service
  • System policy: system policy supported by the current service
  • Reference: document link

Elastic Computing

Service Console API Authorization granularity System policy Reference
Elastic Compute Service Resource level
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
ECS authorization rules
Server Load Balancer Resource level
  • AliyunSLBFullAccess
  • AliyunSLBReadOnlyAccess
SLB authorization rules
Auto Scaling Service level
  • AliyunESSFullAccess
  • AliyunESSReadOnlyAccess
Auto Scaling API usage instructions
Container Service Service level AliyunCSFullAccess Use sub-accounts
Container Registry Resource level
  • AliyunContainerRegistryFullAccess
  • AliyunContainerRegistryReadOnlyAccess
Repository access control
Resource Orchestration Service Service level
  • AliyunROSFullAccess
  • AliyunROSReadOnlyAccess
Use RAM to control resource access
BatchCompute Service level - -
Function Compute Resource level
  • AliyunFCFullAccess
  • AliyunFCInvocationAccess
  • AliyunFCReadOnlyAccess
-
Elastic HPC Operation level
  • AliyunEHPCFullAccess
  • AliyunEHPCReadOnlyAccess
-
Simple Application Server Operation level AliyunSWASFullAccess -

Database Services

Service Console API Authorization granularity System policy Reference
ApsaraDB for RDS Resource level
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
RDS authorization rules
ApsaraDB for MongoDB Resource level
  • AliyunMongoDBFullAccess
  • AliyunMongoDBReadOnlyAccess
MongoDB authorization rules
ApsaraDB for Redis Resource level
  • AliyunKvstoreFullAccess
  • AliyunKvstoreReadOnlyAccess
Redis authorization rules
ApsaraDB for Memcache Service level
  • AliyunOCSFullAccess
  • AliyunOCSReadOnlyAccess
-
HiTSDB Operation level - -
HybridDB for PostgreSQL Resource level
  • AliyunGPDBFullAccess
  • AliyunGPDBReadOnlyAccess
-
Data Transmission Service Service level
  • AliyunDTSFullAccess
  • AliyunDTSReadOnlyAccess
-
Distributed Relational Database Service Resource level
  • AliyunDRDSFullAccess
  • AliyunDRDSReadOnlyAccess
-

Storage & CDN

Service Console API Authorization granularity System policy Reference
Object Storage Service Resource level
  • AliyunOSSFullAccess
  • AliyunOSSReadOnlyAccess
Network Attached Storage Service level
  • AliyunNASFullAccess
  • AliyunNASReadOnlyAccess
Use permission groups
Table Store Resource level
  • AliyunOTSFullAccess
  • AliyunOTSReadOnlyAccess
  • AliyunOTSWriteOnlyAccess
Customize permissions
CDN Resource level
  • AliyunCDNFullAccess
  • AliyunCDNReadOnlyAccess
CDN authorization rules
Cloud Storage Gateway Service level AliyunHCSSGWFullAccess -
Hybrid Backup Resource level
  • AliyunHBRFullAccess
  • AliyunHBRReadOnlyAccess
-

Networking

Service Console API Authorization granularity System policy Reference
Virtual Private Cloud Resource level
  • AliyunVPCFullAccess
  • AliyunVPCReadOnlyAccess
VPC authorization rules
Elastic IP Address Resource level
  • AliyunEIPFullAccess
  • AliyunEIPReadOnlyAccess
EIP authorization rules
Express Connect Resource level
  • AliyunExpressConnectFullAccess
  • AliyunExpressConnectReadOnlyAccess
Express Connect authorization rules
NAT Gateway Resource level
  • AliyunNATGatewayReadOnlyAccess
  • AliyunNATGatewayFullAccess
-

Analytics

Service Console API Authorization granularity System policy Reference
E-MapReduce Service level AliyunEMRFullAccess E-MapReduce role authorization
HybridDB for PostgreSQL Resource level
  • AliyunGPDBFullAccess
  • AliyunGPDBReadOnlyAccess
-

Cloud Communication

Service Console API Authorization granularity System policy Reference
Message Service Resource level
  • AliyunMNSFullAccess
  • AliyunMNSReadOnlyAccess
Message Service authorization rules
DirectMail Service level
  • AliyunDirectMailFullAccess
  • AliyunDirectMailReadOnlyAccess
-
Short Message Service Service level - -

Monitoring and Management

Service Console API Authorization granularity System policy Reference
CloudMonitor Service level
  • AliyunCloudMonitorFullAccess
  • AliyunCloudMonitorReadOnlyAccess
RAM for CloudMonitor
Resource Access Management Resource level
  • AliyunRAMFullAccess
  • AliyunRAMReadOnlyAccess
RAM API reference
ActionTrail Resource level - -
Key Management Service Resource level
  • AliyunKMSFullAccess
  • AliyunKMSReadOnlyAccess
  • AliyunKMSCryptoAccess
KMS authorization rules

Application Service

Service Console API Authorization granularity System policy Reference
Log Service Resource level
  • AliyunLogFullAccess
  • AliyunLogReadOnlyAccess
API Gateway Service level
  • Aliyunapigatewayfullaccess
  • AliyunApiGatewayReadOnlyAccess
-
DirectMail Operation level
  • AliyunDirectMailFullAccess
  • AliyunDirectMailReadOnlyAccess
-
Message Service Resource level
  • AliyunMNSFullAccess
  • AliyunMNSReadOnlyAccess
-

Middleware

Service Console API Authorization granularity System policy Reference
Enterprise Distributed Application Service × Service level AliyunEDASFullAccess Sub-accounts
Message Queue Resource level
  • AliyunMQFullAccess
  • AliyunMQPubOnlyAccess
  • AliyunMQSubOnlyAccess
-
Application Real-Time Monitoring Service × Service level - -
Application configuration management Resource level - -

Mobile Service

Service Console API Authorization granularity System policy Reference
Mobile Security (Application Security) Service level AliyunYundunJaqFullAccess -

Media Services

Service Console API Authorization granularity System policy Reference
Media Processing Service level
  • AliyunMTSFullAccess
  • AliyunMTSPlayerAuth
Sub-account console operating instructions
ApsaraVideo for Live Service level AliyunLiveFullAccess -

Big Data (data plus)

Service Console API Authorization granularity System policy Reference
Quick BI Service level - -
Machine Learning Service level - -
DataV Service level - -
Elasticsearch Resource level - -

Security (Alibaba Cloud Security)

Service Console API Authorization granularity System policy Reference
Server Guard (Server Security) Service level AliyunYundunAegisFullAccess -
Anti-DDoS Basic Service level
  • AliyunYundunDDosFullAccess
  • AliyunYundunDDosReadOnlyAccess
-
Anti-DDoS Pro Service level
  • AliyunYundunHighFullAccess
  • AliyunYundunHighReadOnlyAccess
-
Web Application Firewall (Network Security) Service level
  • AliyunYundunWAFFullAccess
  • AliyunYundunWAFReadOnlyAccess
-
Alibaba Content Security Service (Business Security) Service level - -
Certificate Service Service level AliyunYundunCertFullAccess -
Mobile Security Service level AliyunYundunJaqFullAccess -
SSL Certificate (Application Security) Service level
  • AliyunYundunCertFullAccess
  • AliyunYundunCertReadOnlyAccess
-

Cloud Marketplace

Service Console API Authorization granularity System policy Reference
Cloud Marketplace Service level AliyunMarketplaceFullAccess -

Domain and Hosting

Service Console API Authorization granularity System policy Reference
Alibaba Cloud DNS Service level
  • AliyunDNSFullAccess
  • AliyunDNSReadOnlyAccess
-

List of cloud services supporting STS

The following table lists the cloud services that support STS.

The table conventions in this table are the same as those in List of cloud services supporting RAM.

Service Console API
Elastic Compute Service
ApsaraDB for RDS
Server Load Balancer
Object Storage Service
Virtual Private Cloud