To ensure the security of your accounts and cloud resources in Alibaba Cloud, we recommend that you do not use your Alibaba Cloud account to access FPGA as a Service (FaaS) unless necessary. You can use Resource Access Management (RAM) identities, including RAM users and RAM roles, and attach policies to manage the permissions of the identities. This way, you can effectively control the access security of resources.
When you use RAM to implement access control, FaaS supports the same identities, policies, and service-linked roles as Elastic Compute Service (ECS). This topic describes the identities, policies, and service-linked roles.
Identities
You can grant RAM users and RAM roles the permissions to access and manage the resources within your Alibaba Cloud account. For more information, see Identities.
Policies
The following types of identity-based policies are supported: system policy and custom policy. You can attach a policy to a RAM identity to grant the access permissions specified in the policy.
System policy: System policies are created, managed, and updated by Alibaba Cloud. You can use system policies but cannot modify them. For more information, see System policies for ECS.
Custom policy: You can create, update, and delete custom policies to meet your business requirements. For more information, see Custom policies for ECS.
Service-linked roles
A service-linked role is a RAM role whose trusted entity is an Alibaba Cloud service. Elastic GPU Service uses service-linked roles to access other cloud services or resources. For more information, see Service-linked roles.