ApsaraMQ for MQTT:Activate ApsaraMQ for MQTT and grant permissions to a RAM user

Step 1: Activate ApsaraMQ for MQTT

1. Go to the product page of ApsaraMQ for MQTT.

2. In the upper-right corner of the page, click Log In.

3. On the Sign in to Alibaba Cloud page, enter your Alibaba Cloud account and password, and click Sign In.

4. On the product page of ApsaraMQ for MQTT, click Buy Now.

   You are redirected to the ApsaraMQ for MQTT console.

5. On the Overview page, click Activate for Free.

6. On the service activation page, read the content of the order and the service agreement, select Message Queue for Apache RocketMQ Terms of Service, and then click Activate Now.

   Note

   ApsaraMQ for MQTT is one of the services provided by ApsaraMQ for RocketMQ. After you activate ApsaraMQ for RocketMQ, ApsaraMQ for MQTT is activated. You can activate ApsaraMQ for RocketMQ for free.

(Required for a RAM user) Step 1: Grant permissions to a RAM user

If you activate ApsaraMQ for MQTT as a RAM user, you must use your Alibaba Cloud account to grant the required permissions to the RAM user before you use the RAM user to access ApsaraMQ for MQTT resources. If you activate ApsaraMQ for MQTT by using an Alibaba Cloud account, you have the permissions to access ApsaraMQ for MQTT resources by default. In this case, skip this step.

1. Log on to the RAM console with an Alibaba Cloud account or a RAM user who has administrative rights.

2. In the left-side navigation pane, choose Identities > Users.

3. On the Users page, find the required RAM user and click Add Permissions in the Actions column.

4. In the Add Permissions panel, grant permissions to the RAM user.

   1. Select the authorization scope.

      • Alibaba Cloud Account: The authorization takes effect on the current Alibaba Cloud account.

      • Specific Resource Group: The authorization takes effect on a specific resource group.

        Note

        If you select Specific Resource Group for Authorized Scope, make sure that the required cloud service supports resource groups. For more information, see Services that work with Resource Group. For more information about how to grant permissions on a resource group, see Use a resource group to grant a RAM user the permissions to manage a specific ECS instance.

   2. Specify the principal.

      The principal is the RAM user to which you want to grant permissions.

   3. Select policies.

      A policy contains a set of permissions. Policies can be classified into system policies and custom policies:

      • System policies: policies that are created by Alibaba Cloud. You can use but cannot modify these policies. Version updates of the policies are maintained by Alibaba Cloud. For more information, see Services that work with RAM.

      • Custom policies: You can manage and update custom policies based on your business requirements. You can create, update, and delete custom policies. For more information, see Create a custom policy.

      Note

      You can attach a maximum of five policies to a RAM user at a time. If you want to attach more than five policies to a RAM user, perform the operation multiple times.

5. Click OK.

6. Click Complete.

ApsaraMQ for MQTT provides the following system policies. You can grant the related permissions to the RAM user based on the permission scope.