Before a RAM user can use CloudMonitor to monitor a cloud service, the Alibaba Cloud account to which the RAM user belongs must grant permissions to the RAM user.

Prerequisites

  • A RAM user is created within your Alibaba Cloud account. For more information, see Create a RAM user.
  • The service-linked role AliyunServiceRoleForCloudMonitor is created for CloudMonitor. For more information, see Create the service-linked role.

Procedure

  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Identities > Users.
  3. On the Users page, find the RAM user to which you want to grant permissions and click Add Permissions in the Actions column.
  4. In the Add Permissions panel, set the Authorized Scope parameter to Alibaba Cloud Account and select one or more policies.
    • System Policy: the system policies. To specify system policies, select the required policies in the Authorization Policy Name column.
      Policy Description
      AliyunCloudMonitorFullAccess The permissions to manage CloudMonitor.
      AliyunCloudMonitorReadOnlyAccess The read-only permissions on CloudMonitor.
    • Custom Policy: the custom policies. To specify custom policies, select the required policies in the Authorization Policy Name column.

      For information about how to create a custom policy, see Create a custom policy.

      For example, you can grant the RAM user the permissions to export monitoring data. Sample code:
      {
        "Version": "1",
        "Statement": [
          {
            "Effect": "Allow",
            "Action": [
              "cms:BatchGet",
              "cms:Cursor"
            ],
            "Resource": [
              "*"
            ],
            "Condition": {}
          }
        ]
      }
  5. Click OK.
  6. Click Complete.