This topic describes the release notes for Resource Access Management (RAM) features and provides links to the relevant references.
October 2025
Feature | Description | Release date | Region | References |
Over-privileged access remediation | The Access Analyzer provides capabilities for over-privileged access remediation. When the analyzer identifies an identity with excessive permissions, it generates corresponding remediation advice to help you quickly reduce unused permissions and lower security risks. | 2025-10 | N/A | |
Open Authorization (OAuth) | You can install the official Alibaba Cloud CLI application and assign an identity to it. | 2025-10 | N/A | |
SourceIdentity | By setting SourceIdentity when assuming a RAM role to obtain an STS token, you can achieve identity traceability and fine-grained access control in complex scenarios such as role chaining. | 2025-10 | N/A | Use SourceIdentity for traceability and access control in role assumption |
September 2025
Feature | Description | Release date | Region | References |
Maximum idle time of an AccessKey pair | You can specify the maximum number of days an AccessKey pair (for either an Alibaba Cloud account or a RAM user) can be inactive before it is automatically disabled. This feature helps enhance the security of your AccessKey pairs. | 2025-09 | N/A | |
OAuth management | The OAuth 2.1 protocol is supported. | 2025-09 | N/A | |
RAM administrators can install official third-party applications and assign user access to these applications. | 2025-09 | N/A | ||
Access analyzing | The scope of the access analyzer has been expanded. It now supports 55 privileges. | 2025-09 | N/A |
August 2025
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for Edge Security Acceleration (ESA). | 2025-08 | N/A | |
Services that work with Security Token Service (STS) | STS is available for ESA. | 2025-08 | N/A |
July 2025
Feature | Description | Release date | Region | References |
Maximum idle time of a RAM user | You can specify the maximum number of days a RAM user can be inactive before their console logon is automatically disabled. This feature helps enhance the security of your RAM users. | 2025-07 | N/A | |
Permission audit | The permission audit feature supports over 190 Alibaba Cloud services. | 2025-07 | N/A |
June 2025
Feature | Description | Release date | Region | References |
Policies | The NotAction element is added to the policy. It specifies a list of actions that are excluded from a policy statement's Allow or Deny effect. | 2025-06 | N/A |
March 2025
Feature | Description | Release date | Region | References |
Configure AccessKey pair-based policies for network access control | You can configure AccessKey pair-based policies for network access control to allow only specific IP addresses to call Alibaba Cloud API operations by using permanent AccessKey pairs. This way, API operations are called by using AccessKey pairs in a trusted network environment. | 2025-03 | N/A |
January 2025
Feature | Description | Release date | Region | References |
Passkeys |
| 2025-01 | N/A |
October 2024
Feature | Description | Release date | Region | References |
Access analyzing |
| 2024-10 | N/A |
September 2024
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for ApsaraDB for SelectDB. | 2024-09 | N/A | |
Services that work with STS | STS is available for ApsaraDB for SelectDB. | 2024-09 | N/A |
August 2024
Feature | Description | Release date | Region | References |
Access analyzing | The policy validation feature is introduced. When you create a policy, the system automatically checks whether the policy document is correct based on the policy syntax and security best practices. | 2024-08 | N/A |
June 2024
Feature | Description | Release date | Region | References |
Permission audit | The permission audit feature allows you to check the permissions that are granted to a RAM identity and the time when the permissions were last accessed by the RAM identity. You can identify unused permissions based on the preceding information and securely revoke them. This way, the principle of least privilege for the RAM identity is achieved. | 2024-06 | N/A |
May 2023
Feature | Description | Release date | Region | References |
Permission diagnostics | The permission diagnostics feature is provided to troubleshoot access errors that are reported due to no permissions. | 2023-05 | N/A |
March 2023
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for Remote Service of Hybrid Cloud Storage. | 2023-03 | N/A | |
Services that work with STS | STS is available for Remote Service of Hybrid Cloud Storage. | 2023-03 | N/A | |
STS | The | 2023-03 | N/A |
February 2023
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for Resource Center. | 2023-02 | N/A | |
Services that work with STS | STS is available for Resource Center. | 2023-02 | N/A | |
Recycle bin | RAM supports the recycle bin feature. When you delete RAM users or the AccessKey pairs of RAM users, the RAM users or the AccessKey pairs are first moved to the recycle bin. Then, the RAM users or the AccessKey pairs are automatically deleted from the recycle bin on a regular basis. You can also manually delete or restore the RAM users or the AccessKey pairs from the recycle bin. This feature helps minimize the adverse impacts that are caused by accidental deletion of RAM users or AccessKey pairs. | 2023-02 | N/A |
January 2023
Feature | Description | Release date | Region | References |
MFA optimization | Only one verification code is required when you bind a virtual MFA device to a RAM user. | 2023-01 | N/A |
December 2022
Feature | Description | Release date | Region | References |
Tags | Tags can be added to RAM users. This way, you can manage the RAM users based on the tags. | 2022-12 | N/A |
November 2022
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for IPv6 Gateway. | 2022-11 | N/A | |
RAM is available for Virtual Private Cloud (VPC) peering connection. | ||||
Services that work with STS | STS is available for IPv6 Gateway. | 2022-11 | N/A | |
STS is available for VPC peering connection. |
August 2022
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for VPC prefix lists. | 2022-08 | N/A | |
Services that work with STS | STS is available for VPC prefix lists. | 2022-08 | N/A |
July 2022
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for Cloud Data Transfer (CDT). | 2022-07 | N/A | |
RAM is available for Network Load Balancer (NLB). | ||||
RAM is available for Elastic Block Storage (EBS). | ||||
Services that work with STS | STS is available for CDT. | 2022-07 | N/A | |
STS is available for NLB. | ||||
STS is available for EBS. |
June 2022
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for Anycast Elastic IP Address (Anycast EIP). | 2022-06 | N/A | |
Services that work with STS | STS is available for Anycast EIP. | 2022-06 | N/A |
April 2022
Feature | Description | Release date | Region | References |
Custom policy creation by importing templates | Policy templates that are created based on years of business practices are provided. The policy templates are suitable for common scenarios. For example, RAM provides policy templates that are applicable to system administrators, financial personnel, and network administrators. You need to only import an appropriate policy template and modify the template based on your business requirements. This way, you can create a custom policy in a convenient manner. | 2022-04 | N/A | Create a custom policy by importing a policy template or system policy |
March 2022
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for the industry-specific plug-in PAI-Plugin that is provided by Machine Learning. | 2022-03 | N/A | |
RAM is available for Alibaba Cloud Distributed Cloud Container Platform (ACK One). | ||||
Services that work with STS | STS is available for the industry-specific plug-in PAI-Plugin that is provided by Machine Learning. | 2022-03 | N/A | |
STS is available for ACK One. |
December 2021
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for Compute Nest. | 2021-12 | N/A | |
Services that work with STS | STS is available for Compute Nest. | 2021-12 | N/A |
November 2021
Feature | Description | Release date | Region | References |
OIDC-based SSO | OpenID Connect (OIDC)-based single sign-on (SSO) is supported. An enterprise can use an OIDC token that is issued by an identity provider (IdP) to call an Alibaba Cloud operation to assume a specific RAM role and use the OIDC token to obtain an STS token. Then, the enterprise can use the STS token to access Alibaba Cloud resources. | 2021-11 | N/A | |
MFA for sensitive operations | MFA is required for sensitive operations. If a RAM user for which MFA is enabled wants to perform a sensitive operation in the Alibaba Cloud Management Console, risk control is triggered and the RAM user is required to pass MFA again. The RAM user can perform the sensitive operation only after the RAM user enters a valid MFA verification code. | 2021-11 | N/A | |
Services that work with RAM | RAM is available for Alibaba Cloud Genomics Service (AGS). | 2021-11 | N/A | |
Services that work with STS | STS is available for AGS. | 2021-11 | N/A |
September 2021
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for Cloud Governance Center (CGC). | 2021-09 | N/A | |
Services that work with STS | STS is available for CGC. | 2021-09 | N/A |
August 2021
Feature | Description | Release date | Region | References |
CloudSSO | CloudSSO is integrated with Alibaba Cloud Resource Directory to provide unified multi-account identity management and access control. You can use CloudSSO to centrally manage users of an enterprise who need to access Alibaba Cloud resources and assign access permissions on the accounts in a resource directory to the users. You can also configure settings to implement SSO access to Alibaba Cloud resources from an IdP. You need to configure the settings only once. | 2021-08 | China (Shanghai) and US (Silicon Valley) | |
Services that work with RAM | RAM is available for Machine Translation. | 2021-08 | N/A | |
RAM is available for CloudSSO. | ||||
Services that work with STS | STS is available for Machine Translation. | 2021-08 | N/A | |
STS is available for CloudSSO. | ||||
STS is available for Simple Application Server. | ||||
STS is available for Application Real-Time Monitoring Service. | ||||
STS is available for Enterprise Distributed Application Service. | ||||
STS is available for Fraud Detection. |
April 2021
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for Alibaba Cloud Public DNS. | 2021-04 | N/A | |
Services that work with STS | STS is available for Alibaba Cloud Public DNS. | 2021-04 | N/A |
March 2021
Feature | Description | Release date | Region | References |
FIDO U2F | FIDO Universal 2nd Factor (FIDO U2F) is a widely used MFA protocol that is created by the FIDO Alliance. U2F security keys are a type of MFA device that supports the U2F protocol. For more information, visit FIDO Alliance. After a U2F security key is enabled, two authentication factors are required when a RAM user logs on to Alibaba Cloud.
| 2021-03 | All regions |
September 2020
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for the Tag service. | 2020-09 | N/A | |
Services that work with STS | STS is available for the Tag service. | 2020-09 | N/A |
July 2020
Feature | Description | Release date | Region | References |
Resource group-based authorization in the RAM console | A RAM user, RAM user group, or RAM role can be granted permissions in the RAM or Resource Management console. The permissions on the resources of an Alibaba Cloud account or on a specific resource group can be granted. The permissions of a RAM user, RAM user group, or RAM role can also be revoked. | 2020-07 | All regions | N/A |
June 2020
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for Time Series Database (TSDB) for InfluxDB. | 2020-06 | N/A | |
Version rotation of custom policies | When you modify a custom policy that has five versions in the RAM console, the earliest version that is not in use can be replaced with the latest version. | 2020-06 | All regions |
May 2020
Feature | Description | Release date | Region | References |
Configuration of the maximum role session duration | The maximum role session duration can be configured in the RAM console. The configuration applies when you log on to the console by using role-based SSO or when you use the console or call an API operation to assume a RAM role. | 2020-05 | All regions |
March 2020
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for AnalyticDB for MySQL. | 2020-03 | N/A | |
Services that work with STS | STS is available for Elastic High Performance Computing (E-HPC). | 2020-03 | N/A | |
Service-linked roles | Service-linked roles are provided by Alibaba Cloud RAM. Service-linked roles can be used to simplify the process of authorizing an Alibaba Cloud service to access other services and use a specific feature. Alibaba Cloud RAM provides service-linked roles for such scenarios. | 2020-03 | All regions | |
Configuration of the maximum role session duration | A new parameter named | 2020-03 | All regions |
February 2020
Feature | Description | Release date | Region | References |
Services that work with STS | STS is available for Dynamic Content Delivery Network (DCDN). | 2020-02 | N/A |
January 2020
Feature | Description | Release date | Region | References |
Services that work with STS | STS is available for ApsaraVideo Live. | 2020-01 | N/A |
December 2019
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for Server Migration Center (SMC). | 2019-12 | N/A |
November 2019
Feature | Description | Release date | Region | References |
User credential report | A user credential report that contains the details of your Alibaba Cloud account and RAM users can be generated and downloaded in the RAM console. The details include console logon passwords, AccessKey pairs, and MFA devices. | 2019-11-15 | All regions | |
Services that work with STS | STS is available for Cloud Backup. | 2019-11 | N/A |
October 2019
Feature | Description | Release date | Region | References |
Services that work with RAM | RAM is available for ID Verification for Financial Services. | 2019-10 | N/A | |
RAM is available for AnalyticDB for PostgreSQL. | ||||
Services that work with STS | STS is available for Cloud Enterprise Network (CEN). | 2019-10 | N/A | |
STS is available for E-MapReduce. |
September 2019
Feature | Description | Release date | Region | References |
Enabling or disabling of console logons for RAM users | The access of RAM users to the console can be enabled and disabled. You can retain the password, MFA, and other logon settings when you disable the access of RAM users to the console. You can also clear console logon settings. | 2019-09-09 | All regions | |
Services that work with RAM | RAM is available for Logic Composer. | 2019-09 | N/A |
June 2019
Feature | Description | Release date | Region | References |
Auxiliary domain names for user-based SSO | The configuration of user-based SSO can be simplified by using auxiliary domain names. | 2019-06-28 | All regions |
April 2019
Feature | Description | Release date | Region | References |
SSO | Alibaba Cloud supports Security Assertion Markup Language (SAML) 2.0-based SSO. This feature is also known as identity federation. SSO can be implemented between an enterprise identity service and Alibaba Cloud. | 2019-04-04 | All regions |
November 2018
Feature | Description | Release date | Region | References |
RAM console | The RAM console is updated. | 2018-11-15 | All regions |