API overview - Resource Access Management

API standard and pre-built SDKs in multi-language

The OpenAPI specification of this product (Ram/2015-05-01) follows the RPC standard. Alibaba Cloud provides pre-built SDKs for popular programming languages to abstract low-level complexities such as request signing. This enables developers to call APIs using language-specific syntax without dealing with HTTP details directly.

Custom signature

If your specific needs, such as a customized signature, are not supported by the SDK, manually sign requests using the signature mechanism. Note that manual signing requires significant effort (usually about 5 business days). For support, join our DingTalk group (ID: 147535001692).

Before you begin

An Alibaba Cloud account has full administrative privileges. A compromised AccessKey pair exposes all associated resources to unauthorized access, posing a significant security risk. Create a Resource Access Management (RAM) user with API-only access and use RAM policies to apply the principle of least privilege (PoLP). Alibaba Cloud accounts are only used when explicitly required.

To call APIs securely, configure the following:

A RAM user account
An AccessKey pair for the account

User management

API	Title	Description
RAM User	RAM User
CreateUser	CreateUser	This operation creates a Resource Access Management (RAM) user.
GetUser	GetUser	You can call the GetUser operation to query the details of a Resource Access Management (RAM) user.
UpdateUser	UpdateUser	Modifies information about a Resource Access Management (RAM) user.
DeleteUser	DeleteUser	Deletes a Resource Access Management (RAM) user.
ListUsers	ListUsers	Queries the information about all RAM users.
Login Profile	Login Profile
CreateLoginProfile	CreateLoginProfile	Enables console logon for a Resource Access Management (RAM) user.
GetLoginProfile	GetLoginProfile	Queries the logon configurations of a Resource Access Management (RAM) user.
UpdateLoginProfile	UpdateLoginProfile	Modifies the logon configurations of a Resource Access Management (RAM) user.
DeleteLoginProfile	DeleteLoginProfile	Disables console logon for a Resource Access Management (RAM) user.
ChangePassword	ChangePassword	Changes the password that is used to log on to the console for a Resource Access Management (RAM) user.
AccessKey	AccessKey
CreateAccessKey	CreateAccessKey	Creates an AccessKey pair for a Resource Access Management (RAM) user.
UpdateAccessKey	UpdateAccessKey	Changes the status of an AccessKey pair that belongs to a Resource Access Management (RAM) user.
DeleteAccessKey	DeleteAccessKey	Deletes an AccessKey pair of a Resource Access Management (RAM) user.
ListAccessKeys	ListAccessKeys	Queries all AccessKey pairs that belong to a Resource Access Management (RAM) user.
MFA	MFA
CreateVirtualMFADevice	CreateVirtualMFADevice	Creates a multi-factor authentication (MFA) device.
GetUserMFAInfo	GetUserMFAInfo	Queries the multi-factor authentication (MFA) device that is bound to a Resource Access Management (RAM) user.
DeleteVirtualMFADevice	DeleteVirtualMFADevice	Deletes a multi-factor authentication (MFA) device.
ListVirtualMFADevices	ListVirtualMFADevices	Queries multi-factor authentication (MFA) devices.
BindMFADevice	BindMFADevice	Binds a multi-factor authentication (MFA) device to a Resource Access Management (RAM) user.
UnbindMFADevice	UnbindMFADevice	Unbinds a multi-factor authentication (MFA) device from a Resource Access Management (RAM) user.

User group management

API	Title	Description
CreateGroup	CreateGroup	Creates a RAM user group.
GetGroup	GetGroup	Queries information about a Resource Access Management (RAM) user group.
UpdateGroup	UpdateGroup	Modifies a Resource Access Management (RAM) user group.
DeleteGroup	DeleteGroup	Deletes a Resource Access Management (RAM) user group.
ListGroups	ListGroups	Queries Resource Access Management (RAM) user groups.
ListGroupsForUser	ListGroupsForUser	Queries the Resource Access Management (RAM) user groups to which a RAM user belongs.
ListUsersForGroup	ListUsersForGroup	Queries Resource Access Management (RAM) users in a RAM user group.
AddUserToGroup	AddUserToGroup	Adds a Resource Access Management (RAM) user to a RAM user group.
RemoveUserFromGroup	RemoveUserFromGroup	Removes a Resource Access Management (RAM) user from a RAM user group.

Role management

API	Title	Description
CreateRole	CreateRole	Creates a Resource Access Management (RAM) role.
DeleteRole	DeleteRole	Deletes a regular Resource Access Management (RAM) role.
UpdateRole	UpdateRole	Modifies information about a Resource Access Management (RAM) role.
GetRole	GetRole	Queries information about a Resource Access Management (RAM) role.
ListRoles	ListRoles	Queries all Resource Access Management (RAM) roles.

Permission management

API	Title	Description
Permission Policy Management	Permission Policy Management
CreatePolicy	CreatePolicy	Creates a custom policy.
GetPolicy	GetPolicy	Queries information about a policy.
UpdatePolicyDescription	UpdatePolicyDescription	Modifies the description of a custom policy.
DeletePolicy	DeletePolicy	Deletes a policy.
ListPolicies	ListPolicies	Queries a list of policies.
CreatePolicyVersion	CreatePolicyVersion	Creates a version for a policy.
GetPolicyVersion	GetPolicyVersion	Queries the information about a policy version.
DeletePolicyVersion	DeletePolicyVersion	Deletes a policy version.
ListPolicyVersions	ListPolicyVersions	Queries the versions of a policy.
SetDefaultPolicyVersion	SetDefaultPolicyVersion	Specifies a version for a policy as the default version.
Authorization Management	Authorization Management
AttachPolicyToUser	AttachPolicyToUser	Attaches a policy to a Resource Access Management (RAM) user.
DetachPolicyFromUser	DetachPolicyFromUser	Detaches a policy from a Resource Access Management (RAM) user.
AttachPolicyToGroup	AttachPolicyToGroup	Attaches a policy to a Resource Access Management (RAM) user group.
DetachPolicyFromGroup	DetachPolicyFromGroup	Detaches a policy from a Resource Access Management (RAM) user group.
AttachPolicyToRole	AttachPolicyToRole	Attaches a policy to a Resource Access Management (RAM) role.
DetachPolicyFromRole	DetachPolicyFromRole	Detaches a policy from a Resource Access Management (RAM) role.
ListPoliciesForUser	ListPoliciesForUser	Queries the policies that are attached to a RAM user.
ListPoliciesForGroup	ListPoliciesForGroup	Queries the policies that are attached to a Resource Access Management (RAM) user group.
ListPoliciesForRole	ListPoliciesForRole	Queries the policies that are attached to a Resource Access Management (RAM) role.
ListEntitiesForPolicy	ListEntitiesForPolicy	Queries the entities to which a policy is attached.

Security management

API	Title	Description
SetAccountAlias	SetAccountAlias	Configures an alias for an Alibaba Cloud account.
GetAccountAlias	GetAccountAlias	Queries the alias of an Alibaba Cloud account.
ClearAccountAlias	ClearAccountAlias	Deletes the alias of an Alibaba Cloud account.
SetPasswordPolicy	SetPasswordPolicy	Configures the password policy for Resource Access Management (RAM) users, including the password strength.
GetPasswordPolicy	GetPasswordPolicy	Queries the password policy of Resource Access Management (RAM) users, including the password strength.
SetSecurityPreference	SetSecurityPreference	Configures the security preferences.
GetSecurityPreference	GetSecurityPreference	Queries the security preferences.

Permission analysis and diagnostics

API	Title	Description
DecodeDiagnosticMessage	DecodeDiagnosticMessage	Decodes the diagnostic information in the response that contains an access denied error. The error is caused by no RAM permissions.

Tag management

API	Title	Description
TagResources	TagResources	Adds tags to cloud resources which are Resource Access Management (RAM) roles and policies.
UntagResources	UntagResources	Removes tags from cloud resources that are Resource Access Management (RAM) roles and policies.
ListTagResources	ListTagResources	Queries the tags that are added to cloud resources which are Resource Access Management (RAM) roles and policies.