You can log on to and perform operations in the Container Service console as a RAM user.

Before you can log on to the Container Service console and perform operations as a RAM user, you must grant related permissions to the RAM user.

Step 1: Create a RAM user and enable console logon

  1. Log on to the RAM console.
  2. In the left-side navigation bar, click Users. Then, click Create User.
  3. Enter a user name for the RAM user and then click OK.
  4. On the Users page, select the created RAM user and click Manage.
  5. In the Web Console Logon Management area, click Enable Console Logon.
  6. Enter a logon password and click OK.

Step 2: Grant the RAM user permissions to access Container Service

  1. On the Users page, select the created RAM user and click Authorize.


  2. Select the required policies to attach them to the RAM user.


    You can use the following system policies:

    • AliyunCSFullAccess: Provides full access to Container Service.
    • AliyunCSReadOnlyAccess: Provides read-only access to Container Service.

    You can also create custom policies as you need and attach them to the RAM user. For more information, see Create custom authorization policies.

Step 3: Log on to the Container Service console as a RAM user

  • If you have granted the AliyunCSDefaultRole and AliyunCSClusterRole roles to the Alibaba Cloud account, you can log on to the Container Service console and perform operations as a RAM role directly.

    Log on to the Container Service console as a RAM user.

  • If you have not granted the AliyunCSDefaultRole and AliyunCSClusterRole roles to the Alibaba Cloud account, you must log on to the Container Service console using the account credentials and
    click Confirm Authorization Policy on the authorization page to grant the account the following permissions.


    After you grant the preceding permissions to the account, you can log on to the Container Service and perform related operations as a RAM user.