All Products
Search
Document Center

Compute Nest:Create a RAM role for Compute Nest service

Last Updated:Jun 22, 2026

To create a fully managed service, service providers must configure a RAM role that Compute Nest assumes to create resources on their behalf.

Create a RAM role

  1. Sign in to the RAM console with your Alibaba Cloud account.

  2. In the left-side navigation pane, choose Identities > Roles.

  3. On the Roles page, click Create Role.

  4. On the Create Role page, for Principal Type, select Cloud Service.

  5. For Principal Name, select Compute Nest, and then click OK.

  6. In the dialog box that appears, enter a Role Name and click OK.

Grant permissions to the RAM role

A newly created RAM role has no permissions. You must grant the required permissions before you can use it.

  1. On the Roles page, find the role that you created.

  2. In the Actions column, click Grant Permission.

  3. In the Grant Permission dialog box, grant permissions to the role.

    1. Select the authorization scope.

      • Account: Permissions apply within the current Alibaba Cloud account.

      • Resource Group: Permissions apply within the specified resource group.

        Note

        To grant permissions at the resource group level, the cloud service must support resource groups. For more information, see Services that work with Resource Group.

    2. Select the principal.

      The principal is the RAM role that you want to authorize. The system automatically selects the current RAM role.

    3. Select policies.

      Attach policies to the RAM role based on the cloud resources your service uses. For example, if your service requires RDS resources, attach a relevant system policy, such as AliyunRDSFullAccess, to grant full RDS management permissions.

    4. Click Grant Permission.