Resource Management, RAM, and Identity

Controlling who can access your Alibaba Cloud resources — and what they can do — is fundamental to security. This lesson covers Resource Access Management (RAM), resource groups, and identity best practices.

Alibaba Cloud Accounts

When you sign up for Alibaba Cloud, you receive a root account (also called the primary account). This account has full access to all resources and billing.

Root Account Best Practices

Never use the root account for daily tasks — create RAM users instead
Enable MFA (Multi-Factor Authentication) on the root account
Protect the root account credentials — store them securely
Use RAM users and roles for all operational work

Resource Access Management (RAM)

RAM is Alibaba Cloud's identity and access management service — the equivalent of AWS IAM or Azure AD. It allows you to:

Create and manage RAM users (individual identities)
Organise users into RAM groups
Define RAM policies (permissions)
Create RAM roles for temporary access

RAM Users

A RAM user is an identity within your Alibaba Cloud account. Each user has:

Resource Management, RAM, and Identity

Resource Management, RAM, and Identity

Alibaba Cloud Accounts

Root Account Best Practices

Resource Access Management (RAM)

RAM Users

More in Cloud