This topic lists the Alibaba Cloud services that work with Resource Access Management (RAM), the authorization granularity and system policies for each service, and the links of related topics.
Overview
Each table in this topic contains the following columns:
Alibaba Cloud service: the name of the cloud service that supports RAM.
Sub-service or sub-module: the sub-service or sub-module of the cloud service. A hyphen (-) indicates none.
RAM code: the code that is used in RAM to indicate the cloud service.
Console: indicates whether RAM can be used to implement access control in the console of the service. A tick (√) indicates that RAM is supported. A cross (×) indicates that RAM is not supported. A circle (○) indicates that no console is provided for that service.
API: indicates whether RAM can be used to implement access control by calling the API of the service. A tick (√) indicates that RAM is supported by calling the API of the service. A cross (×) indicates that RAM is not supported by calling the API of the service. A circle (○) indicates that no API is provided for that service.
Authorization granularity: the minimum authorization granularity of the service. A hyphen (-) indicates that no authorization granularity is defined.
The following authorization granularity is defined:
Service: You can control whether RAM users can access the service. You can grant RAM users or RAM roles the permissions to access all or none of the resources in the service.
Operation: You can control whether RAM users or RAM roles can perform specific operations on a specific type of resource in the service.
Resource: You can control whether RAM users can perform a specific operation on a specific resource in the service. For example, you can authorize a RAM user to restart a specific Elastic Compute Service (ECS) instance.
System policy: the system policies that RAM provides for the service. A hyphen (-) indicates that no system policies are provided for the service.
References: the topics that are related to both RAM and the service. A hyphen (-) indicates that no topics are related to RAM or the service.
Elastic computing
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
ECS | ECS | ecs | ✓ | ✓ | Resource |
| |
Elastic Block Storage (EBS) | EBS | ecs | ✓ | ✓ | Resource |
| - |
EBS | EBS | ebs | ✓ | ✓ | Resource |
| - |
ECS | Elastic GPU Service | ecs | ✓ | ✓ | Resource |
| |
ECS | ECS Bare Metal Instance | ecs | ✓ | ✓ | Resource |
| |
ECS | Dedicated Host (DDH) | ecs | ✓ | ✓ | Resource |
| |
ECS | Alibaba Cloud Linux 2 | ecs | ✓ | ✓ | Resource |
| |
Auto Scaling | - | ess | ✓ | ✓ | Operation |
| |
Container Service for Kubernetes (ACK) | - | cs | ✓ | ✓ | Resource |
| |
Batch Compute | - | batchcompute | ✓ | ✓ | Service | - | - |
Resource Orchestration Service (ROS) | - | ros | ✓ | ✓ | Resource |
| |
Function Compute | - | fc | ✓ | ✓ | Resource |
| Grant permissions across Alibaba Cloud accounts by using RAM roles |
Simple Application Server | - | swas | ✓ | ○ | Service | AliyunSWASFullAccess | - |
Elastic High Performance Computing (E-HPC) | - | ehpc | ✓ | ✓ | Service |
| - |
Container Registry | - | cr | ✓ | ✓ | Resource |
| |
Elastic Desktop Service (EDS) | EDS | ecd | ✓ | ✓ | Operation |
| |
Elastic Container Instance | - | eci | ✓ | ✓ | Resource |
| |
CloudFlow | - | fnf | ✓ | ✓ | Resource |
| |
Web App Service | - | webplus | ✓ | ✓ | Operation |
| - |
Compute Nest | - |
| ✓ | ○ | Resource |
| - |
Alibaba Cloud Distributed Cloud Container Platform (ACK One) | - | adcp | ✓ | ✓ | Operation |
| - |
Databases
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
ApsaraDB RDS | ApsaraDB RDS | rds | ✓ | ✓ | Resource |
| |
ApsaraDB RDS | ApsaraDB RDS for MySQL | rds | ✓ | ✓ | Resource |
| |
ApsaraDB RDS | ApsaraDB RDS for SQL Server | rds | ✓ | ✓ | Resource |
| |
ApsaraDB RDS | ApsaraDB RDS for PostgreSQL | rds | ✓ | ✓ | Resource |
| |
ApsaraDB RDS | ApsaraDB for MyBase | rds | ✓ | ✓ | Resource |
| - |
Tair (Redis® OSS-Compatible) | - | kvstore | ✓ | ✓ | Resource |
| |
ApsaraDB for MongoDB | - | dds | ✓ | ✓ | Resource |
| - |
AnalyticDB for PostgreSQL | - | gpdb | ✓ | ✓ | Resource |
| - |
Data Transmission Service (DTS) | - | dts | ✓ | ✓ | Operation |
| Use a system policy to authorize a RAM user to manage DTS instances |
Data Management (DMS) | - | dms | ✓ | ✓ | Service |
| |
AnalyticDB for MySQL | - | adb | ✓ | ✓ | Operation |
| |
PolarDB for Xscale (PolarDB-X) | - |
| ✓ | ✓ | Resource |
| |
ApsaraDB for HBase | - | hbase | ✓ | ✓ | Resource |
| |
Advanced Database & Application Migration (ADAM) | - | adam | ✓ | ○ | Service |
| |
PolarDB | - | polardb | ✓ | ✓ | Operation |
| |
Database Backup (DBS) | - | dbs | ✓ | ✓ | Service |
| - |
Database Autonomy Service (DAS) | - | hdm | ✓ | ✓ | Service |
| |
ApsaraDB for OceanBase | - | oceanbase | ✓ | ○ | Service |
| - |
ApsaraDB for Cassandra | - | cassandra | ✓ | ✓ | Resource |
| |
LedgerDB | - | ledgerdb | ✓ | ✓ | Resource |
| |
ApsaraDB for ClickHouse | - | clickhouse | ✓ | ✓ | Resource |
| |
Database Gateway (DG) | - | dg | ✓ | ✓ | Resource |
| - |
ApsaraDB for SelectDB | - | selectdb | ✓ | ✓ | Operation |
|
Storage
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Object Storage Service (OSS) | - | oss | ✓ | ✓ | Resource |
| |
File Storage NAS (NAS) | - | nas | ✓ | ✓ | Resource |
| |
Tablestore (OTS) | - | ots | ✓ | ✓ | Resource |
| |
Cloud Storage Gateway (CSG) | - | hcs-sgw | ✓ | ✓ | Service | AliyunHCSSGWFullAccess | |
Cloud Backup | - | hbr | ✓ | ✓ | Resource |
| Create a RAM user and authorize the RAM user to access Cloud Backup |
Hybrid Cloud Storage Array (CSA) | Hybrid Cloud Storage Array (CSA) | hgw | ✓ | ○ | Operation |
| - |
CSA | Remote Service | asrs | ✓ | ○ | Resource |
| - |
Cloud communications
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Short Message Service (SMS) | - | dysms | ✓ | ✓ | Service | - | - |
Network
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Virtual Private Cloud (VPC) | - | vpc | ✓ | ✓ | Resource |
| |
Server Load Balancer (SLB) | SLB | slb | ✓ | ✓ | Resource |
| |
SLB | Application Load Balancer (ALB) | alb | ✓ | ✓ | Resource |
| - |
SLB | Network Load Balancer (NLB) | nlb | ✓ | ✓ | Resource |
| - |
Express Connect | - | vpc | ✓ | ✓ | Resource |
| |
Elastic IP Address (EIP) | EIP | vpc | ✓ | ✓ | Resource |
| |
EIP | Anycast Elastic IP Address (Anycast EIP) | eipanycast | ✓ | ✓ | Resource |
| |
NAT Gateway | - | vpc | ✓ | ✓ | Resource |
| |
VPN Gateway | - | vpc | ✓ | ✓ | Resource |
| |
Internet Shared Bandwidth | - | vpc | ✓ | ✓ | Resource |
| - |
Global Accelerator (GA) | - | ga | ✓ | ✓ | Resource |
| |
Smart Access Gateway (SAG) | - | smartag | ✓ | ✓ | Resource | - | |
Cloud Enterprise Network (CEN) | - | cen | ✓ | ✓ | Resource |
| |
PrivateLink | - | privatelink | ✓ | ✓ | Resource |
| |
Alibaba Cloud DNS PrivateZone | - | pvtz | ✓ | ✓ | Resource |
| |
Cloud Data Transfer (CDT) | - | cdt | ✓ | ✓ | Operation |
| |
VPC peering connection | - | vpc | ✓ | ✓ | Resource |
| - |
IPv6 Gateway | - | vpc | ✓ | ✓ | Resource |
| - |
O&M and management
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Application Real-Time Monitoring Service (ARMS) | - | arms | ✓ | ✓ | Service |
| |
CloudMonitor | - | cms | ✓ | ✓ | Operation |
| |
Intelligent Advisor | - | advisor-intl | ✓ | ✓ | Operation |
| - |
Cloud Shell | - | cloudshell | ✓ | ○ | Operation | AliyunCloudShellFullAccess | - |
Cloud Config | - | config | ✓ | ✓ | Operation |
| |
Logic Composer | - | composer | ✓ | ✓ | Resource |
| |
CloudOps Orchestration Service (OOS) | - | oos | ✓ | ✓ | Resource |
| |
Cloud Governance Center (CGC) | CGC | governance | ✓ | ○ | Operation |
| - |
Middleware
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Enterprise Distributed Application Service (EDAS) | - | edas | ✓ | ✓ | Resource |
| |
ApsaraMQ | ApsaraMQ for RocketMQ | mq | ✓ | ✓ | Resource |
| |
ApsaraMQ | ApsaraMQ for MQTT | mq | ✓ | ✓ | Resource |
| |
ApsaraMQ | ApsaraMQ for RabbitMQ | amqp | ✓ | ✓ | Resource |
| |
Simple Message Queue (formerly MNS) | - | mns | ✓ | ✓ | Resource |
| |
ApsaraMQ for Kafka | - | alikafka | ✓ | ✓ | Service |
| |
Application High Availability Service | - | ahas | ✓ | ✓ | Service |
| - |
Alibaba Cloud Service Mesh (ASM) | - | servicemesh | ✓ | ✓ | Resource |
| |
EventBridge | - | eventbridge | ✓ | ✓ | Resource |
|
Media services and CDN
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
CDN | - | cdn | ✓ | ✓ | Resource |
| |
ApsaraVideo Media Processing (MPS) | - | mts | ✓ | ✓ | Service |
| - |
ApsaraVideo VOD (VOD) | - | vod | ✓ | ✓ | Operation |
| - |
ApsaraVideo Live | - | live | ✓ | ✓ | Resource |
| |
Real-Time Communication | - | rtc | ✓ | ✓ | Resource | - | - |
Dynamic Content Delivery Network (DCDN) | - | dcdn | ✓ | ✓ | Resource |
| - |
Enterprise applications
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Direct Mail | - | dm | ✓ | ✓ | Operation |
| - |
API Gateway | - | apigateway | ✓ | ✓ | Service |
| |
Alibaba Mail | - | alimail | ✓ | ○ | Operation |
| - |
Resource Management | Resource Management | resourcemanager | ✓ | ✓ | Operation |
| |
Resource Management | Resource Sharing | resourcesharing | ✓ | ✓ | Operation |
| - |
Resource Management | Tag service | tag | ✓ | ✓ | Operation |
| |
Resource Management | Resource Center | resourcecenter | ✓ | ✓ | Operation |
| |
Blockchain as a Service (BaaS) | BaaS | baas | ✓ | ✓ | Resource |
| |
CloudQuotation (CQ) | - | assettech | ✓ | ○ | Service |
| - |
BizWorks | - | bizworks | ✓ | ○ | Service |
| - |
Domains and websites
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Alibaba Cloud DNS (DNS) | DNS | alidns | ✓ | ✓ | Resource |
| |
DNS | Alibaba Cloud Public DNS | pubdns | ✓ | ✓ | Resource |
| - |
Domain Names | - | domain | ✓ | ✓ | Resource |
|
Artificial intelligence
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Intelligent Speech Interaction | Intelligent Speech Interaction | nls | ✓ | ✓ | Service |
| - |
Platform for AI (PAI) | - | pai | ✓ | ✓ | Service | - | - |
PAI | - | paiplugin | ○ | ✓ | Operation |
| - |
Image Search | - | imagesearch | ✓ | ✓ | Resource |
| |
Machine Translation | - | alimt | ✓ | ✓ | Operation |
| - |
IoT
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
IoT Platform | - | iot | ✓ | ✓ | Resource |
| |
Link IoT Edge | - | iot | ✓ | ✓ | Resource |
| |
Lindorm | Time Series Database (TSDB) | hitsdb | ✓ | ✓ | Operation | - | - |
Big data
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
DataWorks | - | dataworks | ✓ | ✓ | Operation |
| |
Quick BI | - | - | ✓ | ✓ | Service | - | - |
DataV | - | datav | ✓ | ○ | Service | AliyunDataVFullAccess | - |
Realtime Compute for Apache Flink | - | stream | ✓ | ✓ | Resource |
| |
Elasticsearch | - | elasticsearch | ✓ | ✓ | Resource |
| |
E-MapReduce (EMR) | E-MapReduce | emr | ✓ | ✓ | Service |
| |
Simple Log Service | - | log | ✓ | ✓ | Resource |
| |
Hologres | - | hologram | ✓ | ✓ | Resource |
|
Developer services
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Apsara Devops | - | rdc | ✓ | ✓ | Resource |
| - |
Managed Service for OpenTelemetry | - | xtrace | ✓ | ✓ | Operation |
| - |
Security
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Security Center | - |
| ✓ | ✓ | Operation |
| - |
Server Guard | - | yundun-aegis | ✓ | ✓ | Service |
| - |
Anti-DDoS | Anti-DDoS | yundun-ddos | ✓ | ✓ | Service |
| - |
Anti-DDoS | Anti-DDoS Proxy |
| ✓ | ✓ | Service |
| - |
Anti-DDoS | Anti-DDoS Proxy (Outside Chinese Mainland) |
| ✓ | ○ | Service |
| - |
Web Application Firewall (WAF) | WAF | yundun-waf | ✓ | ✓ | Operation |
| - |
Certificate Management Service | - | yundun-cert | ✓ | ✓ | Service |
| - |
Cloud Firewall | - | yundun-cloudfirewall | ✓ | ✓ | Service |
| - |
Managed Security Service (MSSP) | - | mssp | ✓ | ○ | Service | - | - |
Content Moderation | - | yundun-greenweb | ✓ | ✓ | Service |
| - |
Bastionhost | Bastionhost | yundun-bastionhost | ✓ | ○ | Service |
| - |
Data Security Center (DSC) | - | yundun-sddp | ✓ | ✓ | Service |
| - |
Identity as a Service (IDaaS) | IDaaS | yundun-idaas | ✓ | ○ | Operation |
| - |
Key Management Service (KMS) | - | kms | ✓ | ✓ | Resource |
| |
RAM | RAM |
| ✓ | ✓ | Resource |
| |
RAM | CloudSSO | cloudsso | ✓ | ○ | Resource |
| - |
ActionTrail | - | actiontrail | ✓ | ✓ | Operation | - |
Technical support
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Ticket Management | - | support | ✓ | ✓ | Service | AliyunSupportFullAccess | - |
Marketplace
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Alibaba Cloud Marketplace | - | acm | ✓ | × | Service | AliyunMarketplaceFullAccess | - |
Others
Service | Sub-service or sub-module | RAM code | Console | API | Authorization granularity | System policy | References |
Billing Management | - |
| ✓ | ✓ | Operation |
| - |
ICP Filing | - |
| ✓ | ○ | Service | AliyunBeianFullAccess | - |