This topic lists the Alibaba Cloud services that work with Resource Access Management (RAM), the authorization granularity and system policies for each service, and the links of related topics.
Overview
Each table in this topic contains the following columns:
Service: the name of the Alibaba Cloud service that supports RAM.
Sub-service or sub-module: the sub-service or sub-module of the service. A hyphen (-) indicates that this does not apply.
RAM code: the unique code used in RAM to identify the service.
Console: indicates whether RAM can be used for access control in the service's console. indicates support, indicates no support, and a circle (○) indicates that the service does not have a console.
API: indicates whether RAM can be used for access control when calling the service's API. indicates support, indicates no support, and a circle (○) indicates that the service does not provide an API.
Authorization granularity: the most specific level at which permissions can be granted for the service. A hyphen (-) indicates that a specific granularity is not defined.
The following authorization granularities are defined:
Service level: Permissions are granted to the entire service. A RAM user or role can either access all resources within the service or none.
Operation level: Permissions are granted for specific API operations on certain types of resources within the service.
Resource level: Permissions are granted for specific operations on individual resources. This is the most granular level. For example, you can authorize a RAM user to restart a specific Elastic Compute Service (ECS) instance.
System policy: the system policies that RAM provides for the service. A hyphen (-) indicates that no system policies are provided.
References: links to relevant documentation about RAM integration for the service. A hyphen (-) indicates that no specific documentation is available.
Elastic computing
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
ECS | ECS | ecs | Resource |
| |||
Elastic Block Storage (EBS) | EBS | ecs | Resource |
| - | ||
EBS | EBS | ebs | Resource |
| - | ||
ECS | Elastic GPU Service | ecs | Resource |
| |||
ECS | ECS Bare Metal Instance | ecs | Resource |
| |||
ECS | Dedicated Host (DDH) | ecs | Resource |
| |||
ECS | Alibaba Cloud Linux 2 | ecs | Resource |
| |||
Auto Scaling | - | ess | Operation |
| |||
Container Service for Kubernetes (ACK) | - | cs | Resource |
| |||
Batch Compute | - | batchcompute | Service | - | - | ||
Resource Orchestration Service (ROS) | - | ros | Resource |
| |||
Function Compute | - | fc | Resource |
| Grant permissions across Alibaba Cloud accounts by using RAM roles | ||
Simple Application Server | - | swas | ○ | Service | AliyunSWASFullAccess | - | |
Elastic High Performance Computing (E-HPC) | - | ehpc | Service |
| - | ||
Container Registry | - | cr | Resource |
| |||
Elastic Desktop Service (EDS) | EDS | ecd | Operation |
| |||
Elastic Container Instance | - | eci | Resource |
| |||
CloudFlow | - | fnf | Resource |
| |||
Web App Service | - | webplus | Operation |
| - | ||
Compute Nest | - |
| ○ | Resource |
| - | |
Distributed Cloud Container Platform for Kubernetes (ACK One) | - | adcp | Operation |
| - |
Databases
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
ApsaraDB RDS | ApsaraDB RDS | rds | Resource |
| |||
ApsaraDB RDS | ApsaraDB RDS for MySQL | rds | Resource |
| |||
ApsaraDB RDS | ApsaraDB RDS for SQL Server | rds | Resource |
| |||
ApsaraDB RDS | ApsaraDB RDS for PostgreSQL | rds | Resource |
| |||
ApsaraDB RDS | ApsaraDB for MyBase | rds | Resource |
| - | ||
Tair (Redis® OSS-Compatible) | - | kvstore | Resource |
| |||
ApsaraDB for MongoDB | - | dds | Resource |
| - | ||
AnalyticDB for PostgreSQL | - | gpdb | Resource |
| - | ||
Data Transmission Service (DTS) | - | dts | Operation |
| Use a system policy to authorize a RAM user to manage DTS instances | ||
Data Management | - | dms | Service |
| |||
AnalyticDB for MySQL | - | adb | Operation |
| |||
PolarDB for Xscale (PolarDB-X) | - |
| Resource |
| |||
ApsaraDB for HBase | - | hbase | Resource |
| |||
Advanced Database & Application Migration | - | adam | ○ | Service |
| ||
PolarDB | - | polardb | Operation |
| |||
Data Disaster Recovery | - | dbs | Service |
| - | ||
Database Autonomy Service (DAS) | - | hdm | Service |
| |||
ApsaraDB for OceanBase | - | oceanbase | ○ | Service |
| - | |
ApsaraDB for Cassandra | - | cassandra | Resource |
| |||
ApsaraDB for ClickHouse | - | clickhouse | Resource |
| |||
Database Gateway (DG) | - | dg | Resource |
| - | ||
ApsaraDB for SelectDB | - | selectdb | Operation |
|
Storage
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
Object Storage Service (OSS) | - | oss | Resource |
| |||
File Storage NAS (NAS) | - | nas | Resource |
| |||
Tablestore | - | ots | Resource |
| |||
Cloud Storage Gateway (CSG) | - | hcs-sgw | Service | AliyunHCSSGWFullAccess | |||
Cloud Backup | - | hbr | Resource |
| Create a RAM user and authorize the RAM user to access Cloud Backup | ||
Hybrid Cloud Storage | Hybrid Cloud Storage | hgw | ○ | Operation |
| - | |
Hybrid Cloud Storage | Remote Service | asrs | ○ | Resource |
| - |
Cloud communication
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
Short Message Service (SMS) | - | dysms | Service | - | - |
Networking
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
Virtual Private Cloud (VPC) | - | vpc | Resource |
| |||
Server Load Balancer (SLB) | Classic Load Balancer (CLB) | slb | Resource |
| |||
SLB | Application Load Balancer (ALB) | alb | Resource |
| |||
SLB | Network Load Balancer (NLB) | nlb | Resource |
| |||
SLB | Gateway Load Balancer (GWLB) | gwlb | Resource |
| |||
Express Connect | - | vpc | Resource |
| |||
Elastic IP Address (EIP) | EIP | vpc | Resource |
| |||
EIP | Anycast Elastic IP Address (Anycast EIP) | eipanycast | Resource |
| |||
NAT Gateway | - | vpc | Resource |
| |||
VPN Gateway | - | vpc | Resource |
| |||
Internet Shared Bandwidth | - | vpc | Resource |
| - | ||
Global Accelerator (GA) | - | ga | Resource |
| |||
Smart Access Gateway (SAG) | - | smartag | Resource | - | |||
Cloud Enterprise Network (CEN) | - | cen | Resource |
| |||
PrivateLink | - | privatelink | Resource |
| |||
Alibaba Cloud DNS PrivateZone | - | pvtz | Resource |
| |||
Cloud Data Transfer (CDT) | - | cdt | Operation |
| |||
VPC peering connection | - | vpc | Resource |
| - | ||
IPv6 Gateway | - | vpc | Resource |
| - |
O&M and management
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
Application Real-Time Monitoring Service (ARMS) | - | arms | Service |
| |||
CloudMonitor | - | cms | Operation |
| |||
Intelligent Advisor | - | advisor-intl | Operation |
| - | ||
Cloud Shell | - | cloudshell | ○ | Operation | AliyunCloudShellFullAccess | - | |
Cloud Config | - | config | Operation |
| |||
Logic Composer | - | composer | Resource |
| |||
CloudOps Orchestration Service (OOS) | - | oos | Resource |
| |||
Cloud Governance Center (CGC) | CGC | governance | ○ | Operation |
| - | |
CGC | Service Catalog | servicecatalog | Resource |
|
Middleware
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
Enterprise Distributed Application Service (EDAS) | - | edas | Resource |
| |||
ApsaraMQ | ApsaraMQ for RocketMQ | mq | Resource |
| |||
ApsaraMQ | ApsaraMQ for MQTT | mq | Resource |
| |||
ApsaraMQ | ApsaraMQ for RabbitMQ | amqp | Resource |
| |||
Simple Message Queue (formerly MNS) (SMQ) | - | mns | Resource |
| |||
ApsaraMQ for Kafka | - | alikafka | Resource |
| |||
Application High Availability Service | - | ahas | Service |
| - | ||
Alibaba Cloud Service Mesh (ASM) | - | servicemesh | Resource |
| |||
EventBridge | - | eventbridge | Resource |
|
Media services and CDN
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
CDN | - | cdn | Resource |
| |||
ApsaraVideo Media Processing (MPS) | - | mts | Service |
| - | ||
ApsaraVideo VOD (VOD) | - | vod | Operation |
| - | ||
ApsaraVideo Live | - | live | Resource |
| |||
Real-Time Communication | - | rtc | Resource | - | - | ||
Dynamic Content Delivery Network (DCDN) | - | dcdn | Resource |
| - | ||
Edge Security Acceleration (ESA) | - | esa | Resource |
|
Enterprise applications
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
Direct Mail | - | dm | Operation |
| - | ||
API Gateway | - | apigateway | Service |
| |||
Alibaba Mail | - | alimail | ○ | Operation |
| - | |
Resource Management | Resource Management | resourcemanager | Operation |
| |||
Resource Management | Resource Sharing | resourcesharing | Operation |
| - | ||
Resource Management | Tag | tag | Operation |
| |||
Resource Management | Resource Center | resourcecenter | Operation |
| |||
Blockchain as a Service (BaaS) | BaaS | baas | Resource |
| |||
CloudQuotation (CQ) | - | assettech | ○ | Service |
| - | |
BizWorks | - | bizworks | ○ | Service |
| - |
Domains and websites
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
Alibaba Cloud DNS (DNS) | DNS | alidns | Resource |
| |||
DNS | Alibaba Cloud Public DNS | pubdns | Resource |
| - | ||
Domain Names and Websites | - | domain | Resource |
|
AI
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
Intelligent Speech Interaction | Intelligent Speech Interaction | nls | Service |
| - | ||
Platform for AI (PAI) | - | pai | Service | - | - | ||
PAI | - | paiplugin | ○ | Operation |
| - | |
Image Search | - | imagesearch | Resource |
| |||
Machine Translation | - | alimt | Operation |
| - | ||
Alibaba Cloud Model Studio | - | sfm | Resource |
|
IoT
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
IoT Platform | - | iot | Resource |
| |||
Link IoT Edge | - | iot | Resource |
| |||
Lindorm | Time Series Database (TSDB) | hitsdb | Operation | - | - |
Analytics computing
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
DataWorks | - | dataworks | Operation |
| |||
Quick BI | - | - | Service | - | - | ||
DataV | - | datav | ○ | Service | AliyunDataVFullAccess | - | |
Realtime Compute for Apache Flink | - | stream | Resource |
| |||
Elasticsearch | - | elasticsearch | Resource |
| |||
E-MapReduce (EMR) | E-MapReduce | emr | Service |
| |||
Simple Log Service (SLS) | - | log | Resource |
| |||
Hologres | - | hologram | Resource |
|
Developer services
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
Alibaba Cloud DevOps | - | rdc | Resource |
| - | ||
Managed Service for OpenTelemetry | - | xtrace | Operation |
| - |
Security
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
Security Center | - |
| Operation |
| - | ||
Server Guard | - | yundun-aegis | Service |
| - | ||
Anti-DDoS | Anti-DDoS | yundun-ddos | Service |
| - | ||
Anti-DDoS | Anti-DDoS Proxy (Chinese Mainland) |
| Service |
| - | ||
Anti-DDoS | Anti-DDoS Proxy (Outside Chinese Mainland) |
| ○ | Service |
| - | |
Web Application Firewall (WAF) | WAF | yundun-waf | Operation |
| - | ||
Certificate Management Service (Original SSL Certificate) | - | yundun-cert | Service |
| - | ||
Cloud Firewall | - | yundun-cloudfirewall | Resource |
| |||
Managed Security Service (MSSP) | - | mssp | ○ | Service | - | - | |
Content Moderation | - | yundun-greenweb | Service |
| - | ||
Bastionhost | Bastionhost | yundun-bastionhost | ○ | Service |
| - | |
Data Security Center (DSC) | - | yundun-sddp | Service |
| - | ||
Identity as a Service (IDaaS) | IDaaS | yundun-idaas | ○ | Operation |
| - | |
Key Management Service (KMS) | - | kms | Resource |
| |||
Resource Access Management (RAM) | RAM |
| Resource |
| |||
RAM | CloudSSO | cloudsso | ○ | Resource |
| - | |
ActionTrail | - | actiontrail | Operation | - |
Technical support
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
Ticket Management | - | support | Service | AliyunSupportFullAccess | - |
Marketplace
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
Alibaba Cloud Marketplace | - | acm | Service | AliyunMarketplaceFullAccess | - |
Other
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
Expenses and Costs | - |
| Operation |
| - | ||
ICP Filing | - |
| ○ | Service | AliyunBeianFullAccess | - |