Before you use Message Queue for MQTT, you must activate it on the Alibaba Cloud official website. If you are a RAM user, you must be granted required permissions before you can use the console or API to access the corresponding Message Queue for MQTT resources and use SDKs to send and receive messages.

Prerequisites

An Alibaba Cloud account is created and real-name verification is complete. For more information, see Sign up with Alibaba Cloud.

Step 1: Activate Message Queue for MQTT

  1. Step 1: Go to the product page of Message Queue for MQTT.
  2. Click Log In in the upper-right corner of the page.
  3. On the logon page, enter your Alibaba Cloud account and password, and click Sign In.
  4. On the product page of Message Queue for MQTT, click Buy Now.
    You are navigated to the Message Queue for MQTT console.
  5. On the Overview page, click Activate for Free.
    Activate for Free
  6. On the service activation page, read the content of the order and the service agreement, select Message Queue for Apache RocketMQ Terms of Service, and then click Activate Now.
    Note Message Queue for MQTT is one of the Message Queue for Apache RocketMQ services. After you activate Message Queue for Apache RocketMQ, Message Queue for MQTT is activated. You can activate Message Queue for Apache RocketMQ for free.
    If the following content appears, you have activated Message Queue for Apache RocketMQ.

Step 1: Grant permissions to a RAM user (Required for a RAM user)

If you activate Message Queue for MQTT as a RAM user, you must use your Alibaba Cloud account to grant required permissions to the RAM user before you can access Message Queue for MQTT resources as the RAM user. If you activate Message Queue for MQTT by using an Alibaba Cloud account, you have the permissions to access Message Queue for MQTT resources by default. In this case, skip this step.

  1. Log on to the RAM console by using your Alibaba Cloud account.
  2. In the left-side navigation pane, choose Identities > Users.
  3. On the Users page, find the RAM user to which you want to grant permissions and click Add Permissions in the Actions column.
  4. In the Add Permissions panel, grant permissions to the RAM user.
    1. Select the authorization scope.
      • Alibaba Cloud Account: If you select this option, permissions take effect on the current Alibaba Cloud account.
      • Specific Resource Group: If you select this option, permissions take effect on a specific resource group.
        Note If you select Specific Resource Group for Authorized Scope, make sure that the required cloud service supports resource groups. For more information, see Alibaba Cloud services that support resource groups.
    2. Specify the principal.
      The principal is the RAM user to which permissions are to be granted. By default, the current RAM user is specified. You can also specify another RAM user.
    3. Select policies.
      Note You can attach a maximum of five policies to a RAM user at a time. If you need to attach more than five policies to a RAM user, perform the operation multiple times.
  5. Click OK.
  6. Click Complete.
Message Queue for MQTT provides the following system policies. You can grant related permissions to the RAM user based on the permission scope.
Policy Description
AliyunMQFullAccess The permissions to manage Message Queue for MQTT. They are equivalent to the permissions that the Alibaba Cloud account has. A RAM user to which these permissions are granted can send and subscribe to all messages and use all the features of the console.
AliyunMQPubOnlyAccess The permissions to send messages in Message Queue for MQTT. A RAM user to which these permissions are granted can use all the resources of the Alibaba Cloud account to send messages by using SDKs.
AliyunMQSubOnlyAccess The subscription permissions of Message Queue for MQTT. A RAM user to which these permissions are granted can use all the resources of the Alibaba Cloud account to subscribe to messages by using SDKs.
AliyunMQReadOnlyAccess The read-only permissions on Message Queue for MQTT. A RAM user to which these permissions are granted can only read resource information by using the console or by calling API operations.

What to do next

Create resources