A complete reference of all available API operations - Resource Access Management - Alibaba Cloud - Resource Access Management

API standard and pre-built SDKs in multi-language

The OpenAPI specification of this product (Ram/2015-05-01) follows the RPC standard. Alibaba Cloud provides pre-built SDKs for popular programming languages to abstract low-level complexities such as request signing. This enables developers to call APIs using language-specific syntax without dealing with HTTP details directly.

Custom signature

If your specific needs, such as a customized signature, are not supported by the SDK, manually sign requests using the signature mechanism. Note that manual signing requires significant effort (usually about 5 business days). For support, join our DingTalk group (ID: 147535001692).

Before you begin

An Alibaba Cloud account has full administrative privileges. A compromised AccessKey pair exposes all associated resources to unauthorized access, posing a significant security risk. To call APIs securely, create a Resource Access Management (RAM) user with API access only, configure its AccessKey pairs, and implement the principle of least privilege (PoLP) through RAM policies. Use the Alibaba Cloud account only when its permissions are explicitly required for specific scenarios.

User management

API	Title	Description
RAM user	RAM user
CreateUser	CreateUser	Creates a Resource Access Management (RAM) user.
GetUser	GetUser	You can call the GetUser operation to query the details of a Resource Access Management (RAM) user.
UpdateUser	UpdateUser	Modifies information about a Resource Access Management (RAM) user.
DeleteUser	DeleteUser	Deletes a Resource Access Management (RAM) user.
ListUsers	ListUsers	Queries the information about all RAM users.
Logon	Logon
GetLoginProfile	GetLoginProfile	Queries the logon configurations of a Resource Access Management (RAM) user.
UpdateLoginProfile	UpdateLoginProfile	Modifies the logon configurations of a Resource Access Management (RAM) user.
ChangePassword	ChangePassword	Changes the password that is used to log on to the console for a Resource Access Management (RAM) user.
AccessKey pair	AccessKey pair
CreateAccessKey	CreateAccessKey	Creates an AccessKey pair for a Resource Access Management (RAM) user.
ListAccessKeys	ListAccessKeys	Queries all AccessKey pairs that belong to a Resource Access Management (RAM) user.
GetAccessKeyLastUsed	GetAccessKeyLastUsed	Queries the last time when an AccessKey pair was used.
MFA	MFA
GetUserMFAInfo	GetUserMFAInfo	Queries the multi-factor authentication (MFA) device that is bound to a Resource Access Management (RAM) user.
DeleteVirtualMFADevice	DeleteVirtualMFADevice	Deletes a multi-factor authentication (MFA) device.
ListVirtualMFADevices	ListVirtualMFADevices	Queries multi-factor authentication (MFA) devices.
BindMFADevice	BindMFADevice	Binds a multi-factor authentication (MFA) device to a Resource Access Management (RAM) user.
UnbindMFADevice	UnbindMFADevice	Unbinds a multi-factor authentication (MFA) device from a Resource Access Management (RAM) user.

User group management

API	Title	Description
CreateGroup	CreateGroup	Creates a RAM user group.
GetGroup	GetGroup	Queries information about a Resource Access Management (RAM) user group.
DeleteGroup	DeleteGroup	Deletes a Resource Access Management (RAM) user group.
ListGroups	ListGroups	Queries Resource Access Management (RAM) user groups.
ListGroupsForUser	ListGroupsForUser	Queries the Resource Access Management (RAM) user groups to which a RAM user belongs.
ListUsersForGroup	ListUsersForGroup	Queries Resource Access Management (RAM) users in a RAM user group.
AddUserToGroup	AddUserToGroup	Adds a Resource Access Management (RAM) user to a RAM user group.
RemoveUserFromGroup	RemoveUserFromGroup	Removes a Resource Access Management (RAM) user from a RAM user group.

Role management

API	Title	Description
CreateRole	CreateRole	Use the CreateRole operation to create a RAM role.
DeleteRole	DeleteRole	Deletes a regular Resource Access Management (RAM) role.
UpdateRole	UpdateRole	Modifies information about a Resource Access Management (RAM) role.
GetRole	GetRole	Queries information about a Resource Access Management (RAM) role.
ListRoles	ListRoles	Queries all Resource Access Management (RAM) roles.

Permission management

API	Title	Description
Policy management	Policy management
CreatePolicy	CreatePolicy	Creates a custom policy.
GetPolicy	GetPolicy	Queries information about a policy.
UpdatePolicyDescription	UpdatePolicyDescription	Modifies the description of a custom policy.
DeletePolicy	DeletePolicy	Deletes a policy.
ListPolicies	ListPolicies	Queries a list of policies.
CreatePolicyVersion	CreatePolicyVersion	Creates a version for a policy.
GetPolicyVersion	GetPolicyVersion	Queries the information about a policy version.
DeletePolicyVersion	DeletePolicyVersion	Deletes a policy version.
ListPolicyVersions	ListPolicyVersions	Queries the versions of a policy.
SetDefaultPolicyVersion	SetDefaultPolicyVersion	Specifies a version for a policy as the default version.
Authorization management	Authorization management
AttachPolicyToUser	AttachPolicyToUser	Attaches a permission policy to a specified user.
DetachPolicyFromUser	DetachPolicyFromUser	Detaches a policy from a user.
AttachPolicyToGroup	AttachPolicyToGroup	Attaches a policy to a user group.
DetachPolicyFromGroup	DetachPolicyFromGroup	Detaches a policy from a group.
AttachPolicyToRole	AttachPolicyToRole	Attaches a policy to a role.
DetachPolicyFromRole	DetachPolicyFromRole	Detaches a policy from a role.
ListPoliciesForUser	ListPoliciesForUser	Queries the policies that are attached to a RAM user.
ListPoliciesForGroup	ListPoliciesForGroup	Queries the policies that are attached to a Resource Access Management (RAM) user group.
ListPoliciesForRole	ListPoliciesForRole	Queries the policies that are attached to a Resource Access Management (RAM) role.
ListEntitiesForPolicy	ListEntitiesForPolicy	Queries the entities to which a policy is attached.

Security management

API	Title	Description
SetAccountAlias	SetAccountAlias	Configures an alias for an Alibaba Cloud account.
ClearAccountAlias	ClearAccountAlias	Deletes the alias of an Alibaba Cloud account.
SetPasswordPolicy	SetPasswordPolicy	Configures the password policy for Resource Access Management (RAM) users, including the password strength.
GetPasswordPolicy	GetPasswordPolicy	Queries the password policy of Resource Access Management (RAM) users, including the password strength.
GetSecurityPreference	GetSecurityPreference	Queries the security preferences.

Permission analysis and diagnosis

API	Title	Description
DecodeDiagnosticMessage	DecodeDiagnosticMessage	Decodes the permission diagnostic information from the response body of a request that was denied due to missing RAM permissions.

Tag management

API	Title	Description
TagResources	TagResources	Adds tags to cloud resources which are Resource Access Management (RAM) roles and policies.
UntagResources	UntagResources	Removes tags from cloud resources that are Resource Access Management (RAM) roles and policies.
ListTagResources	ListTagResources	Queries the tags that are added to cloud resources which are Resource Access Management (RAM) roles and policies.

Others

API	Title	Description
CreateLoginProfile	CreateLoginProfile	Enables console logon for a Resource Access Management (RAM) user.
CreateVirtualMFADevice	CreateVirtualMFADevice	Creates a multi-factor authentication (MFA) device.
DeleteAccessKey	DeleteAccessKey	Deletes an AccessKey pair of a Resource Access Management (RAM) user.
DeleteLoginProfile	DeleteLoginProfile	Disables console logon for a Resource Access Management (RAM) user.
GetAccountAlias	GetAccountAlias	Queries the alias of an Alibaba Cloud account.
SetSecurityPreference	SetSecurityPreference	Configures the security preferences.
UpdateAccessKey	UpdateAccessKey	Changes the status of an AccessKey pair that belongs to a Resource Access Management (RAM) user.
UpdateGroup	UpdateGroup	Modifies a Resource Access Management (RAM) user group.