This topic describes how to create a Resource Access Management (RAM) role for a trusted Alibaba Cloud account. This type of RAM role is used to implement cross-account access and temporary authorization. The RAM role can be assumed by a RAM user that belongs to your Alibaba Cloud account or to a different Alibaba Cloud account.

Procedure

  1. Log on to the RAM console by using your Alibaba Cloud account.
  2. In the left-side navigation pane, choose Identities > Roles.
  3. On the Roles page, click Create Role.
  4. In the Create Role panel, select Alibaba Cloud Account for the Select Trusted Entity parameter and click Next.
  5. Configure parameters for the RAM role.
    1. Specify RAM Role Name.
    2. Optional:Specify Note.
    3. Select Current Alibaba Cloud Account or Other Alibaba Cloud Account.
      • Current Alibaba Cloud Account: If you want a RAM user that belongs to your Alibaba Cloud account to assume the RAM role, select Current Alibaba Cloud Account.
      • Other Alibaba Cloud Account: If you want a RAM user that belongs to a different Alibaba Cloud account to assume the RAM role, select Other Alibaba Cloud Account and enter the ID of the Alibaba Cloud account. This option is provided to authorize different Alibaba Cloud accounts.
        Note You can view the ID of an Alibaba Cloud account on the Security Settings page.
  6. Click OK.
  7. Click Close.

What to do next

After the RAM role is created, the RAM role has no permissions. You can grant permissions to the RAM role. For more information, see Grant permissions to a RAM role.