This topic describes the release notes for Resource Access Management (RAM) features and provides links to the relevant references.

July 2022

Feature Description Release date Region References
Services that work with RAM RAM is available for Cloud Data Transfer (CDT). 2022-07 N/A Services that work with RAM
RAM is available for Network SLB Service (NLB).
RAM is available for Elastic Block Storage (EBS).
Services that work with STS Security Token Service (STS) is available for CDT. 2022-07 N/A Services that work with STS
STS is available for NLB.
STS is available for EBS.

June 2022

Feature Description Release date Region References
Services that work with RAM RAM is available for Anycast Elastic IP Address (Anycast EIP). 2022-06 N/A Services that work with RAM
Services that work with STS STS is available for Anycast EIP. 2022-06 N/A Services that work with STS

April 2022

Feature Description Release date Region References
Custom policy creation by importing templates Policy templates that are created based on years of business practices are provided. The policy templates are suitable for common scenarios. For example, RAM provides policy templates that are applicable to system administrators, financial personnel, and network administrators. You need to only import an appropriate policy template and modify the template based on your business requirements. This way, you can create a custom policy in a convenient manner. 2022-04 N/A Create a custom policy by importing a policy template

March 2022

Feature Description Release date Region References
Services that work with RAM RAM is available for the industry-specific plug-in PAI-Plugin that is provided by Machine Learning. 2022-03 N/A Services that work with RAM
RAM is available for Alibaba Cloud Distributed Cloud Container Platform (ACK One).
Services that work with STS STS is available for the industry-specific plug-in PAI-Plugin that is provided by Machine Learning. 2022-03 N/A Services that work with STS
STS is available for ACK One.

December 2021

Feature Description Release date Region References
Services that work with RAM RAM is available for Compute Nest. 2021-12 N/A Services that work with RAM
Services that work with STS STS is available for Compute Nest. 2021-12 N/A Services that work with STS

November 2021

Feature Description Release date Region References
OIDC-based SSO OpenID Connect (OIDC)-based single sign-on (SSO) is supported. An enterprise can use an OIDC token that is issued by an identity provider (IdP) to call an Alibaba Cloud operation to assume a specific RAM role and use the OIDC token to obtain a STS token. Then, the enterprise can use the STS token to access Alibaba Cloud resources. 2021-11 N/A Overview of OIDC-based SSO
MFA for sensitive operations Multi-factor authentication (MFA) is required for sensitive operations. If a RAM user for which MFA is enabled wants to perform a sensitive operation in the Alibaba Cloud Management Console, risk control is triggered and the RAM user is required to pass MFA again. The RAM user can perform the sensitive operation only after the RAM user enters a valid MFA verification code. 2021-11 N/A MFA for sensitive operations
Services that work with RAM RAM is available for Alibaba Cloud Genomics Service (AGS). 2021-11 N/A Services that work with RAM
Services that work with STS STS is available for AGS. 2021-11 N/A Services that work with STS

September 2021

Feature Description Release date Region References
Services that work with RAM RAM is available for Cloud Governance Center. 2021-09 N/A Services that work with RAM
Services that work with STS STS is available for Cloud Governance Center. 2021-09 N/A Services that work with STS

August 2021

Feature Description Release date Region References
CloudSSO CloudSSO is integrated with Alibaba Cloud Resource Directory to provide unified multi-account identity management and access control. You can use CloudSSO to centrally manage users of an enterprise who need to access Alibaba Cloud resources and assign access permissions on the accounts in a resource directory to the users. You can also configure settings to implement SSO access to Alibaba Cloud resources from an IdP. You need to configure the settings only once. 2021-08 China (Shanghai) and US (Silicon Valley) What is CloudSSO?
Services that work with RAM RAM is available for Machine Translation. 2021-08 N/A Services that work with RAM
RAM is available for CloudSSO.
Services that work with STS STS is available for Machine Translation. 2021-08 N/A Services that work with STS
STS is available for CloudSSO.
STS is available for Simple Application Server.
STS is available for Application Real-Time Monitoring Service.
STS is available for Enterprise Distributed Application Service.
STS is available for Fraud Detection.

April 2021

Feature Description Release date Region References
Services that work with RAM RAM is available for Alibaba Cloud Public DNS. 2021-04 N/A Services that work with RAM
Services that work with STS STS is available for Alibaba Cloud Public DNS. 2021-04 N/A Services that work with STS

March 2021

Feature Description Release date Region References
FIDO U2F

FIDO Universal 2nd Factor (FIDO U2F) is a widely used MFA protocol that is created by the FIDO Alliance. U2F security keys are a type of MFA device that supports the U2F protocol. For more information, visit FIDO Alliance.

After a U2F security key is enabled, two authentication factors are required when a RAM user logs on to Alibaba Cloud.

  1. First factor: Enter the username and password of the RAM user.
  2. Second factor: Plug the U2F security key into a USB port on a computer and tap the key to complete the logon process.
2021-03 All regions

September 2020

Feature Description Release date Region References
Services that work with RAM RAM is available for the Tag service. 2020-09 N/A Services that work with RAM
Services that work with STS STS is available for the Tag service. 2020-09 N/A Services that work with STS

July 2020

Feature Description Release date Region References
Resource group-based authorization in the RAM console A RAM user, RAM user group, or RAM role can be granted permissions in the RAM or Resource Management console. The permissions on the resources of an Alibaba Cloud account or on a specific resource group can be granted. The permissions of a RAM user, RAM user group, or RAM role can also be revoked. 2020-07 All regions None

June 2020

Feature Description Release date Region References
Services that work with RAM RAM is available for Time Series Database (TSDB) for InfluxDB. 2020-06 N/A Services that work with RAM
Version rotation of custom policies When you modify a custom policy that has five versions in the RAM console, the earliest version that is not in use can be replaced with the latest version. 2020-06 All regions Manage custom policy versions

May 2020

Feature Description Release date Region References
Configuration of the maximum role session duration The maximum role session duration can be configured in the RAM console. The configuration applies when you log on to the console by using role-based SSO or when you use the console or call an API operation to assume a RAM role. 2020-05 All regions Specify the maximum session duration for a RAM role

March 2020

Feature Description Release date Region References
Services that work with RAM RAM is available for AnalyticDB for MySQL. 2020-03 N/A Services that work with RAM
Services that work with STS STS is available for Elastic High Performance Computing (E-HPC). 2020-03 N/A Services that work with STS
Service-linked roles Service-linked roles are provided by Alibaba Cloud RAM. Service-linked roles can be used to simplify the process of authorizing an Alibaba Cloud service to access other services and use a specific feature. Alibaba Cloud RAM provides service-linked roles for such scenarios. 2020-03 All regions Service-linked roles
Configuration of the maximum role session duration A new parameter named MaxSessionDuration is provided in API operations to specify the maximum session duration of a RAM role. 2020-03 All regions

February 2020

Feature Description Release date Region References
Services that work with STS STS is available for Dynamic Route for CDN (DCDN). 2020-02 N/A Services that work with STS

January 2020

Feature Description Release date Region References
Services that work with STS STS is available for ApsaraVideo Live. 2020-01 N/A Services that work with STS

December 2019

Feature Description Release date Region References
Services that work with RAM RAM is available for Server Migration Center (SMC). 2019-12 N/A Services that work with RAM

November 2019

Feature Description Release date Region References
User credential report A user credential report that contains the details of your Alibaba Cloud account and RAM users can be generated and downloaded in the RAM console. The details include logon passwords, AccessKey pairs, and MFA devices. 2019-11-15 All regions Generate and download user credential reports
Services that work with STS STS is available for Hybrid Backup Recovery (HBR). 2019-11 N/A Services that work with STS

October 2019

Feature Description Release date Region References
Services that work with RAM RAM is available for ID Verification for Financial Services. 2019-10 N/A Services that work with RAM
RAM is available for AnalyticDB for PostgreSQL.
Services that work with STS STS is available for Cloud Enterprise Network. 2019-10 N/A
STS is available for E-MapReduce. Services that work with STS

September 2019

Feature Description Release date Region References
Enabling or disabling of console logons for RAM users The access of RAM users to the console can be enabled and disabled. You can retain the password, MFA, and other logon settings when you disable the access of RAM users to the console. You can also clear console logon settings. 2019-09-09 All regions Manage console logon settings for a RAM user
Services that work with RAM RAM is available for Logic Composer. 2019-09 N/A Services that work with RAM

June 2019

Feature Description Release date Region References
Auxiliary domain names for user-based SSO The configuration of user-based SSO can be simplified by using auxiliary domain names. 2019-06-28 All regions Overview of user-based SSO

April 2019

Feature Description Release date Region References
SSO Alibaba Cloud supports Security Assertion Markup Language (SAML) 2.0-based SSO. This feature is also known as identity federation. SSO can be implemented between an enterprise identity service and Alibaba Cloud. 2019-04-04 All regions SSO overview

November 2018

Feature Description Release date Region References
RAM console The RAM console is updated. 2018-11-15 All regions RAM documentation