Resource Access Management (RAM) is a service provided by Alibaba Cloud for managing user identities and resource access permissions. You can use RAM to create and manage RAM users and grant resource permissions to the RAM users. RAM is applicable to scenarios where multiple users in an enterprise need to collaboratively manage cloud resources. RAM allows you to grant users the minimal required permissions and keep your Alibaba Cloud account and password confidential, which helps you minimize security risks.
Prerequisites
An Alibaba Cloud account is created. To create an Alibaba Cloud account, go to the Alibaba Cloud official website.
Background information
You can use RAM to manage the operations that RAM users can perform on ROS or on resources within specified stacks.
- In scenarios where Security Token Service (STS) is used, ROS provisions resources by using its own IP address instead of the IP address of the originating request. For example, when you create a stack, ROS makes requests from its IP address to start an ECS instance, not from the IP address obtained from the CreateStack call.
- In other scenarios, ROS passes through SourceIp and SSL informatioin. Supported services include Elastic Compute Service (ECS), Virtual Private Cloud (VPC), Server Load Balancer (SLB), ApsaraDB for RDS, ApsaraDB for Redis, Alibaba Cloud DNS PrivateZone (pvtz), Container Service, Function Compute, Object Storage Service (OSS), Log Service, API Gateway, and ActionTrail.