Alibaba Cloud services that support RAM, including authorization granularity, system policies, and reference documentation for each service.
Overview
Each table provides the following information:
-
Cloud service: Name of the RAM-integrated cloud service.
-
Sub-service or sub-module: Sub-service or sub-module of the cloud service. A hyphen (-) indicates none.
-
RAM code: Unique service identifier in RAM.
-
Console: means console access control is available. means it is not. ○ means the service has no console integration.
-
API: means API access control is available. means it is not. ○ means the service has no API.
-
Authorization granularity: Finest authorization level the service supports. A hyphen (-) indicates none defined.
When a cloud service integrates with RAM, it supports different authorization granularity levels:
-
Service level: All-or-nothing access to the entire service.
-
Operation level: API-level authorization. Grants permissions for specific operations on resource types.
-
Resource level: Most granular. Grants permissions for specific operations on individual resources, such as restarting a specific ECS instance.
-
-
System policy: Predefined RAM policies for the service. A hyphen (-) indicates none available.
-
References: RAM integration documentation. A hyphen (-) indicates none available.
Elastic compute
|
Service |
Sub-service |
RAM code |
Console |
API |
Authorization granularity |
System policies |
Reference |
|
ECS |
- |
ecs |
|
|
resource-level |
|
|
|
ECS |
Elastic Block Storage (EBS) |
ecs |
|
|
resource-level |
|
- |
|
Elastic Block Storage (EBS) |
- |
ebs |
|
|
resource-level |
|
- |
|
ECS |
Elastic GPU Service |
ecs |
|
|
resource-level |
|
|
|
ECS |
ECS Bare Metal Instance |
ecs |
|
|
resource-level |
|
|
|
ECS |
Dedicated Host (DDH) |
ecs |
|
|
resource-level |
|
|
|
ECS |
Alibaba Cloud Linux 2 |
ecs |
|
|
resource-level |
|
|
|
Auto Scaling |
- |
ess |
|
|
operation-level |
|
|
|
Container Service for Kubernetes (ACK) |
- |
cs |
|
|
resource-level |
|
|
|
Batch Compute |
- |
batchcompute |
|
|
service-level |
- |
- |
|
Resource Orchestration Service (ROS) |
- |
ros |
|
|
resource-level |
|
|
|
Function Compute |
- |
fc |
|
|
resource-level |
|
|
|
Simple Application Server |
- |
swas |
|
○ |
service-level |
AliyunSWASFullAccess |
- |
|
Elastic High Performance Computing (E-HPC) |
- |
ehpc |
|
|
service-level |
|
- |
|
Container Registry |
- |
cr |
|
|
resource-level |
|
|
|
Elastic Desktop Service (EDS) |
- |
ecd |
|
|
operation-level |
|
|
|
Elastic Container Instance (ECI) |
- |
eci |
|
|
resource-level |
|
|
|
Serverless Workflow |
- |
fnf |
|
|
resource-level |
|
|
|
Web App Service |
- |
webplus |
|
|
operation-level |
|
- |
|
Compute Nest |
- |
|
|
○ |
resource-level |
|
- |
|
Distributed Cloud Container Platform for Kubernetes (ACK One) |
- |
adcp |
|
|
operation-level |
|
- |
Databases
|
Service |
Sub-service |
RAM code |
Console |
API |
Authorization granularity |
System policy |
References |
|
ApsaraDB RDS |
ApsaraDB RDS |
rds |
|
|
resource-level |
|
|
|
ApsaraDB RDS |
ApsaraDB RDS for MySQL |
rds |
|
|
resource-level |
|
|
|
ApsaraDB RDS |
ApsaraDB RDS for SQL Server |
rds |
|
|
resource-level |
|
|
|
ApsaraDB RDS |
ApsaraDB RDS for PostgreSQL |
rds |
|
|
resource-level |
|
|
|
ApsaraDB RDS |
ApsaraDB for MyBase |
rds |
|
|
resource-level |
|
- |
|
Tair |
- |
kvstore |
|
|
resource-level |
|
|
|
ApsaraDB for MongoDB |
- |
dds |
|
|
resource-level |
|
- |
|
AnalyticDB for PostgreSQL |
- |
gpdb |
|
|
resource-level |
|
- |
|
Data Transmission Service (DTS) |
- |
dts |
|
|
operation-level |
|
|
|
Data Management (DMS) |
- |
dms |
|
|
service-level |
|
|
|
AnalyticDB for MySQL |
- |
adb |
|
|
operation-level |
|
|
|
PolarDB-X |
- |
|
|
|
resource-level |
|
|
|
ApsaraDB for HBase |
- |
hbase |
|
|
resource-level |
|
|
|
Advanced Database & Application Migration (ADAM) |
- |
adam |
|
○ |
service-level |
|
|
|
PolarDB |
- |
polardb |
|
|
operation-level |
|
|
|
Database Backup Service (DBS) |
- |
dbs |
|
|
service-level |
|
- |
|
Database Autonomy Service (DAS) |
- |
hdm |
|
|
service-level |
|
|
|
ApsaraDB for OceanBase |
- |
oceanbase |
|
○ |
service-level |
|
- |
|
ApsaraDB for Cassandra |
- |
cassandra |
|
|
resource-level |
|
|
|
ApsaraDB for ClickHouse |
- |
clickhouse |
|
|
resource-level |
|
|
|
Database Gateway (DG) |
- |
dg |
|
|
resource-level |
|
- |
|
ApsaraDB for SelectDB |
- |
selectdb |
|
|
operation-level |
|
Storage
|
Service |
Sub-service |
RAM code |
Console |
API |
Authorization granularity |
System policies |
References |
|
Object Storage Service (OSS) |
- |
oss |
|
|
resource level |
|
|
|
NAS |
- |
nas |
|
|
resource level |
|
|
|
Tablestore |
- |
ots |
|
|
resource level |
|
|
|
Cloud Storage Gateway (CSG) |
- |
hcs-sgw |
|
|
service level |
AliyunHCSSGWFullAccess |
|
|
Cloud Backup |
- |
hbr |
|
|
resource level |
|
|
|
Hybrid Cloud Storage |
Hybrid Cloud Storage |
hgw |
|
○ |
operation level |
|
- |
|
Hybrid Cloud Storage |
Remote Service |
asrs |
|
○ |
resource level |
|
- |
Cloud communication
|
Cloud service |
Subservice / module |
RAM code |
Console |
API |
Authorization granularity |
System policy |
Related documentation |
|
Short Message Service |
- |
dysms |
|
|
service level |
- |
- |
Networking
|
Cloud service |
Sub-service/sub-module |
RAM code |
Console |
API |
Authorization granularity |
System policy |
Related documents |
|
Virtual Private Cloud (VPC) |
- |
vpc |
|
|
resource-level |
|
|
|
Server Load Balancer (SLB) |
Classic Load Balancer (CLB) |
slb |
|
|
resource-level |
|
|
|
Server Load Balancer (SLB) |
Application Load Balancer (ALB) |
alb |
|
|
resource-level |
|
|
|
Server Load Balancer (SLB) |
Network Load Balancer (NLB) |
nlb |
|
|
resource-level |
|
|
|
Server Load Balancer (SLB) |
Gateway Load Balancer (GWLB) |
gwlb |
|
|
resource-level |
|
|
|
Express Connect |
- |
vpc |
|
|
resource-level |
|
|
|
Elastic IP Address (EIP) |
Elastic IP Address (EIP) |
vpc |
|
|
resource-level |
|
|
|
Elastic IP Address (EIP) |
Anycast Elastic IP Address (Anycast EIP) |
eipanycast |
|
|
resource-level |
|
|
|
NAT Gateway |
- |
vpc |
|
|
resource-level |
|
|
|
VPN Gateway |
- |
vpc |
|
|
resource-level |
|
|
|
Internet Shared Bandwidth |
- |
vpc |
|
|
resource-level |
|
- |
|
Global Accelerator (GA) |
- |
ga |
|
|
resource-level |
|
|
|
Smart Access Gateway (SAG) |
- |
smartag |
|
|
resource-level |
- |
|
|
Cloud Enterprise Network (CEN) |
- |
cen |
|
|
resource-level |
|
|
|
PrivateLink |
- |
privatelink |
|
|
resource-level |
|
|
|
Alibaba Cloud DNS PrivateZone |
- |
pvtz |
|
|
resource-level |
|
|
|
Cloud Data Transfer (CDT) |
- |
cdt |
|
|
operation-level |
|
|
|
VPC peering connection |
- |
vpc |
|
|
resource-level |
|
- |
|
IPv6 Gateway |
- |
vpc |
|
|
resource-level |
|
- |
O&M management
|
Cloud service |
Sub-module |
Code |
Console |
API |
Authorization granularity |
System policies |
Documentation |
|
Application Real-Time Monitoring Service (ARMS) |
- |
arms |
|
|
service level |
|
|
|
CloudMonitor |
- |
cms |
|
|
operation level |
|
|
|
Intelligent Advisor |
- |
advisor-intl |
|
|
operation level |
|
- |
|
Cloud Shell |
- |
cloudshell |
|
○ |
operation level |
AliyunCloudShellFullAccess |
- |
|
Cloud Config |
- |
config |
|
|
operation level |
|
|
|
Logic Composer |
- |
composer |
|
|
resource level |
|
|
|
CloudOps Orchestration Service (OOS) |
- |
oos |
|
|
resource level |
|
|
|
Cloud Governance Center (CGC) |
Cloud Governance Center (CGC) |
governance |
|
○ |
operation level |
|
- |
|
Cloud Governance Center (CGC) |
Service Catalog |
servicecatalog |
|
|
resource level |
|
Middleware
|
Service |
Sub-service or sub-module |
RAM code |
Console |
API |
Authorization granularity |
System policy |
Documentation |
|
Enterprise Distributed Application Service (EDAS) |
- |
edas |
|
|
resource level |
|
|
|
Message Queue |
Message Queue for Apache RocketMQ |
mq |
|
|
resource level |
|
|
|
Message Queue |
Message Queue for MQTT |
mq |
|
|
resource level |
|
|
|
Message Queue |
Message Queue for RabbitMQ |
amqp |
|
|
resource level |
|
|
|
Message Service (MNS) |
- |
mns |
|
|
resource level |
|
|
|
Message Queue for Apache Kafka |
- |
alikafka |
|
|
resource level |
|
|
|
Application High Availability Service (AHAS) |
- |
ahas |
|
|
service level |
|
- |
|
Alibaba Cloud Service Mesh (ASM) |
- |
servicemesh |
|
|
resource level |
|
|
|
EventBridge |
- |
eventbridge |
|
|
resource level |
|
Media and CDN
|
Service |
Subservice or submodule |
RAM code |
Console |
API |
Authorization granularity |
System policies |
References |
|
Alibaba Cloud CDN |
- |
cdn |
|
|
resource-level |
|
|
|
ApsaraVideo for Media Processing (MPS) |
- |
mts |
|
|
service-level |
|
- |
|
ApsaraVideo for VOD |
- |
vod |
|
|
action-level |
|
- |
|
ApsaraVideo for Live |
- |
live |
|
|
resource-level |
|
|
|
Real-Time Communication (RTC) |
- |
rtc |
|
|
resource-level |
- |
- |
|
Dynamic Content Delivery Network (DCDN) |
- |
dcdn |
|
|
resource-level |
|
- |
|
Edge Security Acceleration (ESA) |
- |
esa |
|
|
resource-level |
|
Enterprise applications
|
Service |
Sub-service/sub-module |
RAM code |
Console |
API |
Authorization granularity |
System policy |
References |
|
Direct Mail |
- |
dm |
|
|
operation level |
|
- |
|
API Gateway |
- |
apigateway |
|
|
service level |
|
|
|
Alibaba Mail |
- |
alimail |
|
○ |
operation level |
|
- |
|
Resource Management |
Resource Directory |
resourcemanager |
|
|
operation level |
|
|
|
Resource Management |
Resource Sharing |
resourcesharing |
|
|
operation level |
|
- |
|
Resource Management |
tag |
tag |
|
|
operation level |
|
|
|
Resource Management |
Resource Center |
resourcecenter |
|
|
operation level |
|
|
|
Blockchain as a Service (BaaS) |
Blockchain as a Service (BaaS) |
baas |
|
|
resource level |
|
|
|
CloudQuotation (CQ) |
- |
assettech |
|
○ |
service level |
|
- |
|
BizWorks |
- |
bizworks |
|
○ |
service level |
|
- |
Domains and websites
|
Service |
Sub-service or sub-module |
RAM code |
Console |
API |
Authorization granularity |
System policies |
References |
|
Alibaba Cloud DNS |
Alibaba Cloud DNS |
alidns |
|
|
resource-level |
|
|
|
Alibaba Cloud DNS |
Alibaba Cloud Public DNS |
pubdns |
|
|
resource-level |
|
- |
|
Alibaba Cloud Domains |
- |
domain |
|
|
resource-level |
|
Artificial intelligence
|
Service |
Module |
RAM code |
Console |
API |
Authorization granularity |
System policies |
References |
|
Intelligent Speech Interaction |
Intelligent Speech Interaction |
nls |
|
|
service level |
|
- |
|
Platform for AI (PAI) |
- |
pai |
|
|
service level |
- |
- |
|
Platform for AI (PAI) |
- |
paiplugin |
○ |
|
operation level |
|
- |
|
Image Search |
- |
imagesearch |
|
|
resource level |
|
|
|
Machine Translation |
- |
alimt |
|
|
operation level |
|
- |
|
Model Studio |
- |
sfm |
|
|
resource level |
|
IoT
|
Service |
Sub-service or module |
RAM code |
Console |
API |
Authorization granularity |
System policy |
References |
|
IoT Platform |
- |
iot |
|
|
resource level |
|
|
|
Link IoT Edge |
- |
iot |
|
|
resource level |
|
|
|
Cloud-native Multi-model Database Lindorm |
Time Series Database (TSDB) |
hitsdb |
|
|
operation level |
- |
- |
Big data
|
Service |
Sub-module |
RAM code |
Console |
API |
Granularity |
System policies |
References |
|
DataWorks |
- |
dataworks |
|
|
operation level |
|
|
|
Quick BI |
- |
- |
|
|
service level |
- |
- |
|
DataV |
- |
datav |
|
○ |
service level |
AliyunDataVFullAccess |
- |
|
Realtime Compute for Apache Flink |
- |
stream |
|
|
resource level |
|
|
|
Elasticsearch |
- |
elasticsearch |
|
|
resource level |
|
|
|
E-MapReduce |
E-MapReduce |
emr |
|
|
service level |
|
|
|
Simple Log Service (SLS) |
- |
log |
|
|
resource level |
|
|
|
Hologres |
- |
hologram |
|
|
resource level |
|
Developer services
|
Cloud services |
Sub-service |
RAM codes |
Console |
API |
Authorization granularity |
System policies |
References |
|
Alibaba Cloud DevOps |
- |
rdc |
|
|
resource level |
|
- |
|
Tracing Analysis |
- |
xtrace |
|
|
operation level |
|
- |
Security
|
Service |
Sub-service/sub-module |
RAM code |
Console |
API |
Authorization granularity |
System policy |
Documentation |
|
Security Center |
- |
|
|
|
operation level |
|
- |
|
Server Guard |
- |
yundun-aegis |
|
|
service level |
|
- |
|
Anti-DDoS |
Anti-DDoS |
yundun-ddos |
|
|
service level |
|
- |
|
Anti-DDoS |
Anti-DDoS Origin |
|
|
|
service level |
|
- |
|
Anti-DDoS |
Anti-DDoS Origin (International) |
|
|
○ |
service level |
|
- |
|
Web Application Firewall (WAF) |
Web Application Firewall (WAF) |
yundun-waf |
|
|
operation level |
|
- |
|
Certificate Management Service |
- |
yundun-cert |
|
|
service level |
|
- |
|
Cloud Firewall |
- |
yundun-cloudfirewall |
|
|
resource level |
|
|
|
Managed Security Service (MSSP) |
- |
mssp |
|
○ |
service level |
- |
- |
|
Content Moderation |
- |
yundun-greenweb |
|
|
service level |
|
- |
|
Bastionhost |
Bastionhost |
yundun-bastionhost |
|
○ |
service level |
|
- |
|
Data Security Center (DSC) |
- |
yundun-sddp |
|
|
service level |
|
- |
|
Identity as a Service (IDaaS) |
Identity as a Service (IDaaS) |
yundun-idaas |
|
○ |
operation level |
|
- |
|
Key Management Service (KMS) |
- |
kms |
|
|
resource level |
|
|
|
Resource Access Management (RAM) |
Resource Access Management (RAM) |
|
|
|
resource level |
|
|
|
Resource Access Management (RAM) |
CloudSSO |
cloudsso |
|
○ |
resource level |
|
- |
|
ActionTrail |
- |
actiontrail |
|
|
operation level |
- |
Support and services
|
Service |
Sub-module |
RAM code |
Console |
API |
Authorization granularity |
System policy |
References |
|
Ticket |
- |
support |
|
|
service level |
AliyunSupportFullAccess |
- |
Alibaba Cloud Marketplace
|
Service |
Sub-module |
RAM code |
Console |
API |
Authorization granularity |
System policy |
References |
|
Alibaba Cloud Marketplace |
- |
acm |
|
|
service level |
AliyunMarketplaceFullAccess |
- |
Other
|
Service |
Sub-module |
RAM code |
Console |
API |
Authorization granularity |
System policies |
References |
|
Billing Management |
- |
|
|
|
operation level |
|
- |
|
ICP Filing |
- |
|
|
Unsupported |
service level |
AliyunBeianFullAccess |
- |