>_SkillsHub

> alicloud-ram

alicloud-ram skill from agents-infrastructure/alicloud-agent-skills

fetch
$curl "https://skillshub.wtf/agents-infrastructure/alicloud-agent-skills/alicloud-ram?format=md"
SKILL.mdalicloud-ram

Alibaba Cloud RAM (Resource Access Management) Skill

Manage Alibaba Cloud Resource Access Management (RAM) using the @alicloud/ram20150501 TypeScript SDK. Use when working with identity and access control on Alibaba Cloud, including RAM users, user groups, roles, policies, AccessKeys, MFA devices, login profiles, password policies, security preferences, account aliases, and resource tagging. Covers all 66 APIs of the RAM 20150501 version.

Metadata

  • SDK Package: @alicloud/ram20150501
  • API Version: 2015-05-01
  • Endpoint: ram.aliyuncs.com (global service, no regionId needed)
  • API Style: RPC
  • Total APIs: 66
  • Functional Domains: 7

Prerequisites

npm install @alicloud/ram20150501 @alicloud/openapi-client @alicloud/credentials

Environment variables:

export ALIBABA_CLOUD_ACCESS_KEY_ID="your-access-key-id"
export ALIBABA_CLOUD_ACCESS_KEY_SECRET="your-access-key-secret"

Client Initialization

import Ram20150501, * as $_model from '@alicloud/ram20150501';
import * as $OpenApi from '@alicloud/openapi-client';
import Credential from '@alicloud/credentials';

const cred = new Credential();
const config = new $OpenApi.Config({ credential: cred });
config.endpoint = 'ram.aliyuncs.com';
const client = new Ram20150501(config);

Reusable factory: See scripts/setup_client.ts for production-ready client creation with AK/STS support.

API Functional Domains

DomainAPIsReferenceDescription
RAM User9references/user.mdCreate, query, update, delete RAM users; attach/detach policies; query MFA info
RAM User Group12references/group.mdCreate, manage groups; add/remove users; attach/detach group policies
RAM Role8references/role.mdCreate, manage roles (cross-account, service); attach/detach role policies
Policy13references/policy.mdCreate custom policies; manage versions; set default version; password policy
AccessKey5references/accesskey.mdCreate, delete, enable/disable AccessKey pairs; query last used time
Security & Login12references/security.mdLogin profiles; MFA devices; password change; security preferences
Account & Tag7references/account.mdAccount alias; resource tagging; diagnostic message decoding

Quick Examples

Create a RAM User

const result = await client.createUser(new $_model.CreateUserRequest({
  userName: 'alice',
  displayName: 'Alice',
}));
console.log(result.body.user);

Attach a System Policy to User

await client.attachPolicyToUser(new $_model.AttachPolicyToUserRequest({
  userName: 'alice',
  policyName: 'AliyunECSReadOnlyAccess',
  policyType: 'System',
}));

Create a RAM Role for Service

await client.createRole(new $_model.CreateRoleRequest({
  roleName: 'FCAccessOSSRole',
  assumeRolePolicyDocument: JSON.stringify({
    Statement: [{
      Action: 'sts:AssumeRole',
      Effect: 'Allow',
      Principal: { Service: ['fc.aliyuncs.com'] },
    }],
    Version: '1',
  }),
}));

Create a Custom Policy

await client.createPolicy(new $_model.CreatePolicyRequest({
  policyName: 'MyBucketReadOnly',
  policyDocument: JSON.stringify({
    Version: '1',
    Statement: [{
      Effect: 'Allow',
      Action: ['oss:GetObject', 'oss:ListObjects'],
      Resource: ['acs:oss:*:*:my-bucket', 'acs:oss:*:*:my-bucket/*'],
    }],
  }),
}));

List All Users

const result = await client.listUsers(new $_model.ListUsersRequest({}));
for (const user of result.body.users?.user || []) {
  console.log(user.userName, user.displayName);
}

Key Patterns

Policy Types

  • System: Predefined by Alibaba Cloud (e.g., AliyunECSFullAccess, AliyunOSSReadOnlyAccess)
  • Custom: User-created policies with JSON policy documents

Role Trust Policy Principals

// Trust another Alibaba Cloud account
{ Principal: { RAM: ['acs:ram::123456789012****:root'] } }

// Trust an Alibaba Cloud service
{ Principal: { Service: ['fc.aliyuncs.com'] } }

// Trust an external IdP (SAML)
{ Principal: { Federated: ['acs:ram::123456789012****:saml-provider/MyIdP'] } }

Safe Deletion Pattern

Before deleting a RAM user, you must:

  1. Detach all policies (detachPolicyFromUser)
  2. Remove from all groups (removeUserFromGroup)
  3. Delete all AccessKeys (deleteAccessKey)
  4. Unbind MFA device (unbindMFADevice)
  5. Delete login profile (deleteLoginProfile)
  6. Then delete the user (deleteUser)

See references/workflows.md → Workflow 8 for complete code.

Common Workflows

See references/workflows.md for complete code examples:

  1. Create RAM User with Console Access
  2. Create RAM User with Programmatic Access
  3. Manage RAM User Groups
  4. Create and Manage Custom Policy
  5. Create RAM Role for Cross-Account Access
  6. Create RAM Role for Alibaba Cloud Service
  7. Setup MFA for RAM User
  8. Safely Delete RAM User (Clean Dependencies)
  9. Configure Account Security Settings

Reference Loading Guide

Load references on demand based on the task:

  • Getting startedreferences/quickstart.md
  • User operationsreferences/user.md
  • Group operationsreferences/group.md
  • Role operationsreferences/role.md
  • Policy operationsreferences/policy.md
  • AccessKey operationsreferences/accesskey.md
  • Security/MFA/Loginreferences/security.md
  • Account/Tagsreferences/account.md
  • End-to-end workflowsreferences/workflows.md

> related_skills --same-repo

> alicloud-vpc

Manage Alibaba Cloud VPC networking using the @alicloud/vpc20160428 TypeScript SDK. Use when working with virtual private clouds, VSwitches, route tables, EIPs, NAT gateways, VPN gateways, Express Connect, BGP routing, network ACLs, flow logs, traffic mirroring, IPv6, HAVIP, gateway endpoints, and resource tagging. Covers all 396 APIs of the VPC 20160428 version.

> alicloud-redis

Manage Alibaba Cloud Redis (Tair / R-KVStore) using the @alicloud/r-kvstore20150101 TypeScript SDK. Use when working with Redis or Tair instances, accounts, backups, security (whitelist/SSL/TDE/audit), parameters, monitoring, cluster scaling, direct connection, Tair Custom instances, and resource tagging. Covers all 157 APIs of the R-KVStore 20150101 version.

> alicloud-rds

Manage Alibaba Cloud RDS using the @alicloud/rds20140815 TypeScript SDK. Use when working with relational database instances (MySQL, PostgreSQL, SQL Server, MariaDB), accounts, databases, backups, security, monitoring, parameters, read-only instances, database proxy, migration, cross-region DR, PostgreSQL extensions, RDS Custom instances, and resource tagging. Covers all 398 APIs of the RDS 20140815 version.

> alicloud-oss

alicloud-oss skill from agents-infrastructure/alicloud-agent-skills

┌ stats

installs/wk0
░░░░░░░░░░
github stars2
░░░░░░░░░░
first seenMar 17, 2026
└────────────

┌ repo

agents-infrastructure/alicloud-agent-skills
by agents-infrastructure
└────────────

┌ tags

#agent#devops
└────────────