Create a RAM role for a trusted Alibaba Cloud service - Resource Access Management

A Resource Access Management (RAM) role whose trusted entity is an Alibaba Cloud service is used to authorize access across Alibaba Cloud services. This type of RAM role can be assumed by a trusted Alibaba Cloud service.

Service role types

Regular service role: You must enter a name for the RAM role, select a trusted service, and then attach policies to the RAM role.
Service-linked role: You need only to select a trusted service. The name and policy of the RAM role are predefined by the service. For more information, see Service-linked roles.

Create a regular service role

Log on to the RAM console as a RAM user who has administrative rights.
In the left-side navigation pane, choose Identities > Roles.
On the Roles page, click Create Role.
On the Create Role page, select Alibaba Cloud Service in the Select Trusted Entity section and click Next.
Select Normal Service Role for the Role Type parameter.
Specify the RAM Role Name and Note parameters.
Select a trusted service.
Note
Available services are provided in the Select Service drop-down list.
Click OK.
Click Close.

After a RAM role is created, the RAM role has no permissions. You can grant permissions to the RAM role. For more information, see Grant permissions to a RAM role.

Create a service-linked role

Log on to the RAM console as a RAM user who has administrative rights.
In the left-side navigation pane, choose Identities > Roles.
On the Roles page, click Create Role.
On the Create Role page, select Alibaba Cloud Service in the Select Trusted Entity section and click Next.
Select Service Linked Role for the Role Type parameter.
Select a service.
After you select the service, you can view the name, description, and policy that are predefined for the service-linked role. You can click View Policy Details to view the detailed information about the policy.
Note
Available services are provided in the Select Service drop-down list.
Click OK.
Click Close.