Use a resource group to manage an ECS instance - Resource Management

This topic describes how to add an Elastic Compute Service (ECS) instance to a resource group and authorize a Resource Access Management (RAM) user to view and manage the ECS instance in the resource group.

Procedure

In this example, the RAM user Alice is authorized to view and manage only the ECS instance i-001. You can add the ECS instance to a resource group and grant the permissions on the resource group to Alice.

Note During the authorization process, the ECS instance can work as expected.

Log on to the Resource Management console and create a resource group named ECS-Admin.
For more information, see Create a resource group.
In the Resource Management console, add the ECS instance i-001 to the resource group ECS-Admin.
You can use one of the following methods to add the ECS instance to the resource group:
- Add the ECS instance to the resource group when you create the instance. For more information, see Create an instance by using the wizard.
- Move the ECS instance to the resource group. For more information, see Transfer resources across resource groups.
Log on to the RAM console and create a RAM user named Alice.
For more information, see Create a RAM user.
In the RAM console, grant the required permissions to Alice.
In this step, set Authorization Scope to Specific Resource Group, enter ECS-Admin in the field below, enter Alice in the Principal field, and then select the system policy AliyunECSFullAccess. For more information, see Grant permissions to the RAM user.

Note If you want to authorize Alice only to view the ECS instance, select the system policy AliyunECSReadOnlyAccess in this step.
Log on to the ECS console and view and manage the ECS instance.
1. In the left-side navigation pane, choose Instances & Images > Instances.
2. In the top navigation bar, select the resource group ECS-Admin.
3. On the Instances page, view the information about the instance and manage the instance.