All Products
Search

This Product

    Cloud Migration Hub:Manage permissions for CMH

    Document Center

    Cloud Migration Hub:Manage permissions for CMH

    Last Updated:Aug 07, 2024

    This topic describes the permissions required if you want to survey Alibaba Cloud resources and migrate resources by using Cloud Migration Hub (CMH) as a Resource Access Management (RAM) user. This topic also describes how to grant permissions to the RAM user.

    Overview

    If you use CMH to survey Alibaba Cloud resources or migrate resources on Alibaba Cloud, CMH automatically obtains the information about the resources within your Alibaba Cloud account, creates relevant resources, and migrates your resources. If you access CMH as a RAM user or by assuming a RAM role, your account must have the permissions to perform specific operations.

    Grant permissions

    In this example, the AliyunAPDSFullAccess policy is used. Log on to the RAM console. In the left-side navigation pane, choose Identities > Users, or choose Identities > Roles. Create a RAM user or RAM role, and attach the AliyunAPDSFullAccess policy to the RAM user or RAM role.

    Permissions

    RAM policies with full permissions

    Policy

    Description

    Scenario

    AliyunAPDSFullAccess

    The full permissions on CMH.

    Use the CMH console.

    AliyunConfigFullAccess

    The full permissions on Cloud Config.

    N/A

    AliyunIaCServiceFullAccess

    The full permissions on Infrastructure as Code (IaC) Service.

    Migrate data across zones on Alibaba Cloud, migrate data from Amazon Web Services (AWS) to Alibaba Cloud, migrate data across regions on Alibaba Cloud, or migrate data across Alibaba Cloud accounts

    AliyunECSFullAccess

    The full permissions on Elastic Compute Service (ECS).

    Migrate data from AWS to Alibaba Cloud, migrate data across zones on Alibaba Cloud, migrate data across regions on Alibaba Cloud, or migrate data across Alibaba Cloud accounts

    AliyunRDSFullAccess

    The full permissions on ApsaraDB RDS.

    Migrate data from AWS to Alibaba Cloud, migrate data across zones on Alibaba Cloud, migrate data across regions on Alibaba Cloud, or migrate data across Alibaba Cloud accounts

    AliyunVPCFullAccess

    The full permissions on Virtual Private Cloud (VPC).

    Migrate data across zones or regions on Alibaba Cloud or migrate data across Alibaba Cloud accounts

    AliyunSLBFullAccess

    The full permissions on Server Load Balancer (SLB).

    Migrate data across zones or regions on Alibaba Cloud or migrate data across Alibaba Cloud accounts

    AliyunOSSFullAccess

    The full permissions on Object Storage Service (OSS).

    Migrate data across regions on Alibaba Cloud or migrate data across Alibaba Cloud accounts