Backup and Disaster Recovery Center provides methods such as network isolation to improve the security of mutual access between resources.
RAM policies based on users
Resource Access Management (RAM) is a resource access control service provided by Alibaba Cloud. You can configure RAM policies based on users. You can configure RAM policies to manage users, such as employees, systems, and applications, in a centralized manner and determine the resources that the users can access.
A RAM policy is in the JSON format. You can configure a RAM policy by specifying the Action, Effect, Resource, and Condition elements in the statements. You can specify multiple statements in a RAM policy to efficiently manage authorization. For more information, see What is RAM?
Temporary access authorization based on STS
RAM policies allow you to manage long-term access permissions. If you want to allow users to access resources only for a short period of time, you can use Security Token Service (STS) to create temporary access credentials. You can obtain temporary access credentials that consist of an AccessKey pair and a security token from environment variables by using STS SDK, and send them to temporary users to access Backup and Disaster Recovery Center. The permissions that are obtained by using STS are restricted and have time limits. The leak of temporary access credentials causes lower-level risks than the leak of other credentials.
You can use STS to authorize temporary access to Backup and Disaster Recovery Center. You can use STS to grant temporary access credentials that have a custom validity period and custom permissions to a third-party application or a RAM user that you manage.