Cloud Backup provides network isolation and other methods to effectively improve the security of mutual access between resources.
RAM policies based on users
Resource Access Management (RAM) is a resource access control service provided by Alibaba Cloud. You can configure RAM policies based on users. You can manage users by configuring RAM policies. For users such as employees, systems, or applications, you can control which resources are accessible.
A RAM policy is in the JSON format. You can configure a RAM policy by specifying the Action, Effect, Resource, and Condition elements in the statements. You can specify multiple statements in a RAM policy to efficiently manage authorization. For more information, see RAM overview.
Temporary access authorization based on STS
RAM policies allow you to manage long-term access permissions. If you want to allow users to access resources only for a short period of time, you can use Security Token Service (STS) to create temporary access credentials. You can obtain temporary access credentials which consist of an AccessKey pair and a security token from environment variables by using STS SDKs, and send them to temporary users to access Cloud Backup. The permissions that are obtained by using STS are restricted and have time limits. The leak of temporary access credentials causes lower-level risks than the leak of other credentials.
You can use STS to authorize temporary access to Cloud Backup. You can use STS to grant temporary access credentials that have a custom validity period and custom permissions to a third-party application or a RAM user that is managed by you.