This topic describes how to add an Elastic Compute Service (ECS) instance to a resource group and authorize a Resource Access Management (RAM) user to view and manage the ECS instance in the resource group.


In this example, the RAM user Alice is authorized to view and manage only the ECS instance i-001. You can add the ECS instance to a resource group and grant the permissions on the resource group to Alice.

Note During the authorization process, the ECS instance can work as expected.
  1. Log on to the Resource Management console and create a resource group named ECS-Admin.
    For more information, see Create a resource group.
  2. In the Resource Management console, add the ECS instance i-001 to the resource group ECS-Admin.
    You can use one of the following methods to add the ECS instance to the resource group:
  3. Log on to the RAM console and create a RAM user named Alice.
    For more information, see Create a RAM user.
  4. In the RAM console, grant the required permissions to Alice.
    In this step, set Authorization Scope to Specific Resource Group, enter ECS-Admin in the field below, enter Alice in the Principal field, and then select the system policy AliyunECSFullAccess. For more information, see Grant permissions to the RAM user. Resource group authorization
    Note If you want to authorize Alice only to view the ECS instance, select the system policy AliyunECSReadOnlyAccess in this step.
  5. Log on to the ECS console and view and manage the ECS instance.
    1. In the left-side navigation pane, choose Instances & Images > Instances.
    2. In the top navigation bar, select the resource group ECS-Admin.
      Select a resource group
    3. On the Instances page, view the information about the instance and manage the instance.