This topic describes how to create a Resource Access Management (RAM) user. A RAM user is an entity you create in RAM to represent an individual or a program that requires to access Alibaba Cloud. After you create a RAM user and grant the relevant permissions to the RAM user, the RAM user can access the required Alibaba Cloud resources.
Log on to the RAM console by using an Alibaba Cloud account or a RAM user that has administrative rights.
In the left-side navigation pane, choose .
On the Users page, click Create User.
In the User Account Information section of the Create User page, configure the following parameters:
Logon Name: The logon name can be up to 64 characters in length, and can contain letters, digits, periods (.), hyphens (-), and underscores (_).
Display Name: The display name can be up to 128 characters in length.
Tag: Click the icon and enter a tag key and a tag value. You can add one or more tags to the RAM user. This way, you can manage the RAM user based on the tags.
You can click Add User to create multiple RAM users at a time.
In the Access Mode section, select an access mode and configure the required parameters.
To ensure the security of your Alibaba Cloud account, we recommend that you select only one access mode for the RAM user. This way, the RAM user for an individual is separated from the RAM user for a program.
If the RAM user represents an individual, we recommend that you select Console Access for the RAM user. This way, the RAM user can use a username and password to access Alibaba Cloud. If you select Console Access, you must configure the following parameters:
Set Console Password: You can select Automatically Regenerate Default Password or Reset Custom Password. If you select Reset Custom Password, you must specify a password. The password must meet the complexity requirements. For more information, see Configure a password policy for RAM users.
Password Reset: specifies whether the RAM user is required to reset the password upon the next logon.
Enable MAF: specifies whether to enable multi-factor authentication (MFA) for the RAM user. After you enable MFA, you must bind an MFA device to the RAM user or allow the RAM user to bind an MFA device. For more information, see Bind an MFA device to a RAM user.
If the RAM user represents a program, we recommend that you select OpenAPI Access for the RAM user. This way, the RAM user can use an AccessKey pair to access Alibaba Cloud. If you select OpenAPI Access, the system automatically generates an AccessKey ID and AccessKey secret for the RAM user. For more information, see Obtain an AccessKey pair.Important
An AccessKey secret for a RAM user is displayed only after you click Create AccessKey. You cannot query the AccessKey secret in subsequent operations. Therefore, you must back up your AccessKey secret.
Complete security verification as prompted.
What to do next
Grant permissions to the RAM user.
The newly created RAM user has no permissions. You must grant relevant permissions to the RAM user. Then, the RAM user can access the required Alibaba Cloud resources. For more information, see Grant permissions to RAM users.
Log on to the Alibaba Cloud Management Console as the RAM user.
You can use the username and password of the RAM user to log on to the Alibaba Cloud Management Console. For more information, see Log on to the Alibaba Cloud Management Console as a RAM user.