Before a RAM user can use CloudMonitor to monitor a cloud service, the Alibaba Cloud account to which the RAM user belongs must grant permissions to the RAM user.

Prerequisites

A RAM user is created within your Alibaba Cloud account. For more information, see Create a RAM user.

Procedure

  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Identities > Users.
  3. On the Users page, find the RAM user to which you want to grant permissions and click Add Permissions in the Actions column.
  4. In the Add Permissions panel, set the Authorized Scope parameter to Alibaba Cloud Account and select one or more policies.
    Note You can grant permissions on CloudMonitor to an Alibaba Cloud account. You cannot grant permissions on CloudMonitor to a resource group.
    • System Policy: the system policies. To specify system policies, select the required policies in the Authorization Policy Name column.
      Policy Description
      AliyunCloudMonitorFullAccess The permissions to manage CloudMonitor.
      AliyunCloudMonitorReadOnlyAccess The read-only permissions on CloudMonitor.
    • Custom Policy: the custom policies. To specify custom policies, select the required policies in the Authorization Policy Name column.

      For more information about how to create a custom policy, see Create a custom policy.

      For example, you can grant the RAM user the permissions to export monitoring data. The following sample code provides an example:
      {
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cms:BatchGet",
        "cms:Cursor"
      ],
      "Resource": [
        "*"
      ],
      "Condition": {}
    }
  ]
}
  5. Click OK.
  6. Click Complete.