If system policies do not meet your requirements, you can configure custom policies to implement the principle of least privilege. You can use custom policies to implement fine-grained permission control and improve your resource security. This topic describes how to configure custom policies for NAT gateways.
What is a custom policy?
Resource Access Management (RAM) policies are classified into system policies and custom policies. You need to manually maintain custom policies.
After you create a custom policy, you need to attach it to a RAM user, user group, or RAM role so that the permissions specified in the policy can be granted to the object.
You can delete a RAM policy that is not attached to an object. If the RAM policy is attached to an object, you must detach the RAM policy from the object before you can delete the RAM policy.
Custom policies support version control. You can manage custom policy versions based on the version management mechanism provided by RAM.
References
RAM authorization
To use custom policies, you must understand the permission control requirements of your business and the authorization information about NAT Gateway. For more information, see Authorization information.