All Products
Search
Document Center

EventBridge:Activate EventBridge and grant permissions to a RAM user

最終更新日:Jan 16, 2024

Before you use EventBridge, you must activate the service on the EventBridge product page. This topic describes how to activate EventBridge. If you are a Resource Access Management (RAM) user, you must be granted the required permissions by an Alibaba Cloud account before you use the EventBridge console or call API operations to access resources in EventBridge and use the resources to route events.

Prerequisites

An Alibaba Cloud account is created.

Step 1: Activate EventBridge

  1. Log on to the Alibaba Cloud official website and choose Products > Middleware > Applications Integration > EventBridge.

  2. On the EventBridge product page, click Activate Now.

  3. Read and agree to the EventBridge (Pay-as-you-go) Terms of Service. Then, click Activate Now.

    After you activate EventBridge, you can log on to the EventBridge console.

Step 2: (Required for RAM users) Grant permissions to a RAM user

  1. Log on to the RAM console with an Alibaba Cloud account or a RAM user who has administrative rights.

  2. In the left-side navigation pane, choose Identities > Users.

  3. On the Users page, find the required RAM user and click Add Permissions in the Actions column.

  4. In the Add Permissions panel, grant permissions to the RAM user.

    1. Select the authorization scope.

      • Alibaba Cloud Account: The authorization takes effect on the current Alibaba Cloud account.

      • Specific Resource Group: The authorization takes effect on a specific resource group.

        Note

        If you select Specific Resource Group for Authorized Scope, make sure that the required cloud service supports resource groups. For more information, see Services that work with Resource Group. For more information about how to grant permissions on a resource group, see Use a resource group to manage an ECS instance.

    2. Specify the principal.

      The principal is the RAM user to which you want to grant permissions.

    3. Select policies.

      A policy contains a set of permissions. Policies can be classified into system policies and custom policies:

      • System policies: policies that are created by Alibaba Cloud. You can use but cannot modify these policies. Version updates of the policies are maintained by Alibaba Cloud. For more information, see Services that work with RAM.

      • Custom policies: You can manage and update custom policies based on your business requirements. You can create, update, and delete custom policies. For more information, see Create a custom policy.

      Note

      You can attach a maximum of five policies to a RAM user at a time. If you want to attach more than five policies to a RAM user, perform the operation multiple times.

  5. Click OK.

  6. Click Complete.

EventBridge provides the following system policies. You can grant permissions to the RAM user based on the permission scope.

PolicyDescription
AliyunEventBridgeFullAccessThe permissions to manage EventBridge. Such permissions are equivalent to the permissions that an Alibaba Cloud account has. A RAM user to which this policy is attached can publish events and use all the features of the EventBridge console.
AliyunEventBridgeReadOnlyAccessThe read-only permissions on EventBridge. A RAM user to which this policy is attached can only read resource information in the EventBridge console or by calling API operations.
AliyunEventBridgeResourceCreatePolicyThe permissions to create resources in EventBridge. A RAM user to which this policy is attached can create resources in the EventBridge console or by calling API operations.
AliyunEventBridgeResourceUpdatePolicyThe permissions to edit resources in EventBridge. A RAM user to which this policy is attached can edit resources in the EventBridge console or by calling API operations.
AliyunEventBridgeResourceDeletePolicyThe permissions to delete resources from EventBridge. A RAM user to which this policy is attached can delete resources in the EventBridge console or by calling API operations.
AliyunEventBridgePutEventsPolicyThe permissions to publish events in EventBridge. A RAM user to which this policy is attached can publish events in the EventBridge console or by calling API operations.
Note

System policies cover a large permission scope. For example, if you attach the AliyunEventBridgeFullAccess policy to a RAM user, the RAM user can manage all resources in EventBridge. To meet your requirements on fine-grained permission management, EventBridge also provides custom policies. For more information, see the "Custom policies" section of the Policies topic.

What to do next

You can click Console to create resources. For more information, see Overview.