RAM helps you with user identity management and resource access management. RAM provides the following features:
Manage RAM users and their access keys
Under your Alibaba Cloud account, you can create and manage RAM users and their access keys, and enable or disable MFA devices for RAM users.
Grant access permissions to RAM users
You can attach one or more authorization policies to a user, a user group or a role, to grant necessary operation permissions on specified resources.
Restrict user access to cloud resources
You can specify that users use security channels (such as SSL) to request access to specific cloud resources at a designated time or from a specified source IP address.
Authorize roles for external account identities
You can associate RAM roles with external identity systems (such as your local enterprise domain accounts, or your app accounts). In this way, you can directly use an external identity to log on to a RAM role to access the Alibaba Cloud console or an API.
Centrally control cloud resources
You can control the instances and data created by RAM users in a centralized manner. Therefore, when a user leaves your organization, these instances and data are still under your full control.
Your account receives a single bill for all expenses incurred from resource operations performed by all RAM users.