All Products
Search
Document Center

Resource Orchestration Service:Terraform features and resources in ROS

Last Updated:Jun 03, 2026

Resource Orchestration Service (ROS) provides Terraform as a managed service, supporting multiple Terraform versions, ROS features, API operations, and resources from Alibaba Cloud, AWS, and Azure.

ROS version support

The following table lists the Terraform and provider versions supported by ROS.

Terraform version

Provider version

0.12.28

  • alicloud: 1.121.2

  • aws: 3.37.0

  • azurerm: 2.56.0

  • random: 3.1.0

  • template: 2.2.0

  • time: 0.7.0

0.15.3

  • alicloud: 1.123.0

  • aws: 3.42.0

  • azurerm: 2.59.0

  • random: 3.1.0

  • template: 2.2.0

  • time: 0.7.1

1.0.11

  • alicloud: 1.139.0 to 1.254.0;

  • aws: 3.63.0 to 5.80.0;

  • azurerm: 2.81.0 to 4.13.0;

  • random: 3.1.0 to 3.7.2;

  • template: 2.2.0

  • time: 0.7.2 to 0.13.1;

  • fortios: 1.13.2 to 1.22.0;

  • fortimanager: 1.3.4 to 1.14.0;

  • helm: 2.3.0 to 3.0.2;

  • kubernetes: 2.6.1 to 2.37.1;

1.1.9

  • alicloud: 1.139.0 to 1.254.0;

  • aws: 3.63.0 to 5.80.0;

  • azurerm: 2.81.0 to 4.13.0;

  • random: 3.1.0 to 3.7.2;

  • template: 2.2.0

  • time: 0.7.2 to 0.13.1;

  • fortios: 1.13.2 to 1.22.0;

  • fortimanager: 1.3.4 to 1.14.0;

  • helm: 2.3.0 to 3.0.2;

  • kubernetes: 2.6.1 to 2.37.1;

1.2.9

  • alicloud: 1.139.0 to 1.254.0;

  • aws: 3.63.0 to 5.80.0;

  • azurerm: 2.81.0 to 4.13.0;

  • random: 3.1.0 to 3.7.2;

  • template: 2.2.0

  • time: 0.7.2 to 0.13.1;

  • fortios: 1.13.2 to 1.22.0;

  • fortimanager: 1.3.4 to 1.14.0;

  • helm: 2.3.0 to 3.0.2;

  • kubernetes: 2.6.1 to 2.37.1;

1.3.10

  • azurerm: 2.81.0 to 4.13.0;

  • fortios: 1.13.2 to 1.22.0;

  • random: 3.1.0 to 3.7.2;

  • template: 2.2.0

  • time: 0.7.2 to 0.13.1;

  • alicloud: 1.139.0 to 1.254.0;

  • aws: 3.63.0 to 5.80.0;

  • fortimanager: 1.3.4 to 1.14.0;

  • helm: 2.3.0 to 3.0.2;

  • kubernetes: 2.6.1 to 2.37.1;

1.4.7

  • azurerm: 2.81.0 to 4.13.0;

  • fortios: 1.13.2 to 1.22.0;

  • random: 3.1.0 to 3.7.2;

  • template: 2.2.0

  • time: 0.7.2 to 0.13.1;

  • alicloud: 1.139.0 to 1.254.0;

  • aws: 3.63.0 to 5.80.0;

  • fortimanager: 1.3.4 to 1.14.0;

  • helm: 2.3.0 to 3.0.2;

  • kubernetes: 2.6.1 to 2.37.1;

1.5.7

  • azurerm: 2.81.0 to 4.13.0;

  • fortios: 1.13.2 to 1.22.0;

  • random: 3.1.0 to 3.6.2

  • template: 2.2.0

  • time: 0.7.2 to 0.13.1;

  • alicloud: 1.139.0 to 1.254.0;

  • aws: 3.63.0 to 5.80.0;

  • fortimanager: 1.3.4 to 1.14.0;

  • helm: 2.3.0 to 3.0.2;

  • kubernetes: 2.6.1 to 2.37.1;

1.6.3

  • azurerm: 2.81.0 to 4.13.0;

  • fortios: 1.13.2 to 1.22.0;

  • random: 3.1.0 to 3.6.2;

  • template: 2.2.0;

  • time: 0.7.2 to 0.13.1;

  • alicloud: 1.139.0 to 1.254.0;

  • aws: 3.63.0 to 5.80.0;

  • fortimanager: 1.3.4 to 1.14.0;

  • helm: 2.3.0 to 3.0.2;

  • kubernetes: 2.6.1 to 2.37.1;

1.7.5

  • azurerm: 2.81.0 to 4.13.0;

  • fortios: 1.13.2 to 1.22.0;

  • random: 3.1.0 to 3.6.2;

  • template: 2.2.0;

  • time: 0.7.2 to 0.13.1;

  • alicloud: 1.139.0 to 1.254.0;

  • aws: 3.63.0 to 5.80.0;

  • fortimanager: 1.3.4 to 1.14.0;

  • helm: 2.3.0 to 3.0.2;

  • kubernetes: 2.6.1 to 2.37.1;

1.8.5

  • azurerm: 2.81.0 to 4.13.0;

  • fortios: 1.13.2 to 1.22.0;

  • random: 3.1.0 to 3.6.2;

  • template: 2.2.0;

  • time: 0.7.2 to 0.13.1;

  • alicloud: 1.139.0 to 1.254.0;

  • aws: 3.63.0 to 5.80.0;

  • fortimanager: 1.3.4 to 1.14.0;

  • helm: 2.3.0 to 3.0.2;

  • kubernetes: 2.6.1 to 2.37.1;

Note

ROS regularly updates supported versions. Call GetFeatureDetails to query the latest supported Terraform versions.

Supported ROS features

Feature

Supported

Unsupported

Stack

  • You can preview, create, update, delete, and query stacks.

  • You can query resources, stack events, resource events, outputs, and templates.

  • When you create resources by using a stack, ROS adds the system tag acs:ros:stackId to some resources. Applicable resource types are listed under Resources that support system tags in Supported ROS resources.

  • When you create or update resources by using a stack, ROS propagates the custom tags of the stack to some resources. Applicable resource types are listed under Resources that support custom tag propagation in Supported ROS resources.

  • When you create or update resources by using a stack, ROS propagates the resource group of the stack to some resources. Applicable resource types are listed under Resources that support resource group propagation in Supported ROS resources.

  • You can specify a timeout period (10 to 120 minutes), configure Parameters, Outputs, and Rules in templates, and continue stack creation after failures. You can configure resource status notifications, deletion protection, and resource retention policies. You can also configure RAM roles, manage tags and resource groups, and perform pre-event audits.

  • You can manage change sets.

  • You can detect drift.

  • You can import resources.

  • Perform risk detection. Applicable resource types are listed under Resources that support risk detection in Supported ROS resources.

  • You can cancel an operation on a stack.

Rollback on failure, stack policies, controlled replacements, drift correction, signal notifications, and more.

Stack group

  • You can create, update, delete, and query stack groups.

  • You can create, update, delete, and query stack instances. You can also query and stop operations on stacks.

  • You can manage tags and resource groups.

  • You can detect drift.

None.

Template

  • You can create, update, delete, query, share, and validate templates.

  • Query prices for billable resources defined in a template. Applicable resource types are listed under Resources that support price inquiries in Supported ROS resources.

  • You can manage tags and resource groups.

  • You can query template parameter values automatically or manually. The manual method is described in Manually configure parameter constraint query for a Terraform template.

  • You can query the RAM policies based on which templates are generated.

None.

Resource scenario

  • You can create, update, delete, and query resource scenarios.

  • Generating a template

None.

Others

  • You can use Security Token Service (STS).

  • You can query the activation status and the RAM roles of an Alibaba Cloud service.

  • You can query the details of features.

Managing resource types

Supported ROS API operations

Feature

API operation

Stack

PreviewStack, CreateStack, ContinueCreateStack, UpdateStack, DeleteStack, GetStack, ListStacks, ListStackResources, GetStackResource, ListStackEvents, SetDeletionProtection, ListStackOperationRisks, CancelUpdateStack, and CancelStackOperation

Note

If you set the StackType parameter to Terraform when you call the GetStack or ListStacks operation, Terraform stacks are queried.

Change set and resource import

CreateChangeSet, ExecuteChangeSet, DeleteChangeSet, GetChangeSet, and ListChangeSets

Drift detection

DetectStackDrift, DetectStackGroupDrift, GetStackDriftDetectionStatus, and ListStackResourceDrifts

Note

You cannot call the DetectStackResourceDrift operation to detect drift on multiple resources at the same time.

Stack group

CreateStackGroup, UpdateStackGroup, DeleteStackGroup, GetStackGroup, ListStackGroups, CreateStackInstances, UpdateStackInstances, DeleteStackInstances, GetStackInstance, ListStackInstances, StopStackGroupOperation, GetStackGroupOperation, ListStackGroupOperations, and ListStackGroupOperationResults

Template

CreateTemplate, UpdateTemplate, DeleteTemplate, GetTemplate, ListTemplates, ListTemplateVersions, SetTemplatePermission, ValidateTemplate, GetTemplateEstimateCost, GetTemplateSummary, GetTemplateParameterConstraints, and GenerateTemplatePolicy

Resource scenario

CreateTemplateScratch, DeleteTemplateScratch, UpdateTemplateScratch, ListTemplateScratches, GetTemplateScratch, and GenerateTemplateByScratch

Tag

TagResources, UntagResources, ListTagKeys, ListTagValues, and ListTagResources

Resource group

MoveResourceGroup

Others

GetServiceProvisions and GetFeatureDetails

Supported resources

Terraform in ROS supports resources from the following cloud service providers:

  • Alibaba Cloud resources, documented in the Alibaba Cloud Provider reference.

    Note
    • You can use the Terraform online debugging tool.

    • ROS provides a default provider that uses the temporary AccessKey pair or STS credential of your account and the region ID of your stack.

    The following section lists resources that support price inquiries, system tags, custom tag propagation, resource group propagation, and risk detection.

    Note

    Call GetFeatureDetails to query which resource types support price inquiries, system tags, custom tag propagation, resource group propagation, and risk detection.

    • Resources that support price inquiries

      • Elastic Compute Service (ECS): alicloud_instance, alicloud_ecs_disk, alicloud_disk, alicloud_ecs_dedicated_host, and alicloud_ecs_instance_set

      • Virtual Private Cloud (VPC): alicloud_eip_address, alicloud_eip, alicloud_common_bandwidth_package, alicloud_nat_gateway, alicloud_vpn_gateway, alicloud_eipanycast_anycast_eip_address, alicloud_vpc_ipv6_gateway, and alicloud_router_interface

      • Server Load Balancer (SLB): alicloud_slb_load_balancer and alicloud_slb

      • ApsaraDB RDS: alicloud_db_instance and alicloud_db_readonly_instance

      • Tair (Redis OSS-compatible): alicloud_kvstore_instance

      • PolarDB: alicloud_polardb_cluster

      • ApsaraDB for MongoDB: alicloud_mongodb_instance, alicloud_mongodb_serverless_instance, and alicloud_mongodb_sharding_instance

      • Cloud Enterprise Network (CEN): alicloud_cen_bandwidth_package

      • Alibaba Cloud Marketplace: alicloud_market_order

      • PolarDB-X 1.0: alicloud_drds_instance

      • Elastic Container Instance: alicloud_eci_container_group and alicloud_eci_image_cache

      • E-MapReduce (EMR): alicloud_emr_cluster

      • Elasticsearch: alicloud_elasticsearch_instance

      • Serverless App Engine (SAE): alicloud_sae_application

      • AnalyticDB for PostgreSQL: alicloud_gpdb_elastic_instance and alicloud_gpdb_instance

      • Global Accelerator (GA): alicloud_ga_accelerator

      • AnalyticDB for MySQL: alicloud_adb_cluster, alicloud_adb_db_cluster, and alicloud_adb_db_cluster_lake_version

      • File Storage NAS (NAS): alicloud_nas_file_system

      • ApsaraMQ for Kafka: alicloud_alikafka_instance

      • Microservices Engine (MSE): alicloud_mse_cluster

      • Application Load Balancer (ALB): alicloud_alb_load_balancer

      • Data Transmission Service (DTS): alicloud_dts_migration_instance and alicloud_dts_synchronization_instance

      • Elastic Desktop Service (EDS): alicloud_ecd_desktop

      • ROS: alicloud_ros_stack

      • Container Service for Kubernetes (ACK): alicloud_cs_kubernetes, alicloud_cs_edge_kubernetes, alicloud_cs_managed_kubernetes, and alicloud_cs_serverless_kubernetes

      • Time Series Database (TSDB): alicloud_tsdb_instance

      • Elastic High Performance Computing (E-HPC): alicloud_ehpc_cluster

      • ApsaraDB for ClickHouse: alicloud_click_house_db_cluster

      • Web Application Firewall (WAF): alicloud_waf_instance

      • CDDC: alicloud_cddc_dedicated_host.

      • PolarDB-X: alicloud_drds_instance.

      • AMQP: alicloud_amqp_instance.

      • ApiGateway: alicloud_api_gateway_instance.

    • Resources that support system tags

      • ECS: alicloud_instance, alicloud_ecs_disk, alicloud_disk, alicloud_ecs_dedicated_host, alicloud_security_group, alicloud_key_pair, alicloud_ecs_launch_template, alicloud_ecs_network_interface, alicloud_image_copy, alicloud_image, alicloud_ecs_snapshot, alicloud_launch_template, alicloud_snapshot, alicloud_snapshot_policy, alicloud_network_interface, alicloud_ecs_instance_set, alicloud_ecs_auto_snapshot_policy, alicloud_ecs_dedicated_host_cluster, alicloud_ecs_key_pair, alicloud_ecs_activation, alicloud_ecs_capacity_reservation, alicloud_ecs_command, alicloud_ecs_elasticity_assurance, alicloud_ecs_image_component, alicloud_ecs_image_pipeline, alicloud_ecs_invocation, alicloud_ecs_snapshot_group, and alicloud_ecs_storage_capacity_unit

      • VPC: alicloud_eip_address, alicloud_eip, alicloud_common_bandwidth_package, alicloud_nat_gateway, alicloud_vpn_gateway, alicloud_vpc, alicloud_vswitch, alicloud_route_table, and alicloud_vpc_ipv6_gateway

      • SLB: alicloud_slb_load_balancer, alicloud_slb, alicloud_slb_acl, and alicloud_slb_server_certificate

      • ApsaraDB RDS: alicloud_db_instance, alicloud_db_readonly_instance, alicloud_rds_clone_db_instance, and alicloud_rds_upgrade_db_instance

      • The resource type for Redis is alicloud_kvstore_instance.

      • PolarDB: alicloud_polardb_cluster

      • ApsaraDB for MongoDB: alicloud_mongodb_instance, alicloud_mongodb_serverless_instance, and alicloud_mongodb_sharding_instance

      • CEN: alicloud_cen_flowlog, alicloud_cen_instance, alicloud_cen_transit_router_ecr_attachment, alicloud_cen_transit_router_multicast_domain, alicloud_cen_transit_router_peer_attachment, alicloud_cen_transit_router_route_table, alicloud_cen_transit_router_vbr_attachment, alicloud_cen_transit_router_vpc_attachment, alicloud_cen_transit_router_vpn_attachment, alicloud_cen_transit_router, and alicloud_cen_bandwidth_package.

      • Elasticsearch: alicloud_elasticsearch_instance

      • AnalyticDB for PostgreSQL: alicloud_gpdb_elastic_instance and alicloud_gpdb_instance

      • Certificate Management Service: alicloud_cas_certificate and alicloud_ssl_certificates_service_certificate

      • Object Storage Service (OSS): alicloud_oss_bucket

      • Alibaba Cloud DNS PrivateZone: alicloud_pvtz_zone

      • Anti-DDoS: alicloud_ddosbgp_instance and alicloud_ddoscoo_instance

      • Bastionhost (BH): alicloud_bastionhost_instance

      • Auto Scaling: alicloud_ess_scaling_group

      • ROS: alicloud_ros_template, alicloud_ros_stack, and alicloud_ros_stack_group

      • ApsaraMQ for Kafka: alicloud_alikafka_instance, alicloud_alikafka_consumer_group, and alicloud_alikafka_topic

      • Alibaba Cloud DNS: alicloud_alidns_domain

      • DTS: alicloud_dts_migration_instance and alicloud_dts_synchronization_instance

      • ACK: alicloud_cs_managed_kubernetes, alicloud_cs_serverless_kubernetes, alicloud_cs_edge_kubernetes, and alicloud_cs_kubernetes

      • ALB: alicloud_alb_security_policy, alicloud_alb_server_group, alicloud_alb_acl, alicloud_alb_load_balancer, alicloud_alb_health_check_template, alicloud_alb_listener, and alicloud_alb_rule

      • ApsaraMQ for RocketMQ: alicloud_ons_instance

      • NAS: alicloud_nas_file_system

      • ApsaraDB for MyBase: alicloud_cddc_dedicated_host

      • YunDun: alicloud_yundun_dbaudit_instance.

      • Function Compute: alicloud_fc_service

      • AnalyticDB for MySQL: alicloud_adb_cluster and alicloud_adb_db_cluster_lake_version

      • Alibaba Cloud CDN (CDN): alicloud_cdn_domain_new

      • ApsaraDB for HBase: alicloud_hbase_instance

      • E-HPC: alicloud_ehpc_cluster

      • Application Real-Time Monitoring Service (ARMS): alicloud_arms_grafana_workspace and alicloud_arms_prometheus

      • BP Studio: alicloud_bp_studio_application.

      • Compute Nest: alicloud_compute_nest_service_instance

      • Elastic Accelerated Computing Instances (EAIS): alicloud_eais_instance

      • OOS: alicloud_oos_template and alicloud_oos_execution.

      • PolarDB-X: alicloud_drds_instance.

      • ApiGateway: alicloud_api_gateway_group and alicloud_api_gateway_instance.

      • VOD: alicloud_vod_domain.

      • HBR: alicloud_hbr_ecs_backup_client.

      • EBS: alicloud_ebs_solution_instance and alicloud_ebs_disk_replica_pair

      • EFLO: alicloud_eflo_vpd.

      • SAE: alicloud_sae_application.

    • Resources that support propagation of custom stack tags

      • ECS: alicloud_instance, alicloud_ecs_disk, alicloud_disk, alicloud_ecs_dedicated_host, alicloud_security_group, alicloud_key_pair, alicloud_ecs_launch_template, alicloud_ecs_network_interface, alicloud_image_copy, alicloud_image, alicloud_ecs_snapshot, alicloud_launch_template, alicloud_snapshot, alicloud_network_interface, alicloud_ecs_key_pair, alicloud_ecs_instance_set, alicloud_ecs_auto_snapshot_policy, alicloud_snapshot_policy, alicloud_ecs_dedicated_host_cluster, alicloud_ecs_activation, alicloud_ecs_capacity_reservation, alicloud_ecs_command, alicloud_ecs_elasticity_assurance, alicloud_ecs_image_component, alicloud_ecs_image_pipeline, alicloud_ecs_invocation, alicloud_ecs_snapshot_group, and alicloud_ecs_storage_capacity_unit

      • VPC: alicloud_eip_address, alicloud_eip, alicloud_common_bandwidth_package, alicloud_nat_gateway, alicloud_vpn_gateway, alicloud_vpc, alicloud_vswitch, alicloud_vpc_ipv6_gateway, and alicloud_route_table

      • SLB: alicloud_slb_load_balancer, alicloud_slb, alicloud_slb_server_certificate, and alicloud_slb_acl

      • ApsaraDB RDS: alicloud_db_instance, alicloud_db_readonly_instance, alicloud_rds_clone_db_instance, and alicloud_rds_upgrade_db_instance

      • The resource type for Redis is alicloud_kvstore_instance.

      • PolarDB: alicloud_polardb_cluster

      • ApsaraDB for MongoDB: alicloud_mongodb_instance, alicloud_mongodb_serverless_instance, and alicloud_mongodb_sharding_instance

      • CEN: alicloud_cen_bandwidth_package, alicloud_cen_flowlog, alicloud_cen_instance, alicloud_cen_transit_router_ecr_attachment, alicloud_cen_transit_router_multicast_domain, alicloud_cen_transit_router_peer_attachment, alicloud_cen_transit_router_route_table, alicloud_cen_transit_router_vbr_attachment, alicloud_cen_transit_router_vpc_attachment, alicloud_cen_transit_router_vpn_attachment, and alicloud_cen_transit_router

      • PolarDB-X 1.0: alicloud_drds_instance

      • EMR: alicloud_emr_cluster

      • Elasticsearch: alicloud_elasticsearch_instance

      • AnalyticDB for PostgreSQL: alicloud_gpdb_elastic_instance and alicloud_gpdb_instance

      • AnalyticDB for MySQL: alicloud_adb_db_cluster, alicloud_adb_cluster, and alicloud_adb_db_cluster_lake_version

      • ALB: alicloud_alb_acl, alicloud_alb_server_group, alicloud_alb_load_balancer, alicloud_alb_security_policy, alicloud_alb_health_check_template, alicloud_alb_listener, and alicloud_alb_rule

      • Alibaba Cloud DNS: alicloud_alidns_domain, alicloud_dns_domain, and alicloud_dns

      • BastionHost: alicloud_bastionhost_instance.

      • Certificate Management Service: alicloud_cas_certificate and alicloud_ssl_certificates_service_certificate

      • CDDC: alicloud_cddc_dedicated_host.

      • CDN: alicloud_cdn_domain_new

      • ACK: alicloud_cs_kubernetes, alicloud_cs_edge_kubernetes, alicloud_cs_managed_kubernetes, and alicloud_cs_serverless_kubernetes

      • Edge Security Acceleration (ESA): alicloud_dcdn_domain and alicloud_dcdn_ipa_domain

      • Anti-DDoS: alicloud_ddosbgp_instance and alicloud_ddoscoo_instance

      • DTS: alicloud_dts_synchronization_instance and alicloud_dts_migration_instance

      • Cloud Backup: alicloud_hbr_replication_vault, alicloud_hbr_vault, alicloud_hbr_hana_instance, and alicloud_hbr_ecs_backup_client

      • ApsaraDB for HBase: alicloud_hbase_instance

      • ApsaraMQ for Kafka: alicloud_alikafka_instance, alicloud_alikafka_topic, and alicloud_alikafka_consumer_group

      • NAS: alicloud_nas_file_system

      • CloudOps Orchestration Service (OOS): alicloud_oos_template and alicloud_oos_execution

      • Alibaba Cloud DNS PrivateZone: alicloud_pvtz_zone

      • ROS: alicloud_ros_template and alicloud_ros_stack

      • SAE: alicloud_sae_application

      • Database Audit: alicloud_yundun_dbaudit_instance.

      • API Gateway: alicloud_api_gateway_group, alicloud_api_gateway_api, alicloud_api_gateway_app, alicloud_api_gateway_instance, and alicloud_api_gateway_plugin

      • Function Compute: alicloud_fc_service

      • Auto Scaling: alicloud_ess_scaling_group

      • OSS: alicloud_oss_bucket

      • ApsaraVideo VOD (VOD): alicloud_vod_domain

      • ApsaraMQ for RocketMQ: alicloud_ons_instance

      • IoT Platform: alicloud_amqp_instance.

      • ARMS: alicloud_arms_grafana_workspace and alicloud_arms_prometheus

      • CADT: alicloud_bp_studio_application

      • Compute Nest: alicloud_compute_nest_service_instance

      • EAIS: alicloud_eais_instance

      • Elastic Block Storage (EBS): alicloud_ebs_dedicated_block_storage_cluster, alicloud_ebs_disk_replica_group, alicloud_ebs_disk_replica_pair, alicloud_ebs_enterprise_snapshot_policy, and alicloud_ebs_solution_instance

      • EFLO: alicloud_eflo_subnet and alicloud_eflo_vpd.

      • ROS: alicloud_ros_stack_group and alicloud_ros_stack.

      • ECI: alicloud_eci_container_group and alicloud_eci_image_cache.

      • EDAS: alicloud_edas_application.

      To propagate custom stack tags to resources owned by a RAM user or RAM role, attach the AliyunTagAdministratorAccess system policy and allow the oss:GetBucketTagging action. Sample custom RAM policy:

      {
        "Version": "1",
        "Statement": [
          {
            "Action": [
              "tag:*",
              "*:ListTagResources",
              "*:TagResources",
              "*:UntagResources",
              "*:UnTagResources",
              "vod:TagVodResources",
              "vod:UnTagVodResources",
              "dcdn:TagDcdnResources",
              "dcdn:UntagDcdnResources",
              "ecs:DescribeResourceByTags",
              "*:DescribeTags",
              "*:DescribeTagKeys",
              "*:ListTagKeys",
              "*:ListTagValues",
              "ecs:AddTags",
              "ecs:RemoveTags",
              "slb:AddTags",
              "slb:RemoveTags",
              "rds:AddTagsToResource",
              "rds:DescribeDBInstanceByTags",
              "rds:RemoveTagsFromResource",
              "oss:PutBucketTagging",
              "oss:GetBucketTagging",
              "oss:DeleteBucketTagging",
              "oss:GetBucketTagging",
              "live:TagLiveResources",
              "live:ListLiveTagResources",
              "live:UnTagLiveResources"
            ],
            "Resource": "*",
            "Effect": "Allow"
          }
        ]
      }
    • Resources that support propagation of stack resource groups

      Note

      To propagate stack resource groups to resources owned by a RAM user or RAM role, grant the required permissions. Supported services are listed in Services that work with Resource Group.

      • ECS: alicloud_instance, alicloud_ecs_disk, alicloud_disk, alicloud_ecs_dedicated_host, alicloud_security_group, alicloud_key_pair, alicloud_ecs_launch_template, alicloud_ecs_network_interface, alicloud_image_copy, alicloud_image, alicloud_snapshot, alicloud_ecs_key_pair, alicloud_launch_template, alicloud_ecs_instance_set, alicloud_snapshot_policy, alicloud_network_interface, alicloud_ecs_auto_snapshot_policy, alicloud_ecs_snapshot, and alicloud_ecs_invocation

      • VPC: alicloud_vpc, alicloud_common_bandwidth_package, alicloud_eip_address, and alicloud_eip

      • SLB: alicloud_slb_load_balancer, alicloud_slb_server_certificate, alicloud_slb_acl, and alicloud_slb

      • ApsaraDB RDS: alicloud_db_instance, alicloud_db_readonly_instance, alicloud_rds_upgrade_db_instance, and alicloud_rds_clone_db_instance

      • Tair (Redis OSS-compatible): alicloud_kvstore_instance

      • PolarDB: alicloud_polardb_cluster

      • ApsaraDB for MongoDB: alicloud_mongodb_instance, alicloud_mongodb_serverless_instance, and alicloud_mongodb_sharding_instance

      • Elastic Container Instance: alicloud_eci_container_group and alicloud_eci_image_cache

      • PolarDB-X 1.0: alicloud_drds_instance

      • EMR: alicloud_emr_cluster

      • Elasticsearch: alicloud_elasticsearch_instance

      • Certificate Management Service: alicloud_cas_certificate and alicloud_ssl_certificates_service_certificate

      • ROS: alicloud_ros_stack, alicloud_ros_stack_group, and alicloud_ros_template

      • Alibaba Cloud DNS PrivateZone: alicloud_pvtz_zone

      • ACK: alicloud_cs_kubernetes, alicloud_cs_edge_kubernetes, alicloud_cs_managed_kubernetes, and alicloud_cs_serverless_kubernetes

      • ApsaraDB for HBase: alicloud_hbase_instance

      • ALB: alicloud_alb_acl, alicloud_alb_security_policy, alicloud_alb_load_balancer, alicloud_alb_server_group, and alicloud_alb_health_check_template

      • OOS: alicloud_oos_state_configuration, alicloud_oos_template, alicloud_oos_secret_parameter, and alicloud_oos_parameter

      • DNS: alicloud_dns_domain, alicloud_dns, alicloud_alidns_gtm_instance, and alicloud_alidns_domain

      • Anti-DDoS: alicloud_ddoscoo_instance and alicloud_ddosbgp_instance

      • BH: alicloud_bastionhost_instance

      • Enterprise Distributed Application Service (EDAS): alicloud_edas_k8s_application, alicloud_edas_cluster, alicloud_edas_k8s_cluster, and alicloud_edas_application

      • CDN: alicloud_cdn_domain_new

      • WAF: alicloud_waf_domain

      • ApsaraDB for Cassandra: alicloud_cassandra_cluster

      • ESA: alicloud_dcdn_domain and alicloud_dcdn_ipa_domain

      • OpenSearch: alicloud_open_search_app_group

      • DataBase Audit: alicloud_yundun_dbaudit_instance

      • Cloud Backup: alicloud_hbr_vault and alicloud_hbr_replication_vault

      • CEN: alicloud_cen_bandwidth_package and alicloud_cen_instance

      • AnalyticDB for MySQL: alicloud_adb_cluster, alicloud_adb_db_cluster, and alicloud_adb_db_cluster_lake_version

      • ApsaraMQ for Kafka: alicloud_alikafka_instance

      • Lindorm: alicloud_lindorm_instance

      • ARMS: alicloud_arms_grafana_workspace and alicloud_arms_prometheus

      • BP Studio: alicloud_bp_studio_application.

      • Compute Nest: alicloud_compute_nest_service_instance

      • EAIS: alicloud_eais_instance

      • EBS: alicloud_ebs_dedicated_block_storage_cluster, alicloud_ebs_disk_replica_group, alicloud_ebs_disk_replica_pair, alicloud_ebs_enterprise_snapshot_policy, and alicloud_ebs_solution_instance

      • EFLO corresponds to alicloud_eflo_vpd.

    • Resources that support risk detection

      • ECS: alicloud_instance, alicloud_ecs_instance_set, alicloud_ecs_disk, alicloud_ecs_dedicated_host, alicloud_security_group, and alicloud_security_group_rule

      • VPC: alicloud_eip, alicloud_eip_address, alicloud_vpn_gateway, alicloud_snat_entry, and alicloud_nat_gateway

      • SLB: alicloud_slb_load_balancer and alicloud_slb

      • ApsaraDB RDS: alicloud_db_instance

      • Tair (Redis OSS-compatible): alicloud_kvstore_instance

      • ApsaraDB for MongoDB: alicloud_mongodb_instance and alicloud_mongodb_sharding_instance

      • RAM: alicloud_ram_role

  • Amazon Web Services (AWS) resources, documented in the AWS Provider reference.

  • Microsoft Azure resources, documented in the Azure Provider reference.