This topic describes how to create a Resource Access Management (RAM) role for a trusted
Alibaba Cloud service. This type of RAM role is used to authorize access across Alibaba
Cloud services.
Background information
Two types of RAM roles are available for a trusted Alibaba Cloud service:
- Normal service role: You must enter a name for the RAM role, select a trusted service,
and then attach policies to the RAM role.
- Service-linked role: You need only to select a trusted service. The name and policy
of the RAM role are predefined by the service. For more information, see Service-linked roles.
Create a normal service role
- Log on to the RAM console by using your Alibaba Cloud account.
- In the left-side navigation pane, choose .
- On the Roles page, click Create Role.
- In the Create Role panel, select Alibaba Cloud Service for the Select Trusted Entity parameter and click Next.
- Select Normal Service Role for the Role Type parameter.
- Specify the RAM Role Name and Note parameters.
- Select a trusted service.
Note Available services are provided in the Select Trusted Service drop-down list.
- Click OK.
- Click Close.
After a RAM role is created, the RAM role has no permissions. You can grant permissions
to the RAM role. For more information, see Grant permissions to a RAM role.
Create a service-linked role
- Log on to the RAM console by using your Alibaba Cloud account.
- In the left-side navigation pane, choose .
- On the Roles page, click Create Role.
- In the Create Role panel, select Alibaba Cloud Service for the Select Trusted Entity parameter and click Next.
- Select Service Linked Role for the Role Type parameter.
- Select a service.
After you select the service, you can view the name, description, and policy that
are predefined for the service-linked role. You can click
View Policy Details to view the detailed information about the policy.
Note Available services are provided in the Select Service drop-down list.
- Click OK.
- Click Close.