All Products
Search
Document Center

Message Service:Activate MNS and authorize RAM users to access MNS

Last Updated:Jan 05, 2024

Before you can use Message Service (MNS), you must activate the service on the product page of MNS. If your account is a RAM user, you must grant permissions to the RAM user before you can use the console or call API operations to manage MNS resources, and send or receive messages by using SDKs. This topic describes how to activate MNS and authorize RAM users to access MNS.

Prerequisites

An Alibaba Cloud account is created.

Step 1: Activate MNS

  1. Go to the official website of Alibaba Cloud. In the top navigation bar, choose Products > > Middleware > > ApsaraMQ > > Message Service (MNS).

  2. On the product page, click Get it Free.

  3. Read MNS Terms of Service, select I have read and agree MNS Terms of Service, and then click activate Now.

    The following message appears on the page: Congratulations. The service is activated.

Step 2: (Required for RAM users) Authorize RAM users to access MNS

  1. Log on to the RAM console with an Alibaba Cloud account or a RAM user who has administrative rights.

  2. In the left-side navigation pane, choose Identities > Users.

  3. On the Users page, find the required RAM user and click Add Permissions in the Actions column.

  4. In the Add Permissions panel, grant permissions to the RAM user.

    1. Select the authorization scope.

      • Alibaba Cloud Account: The authorization takes effect on the current Alibaba Cloud account.

      • Specific Resource Group: The authorization takes effect on a specific resource group.

        Note

        If you select Specific Resource Group for Authorized Scope, make sure that the required cloud service supports resource groups. For more information, see Services that work with Resource Group. For more information about how to grant permissions on a resource group, see Use a resource group to manage an ECS instance.

    2. Specify the principal.

      The principal is the RAM user to which you want to grant permissions.

    3. Select policies.

      A policy contains a set of permissions. Policies can be classified into system policies and custom policies:

      • System policies: policies that are created by Alibaba Cloud. You can use but cannot modify these policies. Version updates of the policies are maintained by Alibaba Cloud. For more information, see Services that work with RAM.

      • Custom policies: You can manage and update custom policies based on your business requirements. You can create, update, and delete custom policies. For more information, see Create a custom policy.

      Note

      You can attach a maximum of five policies to a RAM user at a time. If you want to attach more than five policies to a RAM user, perform the operation multiple times.

  5. Click OK.

  6. Click Complete.

MNS provides the following system policies. You can grant related permissions to the RAM user based on the permission scope.

Policy

Description

AliyunMNSFullAccess

The permissions to manage MNS, which are equivalent to the permissions that the Alibaba Cloud account has. A RAM user to which this policy is attached can send and subscribe to all messages and use all the features of the console.

AliyunMNSReadOnlyAccess

The read-only permissions on MNS. A RAM user to which this policy is attached can only read resource information in the console or by calling API operations.

Note

System policies cover a large permission scope. For example, after a RAM user is granted AliyunMNSFullAccess that represents full permissions, the RAM user can manage all MNS resources. To grant fine-grained permissions, MNS provides custom policies. For more information, see Permission policies and examples.

What to do next

You can click Console to create resources. For more information, see Get started with queue-based messaging.