This topic lists the Alibaba Cloud services that work with Alibaba Cloud Resource Access Management (RAM) and Alibaba Cloud Security Token Service (STS), the authorization granularity and policies supported by each service, and links to these services.

When a product is integrated with RAM, relevant permissions are granted to RAM users according to the following authorization granularities:

  • Service: RAM users are authorized at the cloud service level. A RAM user either has all permissions or has no permissions to perform operations with a cloud service.
  • Operation: RAM users are authorized at the API level. A RAM user can perform specified operations on specified resources of a specified cloud service.
  • Resource: RAM users are authorized at the resource operation level. For example, you can grant a RAM user the permission to restart a cloud server. Resource is the finest granularity of authorization in Alibaba Cloud RAM.

Supported services

The following tables detail the cloud services that support RAM and STS, and relevant content for your reference.

Note Note that a tick (√) indicates the corresponding function is supported by the corresponding service, a cross (×) indicates the corresponding function is not supported by the corresponding service, and a circle (○) indicates the corresponding function is not applicable to the corresponding service.

Elastic Computing

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
Elastic Compute Service Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
  • AliyunECSNetworkInterfaceManagementAccess
Authentication rules
Auto Scaling Service
  • AliyunESSFullAccess
  • AliyunESSReadOnlyAccess
API usage instructions
Container Service × Service
  • AliyunCSFullAccess
  • AliyunCSReadOnlyAccess
Use sub-accounts
Container Registry × × Resource
  • AliyunContainerRegistryFullAccess
  • AliyunContainerRegistryReadOnlyAccess
Repository access control
Resource Orchestration Service Service
  • AliyunROSFullAccess
  • AliyunROSReadOnlyAccess
Use RAM to control resource access
Batch Compute Service N/A N/A
Function Compute Resource
  • AliyunFCFullAccess
  • AliyunFCInvocationAccess
  • AliyunFCReadOnlyAccess
Sub-account user guide
E-HPC Service
  • AliyunEHPCFullAccess
  • AliyunEHPCReadOnlyAccess
N/A
Simple Application Server × Service AliyunSWASFullAccess N/A
Elastic Container Instance Resource
  • AliyunECIFullAccess
  • AliyunECIReadOnlyAccess
N/A

Databases

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
ApsaraDB for RDS Resource
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
RAM authorization
ApsaraDB for MongoDB Resource
  • AliyunMongoDBFullAccess
  • AliyunMongoDBReadOnlyAccess
N/A
ApsaraDB for Redis Resource
  • AliyunKvstoreFullAccess
  • AliyunKvstoreReadOnlyAccess
RAM authorization
ApsaraDB for Memcache Service
  • AliyunOCSFullAccess
  • AliyunOCSReadOnlyAccess
N/A
Time Series & Spatial Temporal Database Operation N/A N/A
HybridDB for PostgreSQL Resource
  • AliyunGPDBFullAccess
  • AliyunGPDBReadOnlyAccess
Authentication rules for APIs
Data Transmission Service × × Service
  • AliyunDTSFullAccess
  • AliyunDTSReadOnlyAccess
Access DTS with a sub-account
Database Backup Service
  • AliyunDBSFullAccess
  • AliyunDBSReadOnlyAccess
N/A
Distributed Relational Database Service Resource
  • AliyunDRDSReadOnlyAccessyAccess
  • AliyunDRDSFullAccess
N/A

Storage and CDN

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
Object Storage Service Resource
  • AliyunOSSFullAccess
  • AliyunOSSReadOnlyAccess

RAM policy

Network Attached Storage × Operation
  • AliyunNASFullAccess
  • AliyunNASReadOnlyAccess
Manage permission groups
Table Store Resource
  • AliyunOTSFullAccess
  • AliyunOTSReadOnlyAccess
  • AliyunOTSWriteOnlyAccess
Customize permissions
Alibaba Cloud CDN Resource
  • AliyunCDNFullAccess
  • AliyunCDNReadOnlyAccess
API authentication rules
Dynamic Route for CDN Resource
  • AliyunDCDNFullAccess
  • AliyunDCDNReadOnlyAccess
N/A
Cloud Storage Gateway × Service AliyunHCSSGWFullAccess N/A
Hybrid Backup Recovery × Resource
  • AliyunHBRFullAccess
  • AliyunHBRReadOnlyAccess
N/A
Lightning Cube × Service AliyunMGWFullAccess N/A

Networking

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
Virtual Private Cloud Resource
  • AliyunVPCFullAccess
  • AliyunVPCReadOnlyAccess
RAM authentication
Server Load Balancer Resource
  • AliyunSLBReadOnlyAccess
  • AliyunSLBFullAccess
RAM authentication
Elastic IP Address Resource
  • AliyunEIPFullAccess
  • AliyunEIPReadOnlyAccess
RAM authentication
Express Connect Resource
  • AliyunExpressConnectFullAccess
  • AliyunExpressConnectReadOnlyAccess
RAM authentication
NAT Gateway Resource
  • AliyunNATGatewayReadOnlyAccess
  • AliyunNATGatewayFullAccess
RAM authentication
VPN Gateway Resource
  • AliyunVPNGatewayFullAccess
  • AliyunVPNGatewayReadOnlyAccess
RAM authentication
Global Acceleration Resource
  • AliyunGlobalAccelerationReadOnlyAccess
  • AliyunGlobalAccelerationFullAccess
RAM authentication
Smart Access Gateway × × Resource N/A RAM authentication
Cloud Enterprise Network × × Resource
  • AliyunCENReadOnlyAccess
  • AliyunCENFullAccess
RAM authentication

Analysis

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
E-MapReduce × × Service
  • AliyunEMRFullAccess
  • AliyunEMRDevelopAccess
  • AliyunEMRFlowAdmin
N/A
Data Lake Analytics × × Operation
  • AliyunDLAFullAccess
  • AliyunDLAReadOnlyAccess
N/A

Cloud Communications

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
Message Service Resource
  • AliyunMNSFullAccess
  • AliyunMNSReadOnlyAccess
N/A
Short Message Service Service N/A N/A

Management and Monitoring

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
CloudMonitor Service
  • AliyunCloudMonitorFullAccess
  • AliyunCloudMonitorReadOnlyAccess
RAM for CloudMonitor
ActionTrail Resource N/A RAM account authentication
Resource Access Management Resource
  • AliyunRAMFullAccess
  • AliyunRAMReadOnlyAccess
RAM authentication
Key Management Service Resource
  • AliyunKMSFullAccess
  • AliyunKMSReadOnlyAccess
  • AliyunKMSCryptoAccess
Use RAM to authorize KMS resources
Intelligent Advisor N/A N/A N/A N/A Operation N/A N/A

Application Service

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
Log Service Resource
  • AliyunLogFullAccess
  • AliyunLogReadOnlyAccess
Authentication rules
DirectMail Service
  • AliyunDirectMailFullAccess
  • AliyunDirectMailReadOnlyAccess
N/A
API Gateway Service
  • AliyunApiGatewayFullAccess
  • AliyunApiGatewayReadOnlyAccess
ApiGateway_RAM
IoT Platform Resource
  • AliyunIOTFullAccess
  • AliyunIOTReadOnlyAccess
Use RAM users
Blockchain as a Service Resource N/A N/A

Middleware

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
Enterprise Distributed Application Service × × Service AliyunEDASFullAccess Sub-accounts
Distributed Relational Database Service × Resource
  • AliyunDRDSFullAccess
  • AliyunDRDSReadOnlyAccess
N/A
Application Real-Time Monitoring Service × × Service AliyunARMSFullAccess N/A
Application Configuration Management Resource AliyunACMFullAccess Access control

Message Queue

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
AliwareMQ for RocketMQ × Resource
  • AliyunMQFullAccess
  • AliyunMQPubOnlyAccess
  • AliyunMQSubOnlyAccess
RAM sub-account authorizationGrant permissions to sub-accounts
Message Service Resource
  • AliyunMNSFullAccess
  • AliyunMNSReadOnlyAccess
N/A

Media Services

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
ApsaraVideo for Media Processing × Service
  • AliyunMTSFullAccess
  • AliyunMTSPlayerAuth
Sub-account console operating instructions
ApsaraVideo for VOD Service AliyunVODFullAccess N/A
ApsaraVideo for Live × Resource AliyunLiveFullAccess API authentication rules
Real-Time Communication × × Resource N/A N/A

Big Data (DTplus)

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
DataWorks × × Service AliyunDataWorksFullAccess RAM user operations
Quick BI × × Service N/A N/A
Machine Learning × × Service N/A N/A
Public Recognition × × Service N/A N/A
DataV × × Service N/A N/A
MaxCompute × × Service N/A N/A
Elasticsearch Resource
  • AliyunElasticsearchReadOnlyAccess
  • AliyunElasticsearchFullAccess
Authorized resources
Machine Translation N/A N/A N/A N/A Service N/A N/A
Image Search Resource
  • AliyunImagesearchReadOnlyAccess
  • AliyunImagesearchFullAccess
Authorization policies

Security

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
Threat Detection Service Service
  • AliyunYundunSASFullAccess
  • AliyunYundunSASReadOnlyAccess
N/A
Server Guard Service
  • AliyunYundunAegisFullAccess
  • AliyunYundunAegisReadOnlyAccess
N/A
Anti-DDoS Basic Service
  • AliyunYundunDDosFullAccess
  • AliyunYundunDDosReadOnlyAccess
N/A
Anti-DDoS Pro Service
  • AliyunYundunDDosFullAccess
  • AliyunYundunDDosReadOnlyAccess
N/A
Anti-DDoS Premium Service
  • AliyunYundunAntiDDoSPremiumFullAccess
  • AliyunYundunAntiDDoSPremiumReadOnlyAccess
N/A
GameShield Service AliyunYundunGameShieldReadOnlyAccess N/A
Web Application Firewall Service
  • AliyunYundunWAFFullAccess
  • AliyunYundunWAFReadOnlyAccess
N/A
Alibaba Cloud SSL Certificates Service Service
  • AliyunYundunCertFullAccess
  • AliyunYundunCertReadOnlyAccess
N/A
Cloud Firewall N/A N/A N/A N/A Service N/A N/A
Website Threat Inspector Service N/A N/A
Content Moderation Service AliyunYundunGreenWebFullAccess N/A
Anti-Bot Service Service
  • AliyunYundunAntibotFullAccess
  • AliyunYundunAntibotReadOnlyAccess
N/A

Marketplace

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
Marketplace Service AliyunMarketplaceFullAccess N/A

Domains and Websites

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
Alibaba Cloud DNS Resource
  • AliyunDNSFullAccess
  • AliyunDNSReadOnlyAccess
N/A
Domain Resource AliyunDomainFullAccess Domain API Authentication Rules
Web Hosting × × × × N/A N/A N/A
Alibaba Mail × × × × N/A N/A N/A

Billing Management

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
Billing Management × × × Service
  • AliyunBSSFullAccess
  • liyunBSSReadOnlyAccess
  • AliyunBSSOrderAccess
N/A

Support

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
Support × Service AliyunSupportFullAccess N/A

Message

Service Supports RAM console access? Supports RAM API access? Supports STS console access? Supports STS API access? Authorization granularity (minimum) System policy Reference
Message Center × Service AliyunNotificationsFullAccess N/A