All Products
Search
Document Center

ApsaraMQ for MQTT:Activate ApsaraMQ for MQTT and grant permissions to a RAM user

Last Updated:Apr 30, 2024

Before you use ApsaraMQ for MQTT, you must activate it on the Alibaba Cloud official website. If you are a Resource Access Management (RAM) user, you must be granted the required permissions before you can access ApsaraMQ for MQTT resources and use SDKs to send and receive messages in the ApsaraMQ for MQTT console or by calling API operations.

Prerequisites

An Alibaba Cloud account is created, and real-name verification is complete. For more information, see Sign up with Alibaba Cloud.

Step 1: Activate ApsaraMQ for MQTT

  1. Go to the product page of ApsaraMQ for MQTT.

  2. In the upper-right corner of the page, click Log In.

  3. On the Sign in to Alibaba Cloud page, enter your Alibaba Cloud account and password, and click Sign In.

  4. On the product page of ApsaraMQ for MQTT, click Buy Now.

    You are redirected to the ApsaraMQ for MQTT console.

  5. On the Overview page, click Activate for Free.

  6. On the service activation page, read the content of the order and the service agreement, select Message Queue for Apache RocketMQ Terms of Service, and then click Activate Now.

    Note

    ApsaraMQ for MQTT is one of the services provided by ApsaraMQ for RocketMQ. After you activate ApsaraMQ for RocketMQ, ApsaraMQ for MQTT is activated. You can activate ApsaraMQ for RocketMQ for free.

(Required for a RAM user) Step 1: Grant permissions to a RAM user

If you activate ApsaraMQ for MQTT as a RAM user, you must use your Alibaba Cloud account to grant the required permissions to the RAM user before you use the RAM user to access ApsaraMQ for MQTT resources. If you activate ApsaraMQ for MQTT by using an Alibaba Cloud account, you have the permissions to access ApsaraMQ for MQTT resources by default. In this case, skip this step.

  1. Log on to the RAM console with an Alibaba Cloud account or a RAM user who has administrative rights.

  2. In the left-side navigation pane, choose Identities > Users.

  3. On the Users page, find the required RAM user and click Add Permissions in the Actions column.

  4. In the Add Permissions panel, grant permissions to the RAM user.

    1. Select the authorization scope.

    2. Specify the principal.

      The principal is the RAM user to which you want to grant permissions.

    3. Select policies.

      A policy contains a set of permissions. Policies can be classified into system policies and custom policies:

      • System policies: policies that are created by Alibaba Cloud. You can use but cannot modify these policies. Version updates of the policies are maintained by Alibaba Cloud. For more information, see Services that work with RAM.

      • Custom policies: You can manage and update custom policies based on your business requirements. You can create, update, and delete custom policies. For more information, see Create a custom policy.

      Note

      You can attach a maximum of five policies to a RAM user at a time. If you want to attach more than five policies to a RAM user, perform the operation multiple times.

  5. Click OK.

  6. Click Complete.

ApsaraMQ for MQTT provides the following system policies. You can grant the related permissions to the RAM user based on the permission scope.

Policy

Description

AliyunMQFullAccess

The permissions to manage ApsaraMQ for MQTT. A RAM user to which this policy is attached can manage all features the same way you use an Alibaba Cloud account to manage resources in the ApsaraMQ for MQTT console.

Note

After this policy is attached to a RAM user, the RAM user cannot view the list of instances in the ApsaraMQ for MQTT console. To view the list of instances in the ApsaraMQ for MQTT console, the RAM user must be granted the mq:MqttInstanceAccess permission that is used to query the basic information of an instance. For more information, see Permissions to manage instances in the console.

AliyunMQPubOnlyAccess

The permissions to publish messages in ApsaraMQ for MQTT. A RAM user to which this policy is attached can use all resources of the Alibaba Cloud account to send messages by using SDKs.

AliyunMQSubOnlyAccess

The permissions to subscribe to messages in ApsaraMQ for MQTT. A RAM user to which this policy is attached can use all resources of the Alibaba Cloud account to subscribe to messages by using SDKs.

AliyunMQReadOnlyAccess

The read-only permissions on ApsaraMQ for MQTT. A RAM user to which this policy is attached can only read resource information in the ApsaraMQ for MQTT console or by calling API operations.

Note

After this policy is attached to a RAM user, the RAM user cannot view the list of instances in the ApsaraMQ for MQTT console. To view the list of instances in the ApsaraMQ for MQTT console, the RAM user must be granted the mq:MqttInstanceAccess permission that is used to query the basic information of an instance. For more information, see Permissions to manage instances in the console.

Important

What to do next

Create resources