You must activate ApsaraMQ for RocketMQ on the Alibaba Cloud official website before you can use the service. If your account is a Resource Access Management (RAM) user, you must grant permissions to the RAM user before you can use the console or API to access the corresponding resources in ApsaraMQ for RocketMQ and use the resources to send and consume messages by using SDKs.
Prerequisites
An Alibaba Cloud account is created, and real-name verification is complete. For more information, see Sign up with Alibaba Cloud.
Step 1: Activate ApsaraMQ for RocketMQ
Log on to the ApsaraMQ for RocketMQ console.
In the dialog box that appears, click Activate Message Queue >>.
On the service activation page, select Message Queue (MQ) Terms of Service, and then click Activate Now.
Step 2: (Required for RAM users) Grant permissions to a RAM user
Log on to the RAM console as a RAM administrator.
In the left-side navigation pane, choose .
On the Users page, find the required RAM user, and click Add Permissions in the Actions column.
You can also select multiple RAM users and click Add Permissions in the lower part of the page to grant permissions to the RAM users at a time.
In the Grant Permission panel, grant permissions to the RAM user.
Configure the Resource Scope parameter.
Account: The authorization takes effect on the current Alibaba Cloud account.
ResourceGroup: The authorization takes effect on a specific resource group.
ImportantIf you select Resource Group for the Resource Scope parameter, make sure that the required cloud service supports resource groups. For more information, see Services that work with Resource Group. For more information about how to grant permissions on a resource group, see Use a resource group to grant a RAM user the permissions to manage a specific ECS instance.
Configure the Principal parameter.
The principal is the RAM user to which you want to grant permissions. The current RAM user is automatically selected.
Configure the Policy parameter.
A policy contains a set of permissions. Policies can be classified into system policies and custom policies. You can select multiple policies at a time.
System policies: policies that are created by Alibaba Cloud. You can use but cannot modify these policies. Version updates of the policies are maintained by Alibaba Cloud. For more information, see Services that work with RAM.
NoteThe system automatically identifies high-risk system policies, such as AdministratorAccess and AliyunRAMFullAccess. We recommend that you do not grant unnecessary permissions by attaching high-risk policies.
Custom policies: You can manage and update custom policies based on your business requirements. You can create, update, and delete custom policies. For more information, see Create a custom policy.
Click Grant permissions.
Click Close.
ApsaraMQ for RocketMQ provides the following system policies. You can grant related permissions to a RAM user based on the permission scope.
Policy name | Description |
AliyunMQFullAccess | The permissions that are required to manage ApsaraMQ for RocketMQ. This policy grants permissions that are equivalent to the permissions of an Alibaba Cloud account. RAM users to whom this policy is attached have permissions to send and subscribe to messages and perform all actions in the console. |
AliyunMQPubOnlyAccess | The permissions that allow users of ApsaraMQ for RocketMQ to send messages. RAM users to whom this policy is attached have the permissions to use all resources of an Alibaba Cloud account to send messages by using SDKs. |
AliyunMQSubOnlyAccess | The permissions that allow users of ApsaraMQ for RocketMQ to subscribe to messages. RAM users to whom this policy is attached have the permissions to use all resources of an Alibaba Cloud account to subscribe to messages by using SDKs. |
AliyunMQReadOnlyAccess | The permissions that allow users of ApsaraMQ for RocketMQ to only read the information about resources. RAM users to whom this policy is attached have the permissions to only read the information about the resources of an Alibaba Cloud account in the console or by calling API operations. |
System policies provide a wide scope of permissions. For example, a RAM user to which the AliyunMQFullAccess
policy is attached can manage all resources of ApsaraMQ for RocketMQ. ApsaraMQ for RocketMQ provides custom policies to allow you to implement fine-grained permission management on a specific type of resource. For example, you can grant a RAM user only the permissions to use the console to manage topics. For more information about custom policies, see Custom policies for ApsaraMQ for RocketMQ.
What to do next
You can click Console to create resources. For more information, see Create resources.