This topic describes the permissions required if you want to survey Alibaba Cloud resources and migrate resources by using Cloud Migration Hub (CMH) as a RAM user. This topic also describes how to grant permissions to the RAM user.
Overview
If you use CMH to survey Alibaba Cloud resources or migrate resources on Alibaba Cloud, CMH automatically obtains the information about the resources within your Alibaba Cloud account, creates relevant resources, and migrates your resources. If you access CMH as a RAM user or by assuming a RAM role, your account must have the permissions to perform specific operations.
Grant permissions
In this example, the AliyunAPDSFullAccess policy is used. Log on to the Resource Access Management (RAM) console. In the left-side navigation pane, choose Identities > Users, or choose Identities > Roles. Create a RAM user or RAM role, and attach the AliyunAPDSFullAccess policy to the RAM user or RAM role.
Permissions
RAM policies with full permissions
Policy | Description | Scenario |
AliyunAPDSFullAccess | The full permissions on CMH. | Use the CMH console. |
AliyunConfigFullAccess | The full permissions on Cloud Config. | N/A |
AliyunIaCServiceFullAccess | The full permissions on Infrastructure as Code (IaC) Service. | Migrate data across zones in Alibaba Cloud or from Amazon Web Services (AWS) to Alibaba Cloud. |
AliyunECSFullAccess | The full permissions on Elastic Compute Service (ECS). | Migrate data from AWS to Alibaba Cloud. |
AliyunRDSFullAccess | The full permissions on ApsaraDB RDS. | Migrate data from AWS to Alibaba Cloud. |
AliyunVPCFullAccess | The full permissions on Virtual Private Cloud (VPC). | Migrate data across zones in Alibaba Cloud. |
AliyunSLBFullAccess | The full permissions on Server Load Balancer (SLB). | Migrate data across zones in Alibaba Cloud. |