This topic lists the Alibaba Cloud services that support Resource Access Management (RAM). It also describes the authorization granularity, system policies, and related documents for each service.
Overview
Each table in this topic contains the following information:
Service: The name of the Alibaba Cloud service that supports RAM.
Sub-service/Sub-module: The sub-service or sub-module of the service. A hyphen (-) indicates that none is available.
RAM code: The RAM code of the service.
Console: Indicates whether the service supports access control in the console. indicates that access control is supported. indicates that access control is not supported. ○ indicates that the service is not available in the console.
API: Indicates whether the service supports access control through APIs. indicates that access control is supported. indicates that access control is not supported. ○ indicates that the service does not provide APIs.
Authorization granularity: The minimum authorization granularity that the service provides. A hyphen (-) indicates that none is available.
When integrated with RAM, each service defines different levels of authorization granularity for RAM users or RAM roles:
Service level: Authorization is granted for the entire service. A RAM user or RAM role can have either all permissions or no permissions for the service.
Operation level: Authorization is granted at the API operation level. A RAM user or RAM role can perform specific operations on certain types of resources for a specified service.
Resource level: Authorization is granted for specific operations on specific resources. This is the finest authorization granularity. For example, a RAM user can be granted the permission to restart only a specific Elastic Compute Service (ECS) instance.
System policy: The system policies that the service supports. A hyphen (-) indicates that none is available.
References: Links to documents related to the service and RAM. A hyphen (-) indicates that none is available.
Elastic computing
Alibaba Cloud service | Sub-service/Sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Elastic Compute Service (ECS) | ECS | ecs | Resource-level |
| |||
Elastic Block Storage | Elastic Block Storage | ecs | Resource-level |
| - | ||
Elastic Block Storage | Elastic Block Storage (EBS) | ebs | Resource-level |
| - | ||
ECS | Elastic GPU Service | ecs | Resource-level |
| |||
ECS | ECS Bare Metal Instance | ecs | Resource-level |
| |||
ECS | Dedicated Host | ecs | Resource-level |
| |||
ECS | Alibaba Cloud Linux 2 | ecs | Resource-level |
| |||
Auto Scaling | - | ess | Operation-level |
| |||
Container Service for Kubernetes | - | cs | Resource-level |
| |||
BatchCompute | - | batchcompute | Service-level | - | - | ||
Resource Orchestration Service | - | ros | Resource-level |
| |||
Function Compute | - | fc | Resource-level |
| Grant permissions across Alibaba Cloud accounts using a RAM role | ||
Simple Application Server | - | swas | • | Service-level | AliyunSWASFullAccess | - | |
Elastic High Performance Computing | - | ehpc | Service-level |
| - | ||
Container Registry | - | cr | Resource-level |
| |||
Cloud Desktop | Elastic Desktop Service | ecd | Operation-level |
| |||
Elastic Container Instance | - | eci | Resource-level |
| |||
CloudFlow | - | fnf | Resource-level |
| |||
Web App Service | - | webplus | Operation-level |
| - | ||
Compute Nest | - |
| • | Resource-level |
| - | |
Distributed Cloud Container Platform for Kubernetes | - | adcp | Operation-level |
| - |
Database
Alibaba Cloud service | Sub-service/Sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Relational database | Relational database | RDS | Resource level |
| |||
Relational database | ApsaraDB RDS for MySQL | rds | Resource level |
| |||
Relational database | ApsaraDB for SQL Server | RDS | Resource level |
| |||
Relational database | ApsaraDB for PostgreSQL | rds | Resource level |
| |||
Relational database | ApsaraDB for MyBase | RDS | Resource level |
| - | ||
ApsaraDB for Tair (compatible with Redis®) | - | kvstore | Resource level |
| |||
ApsaraDB for MongoDB | - | dds | Resource level |
| - | ||
AnalyticDB for PostgreSQL | - | gpdb | Resource level |
| - | ||
Data Transmission Service | - | DTS | Operation level |
| |||
Data Management | - | dms | Service level |
| |||
AnalyticDB for MySQL | - | adb | Operation level |
| |||
Cloud-native distributed database PolarDB-X | - |
| Resource level |
| |||
ApsaraDB for HBase | - | HBase | Resource level |
| |||
Advanced Database & Application Migration | - | adam | ○ | Service level |
| RAM authentication for Advanced Database & Application Migration | |
PolarDB | - | PolarDB | Operation level |
| |||
Data Disaster Recovery | - | dbs | Service level |
| - | ||
Database Autonomy Service | - | hdm | Service Level |
| |||
ApsaraDB for OceanBase | - | oceanbase | ○ | Service level |
| - | |
ApsaraDB for Cassandra | - | Cassandra | Resource level |
| |||
LedgerDB | - | ledgerdb | Resource level |
| |||
ApsaraDB for ClickHouse | - | ClickHouse | Resource level |
| |||
Database Gateway (DG) | - | dg | Resource level |
| - | ||
ApsaraDB for SelectDB | - | selectdb | Operation level |
|
Storage
Alibaba Cloud service | Sub-service/Sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Object Storage Service | - | oss | Resource level |
| |||
File Storage NAS | - | nas | Resource level |
| |||
Tablestore | - | ots | Resource level |
| |||
Cloud Storage Gateway | - | hcs-sgw | Service level | AliyunHCSSGWFullAccess | |||
Cloud Backup | - | hbr | Resource level |
| |||
Hybrid Cloud Storage | Hybrid Cloud Storage | hgw | ○ | Operation level |
| - | |
Hybrid Cloud Storage | Remote Service | asrs | ○ | Resource level |
| - |
Cloud communications
Alibaba Cloud service | Sub-service/Sub-module | RAM code | Console | API | Authorization granularity | System policies | References |
Short Message Service | - | dysms | Service level | - | - |
Network
Alibaba Cloud service | Sub-service/sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Virtual Private Cloud (VPC) | - | vpc | Resource level |
| |||
Server Load Balancer | Classic Load Balancer | SLB | Resource-level |
| |||
Server Load Balancer | Application Load Balancer | ALB | Resource level |
| |||
Server Load Balancer | Network Load Balancer (NLB) | nlb | Resource level |
| |||
Server Load Balancer | Gateway Load Balancer | gwlb | Resource level |
| |||
Express Connect | - | VPC | Resource level |
| |||
Elastic IP Address | Elastic IP Address | VPC | Resource level |
| |||
Elastic IP Address | Anycast Elastic IP Address | eipanycast | Resource level |
| |||
NAT Gateway | - | VPC | Resource level |
| |||
VPN Gateway | - | VPC | Resource level |
| |||
Internet Shared Bandwidth | - | VPC | Resource level |
| - | ||
Global Accelerator | - | ga | Resource level |
| |||
Smart Access Gateway | - | smartag | Resource level | - | |||
Cloud Enterprise Network | - | CEN | Resource level |
| |||
PrivateLink | - | privatelink | Resource-level |
| |||
PrivateZone | - | PVTZ | Resource level |
| |||
Cloud Data Transfer | - | cdt | Operation level |
| |||
VPC peering connection | - | VPC | Resource level |
| - | ||
IPv6 gateway | - | VPC | Resource level |
| - |
Operations management
Alibaba Cloud service | Sub-service/Sub-module | Code | Console | API | Authorization granularity | System policy | References |
Application Real-Time Monitoring Service | - | arms | Service level |
| |||
Cloud Monitor | - | cms | Operation level |
| |||
Intelligent Advisor | - | advisor-intl | Operation level |
| - | ||
Cloud Shell | - | cloudshell | ○ | Operation level | AliyunCloudShellFullAccess | - | |
CloudConfig | - | config | Operation level |
| |||
Logic Composer | - | composer | Resource level |
| |||
CloudOps Orchestration Service (OOS) | - | oos | Resource level |
| |||
Cloud Governance Center | Cloud Governance Center | governance | ○ | Operation level |
| - | |
Cloud Governance Center | Service Catalog | servicecatalog | Resource level |
|
Internet middleware
Alibaba Cloud service | Sub-service/Sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Enterprise Distributed Application Service | - | edas | Resource level |
| |||
Message Queue | Message Queue for Apache RocketMQ | mq | Resource level |
| |||
Message Queue | Message Queue for MQTT | mq | Resource level |
| |||
Message Queue | Message Queue for RabbitMQ | amqp | Resource level |
| |||
Message Service (formerly MNS) | - | mns | Resource level |
| |||
Message Queue for Apache Kafka | - | alikafka | Resource level |
| |||
Application High Availability Service | - | ahas | Service level |
| - | ||
Service Mesh | - | servicemesh | Resource level |
| |||
EventBridge | - | eventbridge | Resource level |
|
Video and CDN
Alibaba Cloud service | Sub-service/Sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
CDN | - | cdn | Resource level |
| |||
ApsaraVideo Media Processing | - | mts | Service level |
| - | ||
ApsaraVideo VOD | - | vod | Operation level |
| - | ||
ApsaraVideo Live | - | live | Resource level |
| |||
Real-Time Communication | - | rtc | Resource level | - | - | ||
Whole Site Acceleration | - | dcdn | Resource level |
| - | ||
Edge Security Acceleration | - | esa | Resource level |
|
Enterprise applications
Alibaba Cloud service | Sub-service / Sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Direct Mail | - | dm | Operation level |
| - | ||
API Gateway | - | API Gateway | Service level |
| |||
Alibaba Mail | - | alimail | ○ | Operation level |
| - | |
Resource Management | Resource Management | ResourceManager | Operation level |
| |||
Resource Management | Resource sharing | resourcesharing | Operation level |
| - | ||
Resource Management | Tag | Tag | Operation level |
| |||
Resource Management | Resource Center | Resource Center | Operation level |
| |||
Blockchain as a Service | Blockchain as a Service | BaaS | Resource level |
| |||
CloudQuotation | - | assettech | ○ | Service level |
| - | |
BizWorks | - | BizWorks | ○ | Service Level |
| - |
Domain Names and Websites
Alibaba Cloud service | Sub-service/Sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Alibaba Cloud DNS | Alibaba Cloud DNS | alidns | Resource level |
| |||
Alibaba Cloud DNS | Public DNS | pubdns | Resource level |
| - | ||
Domain Names | - | domain | Resource level |
|
Artificial intelligence
Alibaba Cloud service | Sub-service/Sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Intelligent Speech Interaction | Intelligent Speech Interaction | nls | Service level |
| - | ||
Artificial Intelligence Platform | - | PAI | Service level | - | - | ||
Artificial Intelligence Platform | - | paiplugin | ○ | Operation level |
| - | |
Image Search | - | imagesearch | Resource level |
| |||
Machine Translation | - | alimt | Operation level |
| - | ||
Alibaba Cloud Model Studio | - | sfm | Resource level |
|
IoT
Alibaba Cloud service | Sub-service/Sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
IoT Platform | - | iot | Resource level |
| |||
IoT Edge | - | iot | Resource level |
| |||
Lindorm | Time Series Database (TSDB) | hitsdb | Operation level | - | - |
Big data
Alibaba Cloud service | Sub-service/Sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
DataWorks | - | dataworks | Operation level |
| |||
Quick BI | - | - | Service level | - | - | ||
DataV | - | datav | ○ | Service level | AliyunDataVFullAccess | - | |
Realtime Compute for Apache Flink | - | stream | Resource level |
| |||
Elasticsearch | - | elasticsearch | Resource level |
| |||
E-MapReduce | E-MapReduce | emr | Service level |
| |||
Simple Log Service | - | log | Resource level |
| |||
Interactive Analysis | - | hologram | Resource level |
|
Developer services
Alibaba Cloud service | Sub-service/Sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Apsara Devops | - | rdc | Resource level |
| - | ||
Tracing Analysis | - | xtrace | Operation level |
| - |
Security
Alibaba Cloud service | Sub-service/Sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Security Center (Threat Detection Service) | - |
| Operation level |
| - | ||
Server Guard | - | yundun-aegis | Service level |
| - | ||
Anti-DDoS | Anti-DDoS | yundun-ddos | Service level |
| - | ||
Anti-DDoS | Anti-DDoS Pro and Anti-DDoS Premium |
| Service-level |
| - | ||
Anti-DDoS | Anti-DDoS Premium |
| ○ | Service level |
| - | |
Web Application Firewall | Web Application Firewall | yundun-waf | Operation level |
| - | ||
SSL Certificate | - | yundun-cert | Service level |
| - | ||
Cloud Firewall | - | Cloud Firewall | Resource level |
| |||
Managed Security Service | - | mssp | ○ | Service level | - | - | |
Content Moderation | - | yundun-greenweb | Service level |
| - | ||
Bastionhost | Bastionhost | yundun-bastionhost | ○ | Service level |
| - | |
Data Security Center | - | yundun-sddp | Service level |
| - | ||
Identity as a Service | IDaaS | yundun-idaas | ○ | Operation level |
| - | |
Key Management Service | - | KMS | Resource level |
| |||
Resource Access Management | Resource Access Management |
| Resource level |
| |||
Resource Access Management | CloudSSO | Cloud SSO | ○ | Resource level |
| - | |
ActionTrail | - | ActionTrail | Operation Level | - |
Support and services
Alibaba Cloud service | Sub-service/Sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Ticket | - | support | Service level | AliyunSupportFullAccess | - |
Alibaba Cloud Marketplace
Service | Sub-service | RAM code | Console | API | Authorization granularity | System policy | References |
Alibaba Cloud Marketplace | - | acm | Service level | AliyunMarketplaceFullAccess | - |
Others
Alibaba Cloud service | Sub-service/Sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Cost Center | - |
| Action level |
| - | ||
ICP filing | - |
| • | Service level | AliyunBeianFullAccess | - |