A large number of Alibaba Cloud services have been integrated with RAM. This topic lists these services and provides relevant links for your quick reference.

When each product is integrated with RAM, different authorization granularities are defined for RAM users:

  • Service: Users are authorized by cloud product. A RAM user either has all permissions or has no permission on resource of a cloud product.
  • Operation: Users are authorized by API. A RAM user can perform specified operations on a certain type of resource of a specified cloud product.
  • Resource: This is the finest authorization granularity. Users are authorized by resource operations. For example, you can grant the permission of restarting a cloud server to a RAM user.

Lists of cloud services supporting RAM/STS

The following tables list the cloud services that support RAM/STS in the following categories: Elastic Computing, Database Services, Storage & CDN, Networking, Analytics, Cloud Communication, Monitoring and Management, Application Service, Middleware, Mobile Service, Media Services, Big Data (data plus), Security (Alibaba Cloud Security), Cloud Marketplace, and Domain and Hosting.

Each table contains the following information:

  • Service: name of the cloud service that supports RAM/STS
  • Console: whether the current service supports RAM in the RAM/STS console. “∨” indicates "supported", “×” indicates "not supported", and “○” indicates "not available".
  • API (RAM/STS): whether the current service supports RAM through APIs. “∨” indicates "supported", “×” indicates "not supported", and “○” indicates "not available".
  • Authorization granularity: minimum authorization granularity provided by the current service
  • System policy: system policies supported by the current service
  • Reference: links of related documents

Elastic Computing

Service RAM console RAM API STS console STS API Authorization granularity System policy Reference
Elastic Compute Service Resource
  • AliyunECSFullAccess
  • AliyunECSReadOnlyAccess
ECS authorization rules
Server Load Balancer Resource
  • AliyunSLBFullAccess
  • AliyunSLBReadOnlyAccess
SLB authorization rules
Auto Scaling Service level
  • AliyunESSFullAccess
  • AliyunESSReadOnlyAccess
API usage instructions
Container Service Service level AliyunCSFullAccess Use sub-accounts
Container Registry Resource level
  • AliyunContainerRegistryFullAccess
  • AliyunContainerRegistryReadOnlyAccess
Repository access control
Resource Orchestration Service Service level
  • AliyunROSFullAccess
  • AliyunROSReadOnlyAccess
Use RAM to control resource access
BatchCompute Service level - -
Function Compute Resource level
  • AliyunFCFullAccess
  • AliyunFCInvocationAccess
  • AliyunFCReadOnlyAccess
-
Elastic HPC Operation level
  • AliyunEHPCFullAccess
  • AliyunEHPCReadOnlyAccess
-
Simple Application Server Operation level AliyunSWASFullAccess -

Database Services

Service Console API Authorization granularity System policy Reference
ApsaraDB for RDS Resource level
  • AliyunRDSFullAccess
  • AliyunRDSReadOnlyAccess
-
ApsaraDB for MongoDB Resource level
  • AliyunMongoDBFullAccess
  • AliyunMongoDBReadOnlyAccess

-

ApsaraDB for Redis Resource level
  • AliyunKvstoreFullAccess
  • AliyunKvstoreReadOnlyAccess
-
ApsaraDB for Memcache Service level
  • AliyunOCSFullAccess
  • AliyunOCSReadOnlyAccess
-
HiTSDB Operation level - -
HybridDB for PostgreSQL Resource level
  • AliyunGPDBFullAccess
  • AliyunGPDBReadOnlyAccess
-
Data Transmission Service Service level
  • AliyunDTSFullAccess
  • AliyunDTSReadOnlyAccess
-
Distributed Relational Database Service Resource level
  • AliyunDRDSFullAccess
  • AliyunDRDSReadOnlyAccess
-

Storage & CDN

Service Console API Authorization granularity System policy Reference
Object Storage Service Resource level
  • AliyunOSSFullAccess
  • AliyunOSSReadOnlyAccess

-

Network Attached Storage Service level
  • AliyunNASFullAccess
  • AliyunNASReadOnlyAccess
Use permission groups
Table Store Resource level
  • AliyunOTSFullAccess
  • AliyunOTSReadOnlyAccess
  • AliyunOTSWriteOnlyAccess
Customize permissions
CDN Resource level
  • AliyunCDNFullAccess
  • AliyunCDNReadOnlyAccess
API authentication rules
Cloud Storage Gateway Service level AliyunHCSSGWFullAccess -
Hybrid Backup Resource level
  • AliyunHBRFullAccess
  • AliyunHBRReadOnlyAccess
-

Networking

Service Console API Authorization granularity System policy Reference
Virtual Private Cloud Resource level
  • AliyunVPCFullAccess
  • AliyunVPCReadOnlyAccess

-

Elastic IP Address Resource level
  • AliyunEIPFullAccess
  • AliyunEIPReadOnlyAccess

-

Express Connect Resource level
  • AliyunExpressConnectFullAccess
  • AliyunExpressConnectReadOnlyAccess
Express Connect authorization rules
NAT Gateway Resource level
  • AliyunNATGatewayReadOnlyAccess
  • AliyunNATGatewayFullAccess
-

Analytics

Service Console API Authorization granularity System policy Reference
E-MapReduce Service level AliyunEMRFullAccess E-MapReduce role authorization
HybridDB for PostgreSQL Resource level
  • AliyunGPDBFullAccess
  • AliyunGPDBReadOnlyAccess
-

Cloud Communication

Service Console API Authorization granularity System policy Reference
Message Service Resource level
  • AliyunMNSFullAccess
  • AliyunMNSReadOnlyAccess
-
DirectMail Service level
  • AliyunDirectMailFullAccess
  • AliyunDirectMailReadOnlyAccess
-
Short Message Service Service level - -

Monitoring and Management

Service Console API Authorization granularity System policy Reference
CloudMonitor Service level
  • AliyunCloudMonitorFullAccess
  • AliyunCloudMonitorReadOnlyAccess
RAM for CloudMonitor
Resource Access Management Resource level
  • AliyunRAMFullAccess
  • AliyunRAMReadOnlyAccess
RAM API reference
ActionTrail Resource level - -
Key Management Service Resource level
  • AliyunKMSFullAccess
  • AliyunKMSReadOnlyAccess
  • AliyunKMSCryptoAccess
KMS authorization rules

Application Service

Service Console API Authorization granularity System policy Reference
Log Service Resource level
  • AliyunLogFullAccess
  • AliyunLogReadOnlyAccess
API Gateway Service level
  • Aliyunapigatewayfullaccess
  • AliyunApiGatewayReadOnlyAccess
-
DirectMail Operation level
  • AliyunDirectMailFullAccess
  • AliyunDirectMailReadOnlyAccess
-
Message Service Resource level
  • AliyunMNSFullAccess
  • AliyunMNSReadOnlyAccess
-

Middleware

Service Console API Authorization granularity System policy Reference
Enterprise Distributed Application Service × Service level AliyunEDASFullAccess Sub-accounts
Message Queue Resource level
  • AliyunMQFullAccess
  • AliyunMQPubOnlyAccess
  • AliyunMQSubOnlyAccess
-
Application Real-Time Monitoring Service × Service level - -
Application configuration management Resource level - -

Mobile Service

Service Console API Authorization granularity System policy Reference
Mobile Security (Application Security) Service level AliyunYundunJaqFullAccess -

Media Services

Service Console API Authorization granularity System policy Reference
Media Processing Service level
  • AliyunMTSFullAccess
  • AliyunMTSPlayerAuth
Sub-account console operating instructions
ApsaraVideo for Live Service level AliyunLiveFullAccess -

Big Data (data plus)

Service Console API Authorization granularity System policy Reference
Quick BI Service level - -
Machine Learning Service level - -
DataV Service level - -
Elasticsearch Resource level - -

Security (Alibaba Cloud Security)

Service Console API Authorization granularity System policy Reference
Server Guard (Server Security) Service level AliyunYundunAegisFullAccess -
Anti-DDoS Basic Service level
  • AliyunYundunDDosFullAccess
  • AliyunYundunDDosReadOnlyAccess
-
Anti-DDoS Pro Service level
  • AliyunYundunHighFullAccess
  • AliyunYundunHighReadOnlyAccess
-
Web Application Firewall (Network Security) Service level
  • AliyunYundunWAFFullAccess
  • AliyunYundunWAFReadOnlyAccess
-
Alibaba Content Security Service (Business Security) Service level - -
Certificate Service Service level AliyunYundunCertFullAccess -
Mobile Security Service level AliyunYundunJaqFullAccess -
SSL Certificate (Application Security) Service level
  • AliyunYundunCertFullAccess
  • AliyunYundunCertReadOnlyAccess
-

Cloud Marketplace

Service Console API Authorization granularity System policy Reference
Cloud Marketplace Service level AliyunMarketplaceFullAccess -

Domain and Hosting

Service Console API Authorization granularity System policy Reference
Alibaba Cloud DNS Service level
  • AliyunDNSFullAccess
  • AliyunDNSReadOnlyAccess
-