All Products
Search

This Product

    Alibaba Cloud DNS:Manage domain names and Alibaba Cloud DNS across accounts

    Document Center

    Alibaba Cloud DNS:Manage domain names and Alibaba Cloud DNS across accounts

    Last Updated:Jul 05, 2023

    Scenarios

    The RAM user dns-account created within Account B is authorized to manage the domain names within Account A.

    Procedure

    Create the RAM user dns-admin for Account B within Account A and attach the AliyunDNSFullAccess system policy to the RAM user

    1. Log on to the RAM console.

    2. In the left-side navigation pane, choose Identities > Users. On the Users page, click Create User.

      image..png

    3. On the Create User page, specify the User Account Information and Access Mode parameters.

      image..png

    4. On the Users page, find the RAM user that you want to manage and click Add Permissions in the Actions column.

      image.png

    5. In the panel that appears, select the system policy AliyunDNSFullAccess.

      image.png

    Create the RAM role dns-role for Account B within Account A and enter the ID of Account B

    1. In the left-side navigation pane, choose Identities > Roles. On the Roles page, click Create Role.

      image.png

    2. In the Create Role panel, select Alibaba Cloud Account and click Next.

      image.png

    3. On the Configure Role wizard page of the Create Role panel, specify the RAM Role Name parameter, select Other Alibaba Cloud Account for the Select Trusted Alibaba Cloud Account parameter, and then enter the ID of Account B.

      image.png

    Attach the AliyunDNSFullAccess system policy to the RAM role dns-role within Account A

    1. On the Roles page, find the RAM role that you want to manage and click Add Permissions in the Actions column.

      image.png

    2. In the Add Permissions panel, select AliyunDNSFullAccess for the System Policy parameter and specify other parameters.

      image.png

    Create the RAM user dns-account within Account B and enable console logon for the RAM user

    1. Create the RAM user dns-account within Account B according to the preceding steps.

      image.png

    Attach the AliyunSTSAssumeRoleAccess system policy to the RAM user dns-account within Account B

    1. Attach the AliyunSTSAssumeRoleAccess system policy to the RAM user dns-account within Account B according to the preceding steps.

      image.png

    • Log on to the RAM console with the RAM user dns-account. In the upper-right corner of the console, move the pointer over the profile picture. Click Switch Identity.

      image.pngimage.png

    • Enter the enterprise alias of the RAM user dns-admin and the RAM role dns-role within Account A.

      image.png

    • If the identity is switched, the RAM user dns-account within Account B can manage the RAM role dns-role within Account A.