Before a Resource Access Management (RAM) user can use CloudMonitor to monitor a cloud service, the Alibaba Cloud account to which the RAM user belongs must grant permissions to the RAM user.
Prerequisites
A RAM user is created within your Alibaba Cloud account. For more information, see Create a RAM user.
Procedure
Log on to the RAM console.
In the left-side navigation pane, choose .
On the Users page, find the RAM user to which you want to grant permissions and click Add Permissions in the Actions column.
In the Grant Permission panel, set the Resource Scope parameter to Account. In the Policy section, select one or more policies.
NoteYou can grant permissions on CloudMonitor to an Alibaba Cloud account. You cannot grant permissions on CloudMonitor to a resource group.
System Policy: the system policies. To specify system policies, select the required policies in the Policy Name column.
Policy
Description
AliyunCloudMonitorFullAccess
The permissions to manage CloudMonitor.
AliyunCloudMonitorReadOnlyAccess
The read-only permissions on CloudMonitor.
Custom Policy: the custom policies. To specify custom policies, select the required policies in the Policy Name column.
For more information about how to create a custom policy, see Create a custom policy.
For example, you can grant the RAM user the permissions to export monitoring data. The following sample code provides an example:
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "cms:BatchGet", "cms:Cursor" ], "Resource": [ "*" ], "Condition": {} } ] }
Click Grant permissions.
Click Close.