As a service provider, you can select a role that Compute Nest is authorized to use when you create a fully managed service. Compute Nest assumes this role to create resources. This topic describes how to create a Resource Access Management (RAM) role with Compute Nest as a trusted service.
Create a RAM role
Log on to the RAM console with your Alibaba Cloud account.
In the left-side navigation pane, choose .
On the Roles page, click Create Role.
On the Create Role page, configure the parameters. Set Principal Type to Cloud Service.
Set Principal Name to Compute Nest/ComputeNest and click OK.
In the Create Role dialog box, enter a name in the Role Name field and click OK.
Grant permissions to the RAM role
After the RAM role is created, the role has no permissions. You need to grant permissions to the role.
On the Roles page, find the RAM role to which you want to grant permissions.
Click Grant Permission in the Actions column.
In the Grant Permission panel, grant permissions to the role.
Configure the Resource Scope parameter. Valid values:
Account: The permissions are granted to the current Alibaba Cloud account.
ResourceGroup: The permissions are valid for a specific resource group.
NoteIf you set the Resource Scope parameter to ResourceGroup, make sure that the required cloud service supports resource groups. For more information, see Services that work with Resource Group.
Configure the Principal parameter.
The principal is the RAM role to which you want to grant permissions. By default, the current RAM role is specified.
Select policies in the Policy section.
Attach policies to the RAM role based on the cloud resources of your service. For example, if your service contains ApsaraDB RDS resources, you need to attach the system policy
AliyunRDSFullAccessto the RAM role.Click Grant permissions.