You can create RAM roles for three types of trusted entities: trusted Alibaba Cloud accounts, trusted Alibaba Cloud services, and trusted identity providers (IdPs). This topic describes how to create a RAM role for a trusted Alibaba Cloud account.


  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, click RAM Roles.
  3. On the RAM Roles page, click Create RAM Role.
  4. In the Create RAM Role pane, select Alibaba Cloud Account for the Trusted Entity Type parameter, and then click Next.
  5. Specify the RAM Role Name and Note parameters.
  6. Select Current Alibaba Cloud Account or Other Alibaba Cloud Account for the Select Trusted Alibaba Cloud Account parameter, and then click OK.
    Note If you select Other Alibaba Cloud Account, you must enter the ID of the Alibaba Cloud account.

What to do next

After you create a RAM role, the RAM role has no permissions by default. You can click Add Permissions to grant permissions to the RAM role. For more information, see Grant permissions to a RAM role.