AI Agent Skill HUB

Alibaba Cloud RAM (Resource Access Management) Skill

Manage Alibaba Cloud Resource Access Management (RAM) using the @alicloud/ram20150501 TypeScript SDK. Use when working with identity and access control on Alibaba Cloud, including RAM users, user groups, roles, policies, AccessKeys, MFA devices, login profiles, password policies, security preferences, account aliases, and resource tagging. Covers all 66 APIs of the RAM 20150501 version.

25 stars
byComeOnOliver
View on GitHubInstallation ↓

Best use case

Alibaba Cloud RAM (Resource Access Management) Skill is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Manage Alibaba Cloud Resource Access Management (RAM) using the @alicloud/ram20150501 TypeScript SDK. Use when working with identity and access control on Alibaba Cloud, including RAM users, user groups, roles, policies, AccessKeys, MFA devices, login profiles, password policies, security preferences, account aliases, and resource tagging. Covers all 66 APIs of the RAM 20150501 version.

Teams using Alibaba Cloud RAM (Resource Access Management) Skill should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/alicloud-ram/SKILL.md --create-dirs "https://raw.githubusercontent.com/ComeOnOliver/skillshub/main/skills/agents-infrastructure/alicloud-agent-skills/alicloud-ram/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/alicloud-ram/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How Alibaba Cloud RAM (Resource Access Management) Skill Compares

Feature / AgentAlibaba Cloud RAM (Resource Access Management) SkillStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Manage Alibaba Cloud Resource Access Management (RAM) using the @alicloud/ram20150501 TypeScript SDK. Use when working with identity and access control on Alibaba Cloud, including RAM users, user groups, roles, policies, AccessKeys, MFA devices, login profiles, password policies, security preferences, account aliases, and resource tagging. Covers all 66 APIs of the RAM 20150501 version.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Alibaba Cloud RAM (Resource Access Management) Skill

Manage Alibaba Cloud Resource Access Management (RAM) using the @alicloud/ram20150501 TypeScript SDK. Use when working with identity and access control on Alibaba Cloud, including RAM users, user groups, roles, policies, AccessKeys, MFA devices, login profiles, password policies, security preferences, account aliases, and resource tagging. Covers all 66 APIs of the RAM 20150501 version.

## Metadata

- **SDK Package**: `@alicloud/ram20150501`
- **API Version**: `2015-05-01`
- **Endpoint**: `ram.aliyuncs.com` (global service, no regionId needed)
- **API Style**: RPC
- **Total APIs**: 66
- **Functional Domains**: 7

## Prerequisites

```bash
npm install @alicloud/ram20150501 @alicloud/openapi-client @alicloud/credentials
```

Environment variables:

```bash
export ALIBABA_CLOUD_ACCESS_KEY_ID="your-access-key-id"
export ALIBABA_CLOUD_ACCESS_KEY_SECRET="your-access-key-secret"
```

## Client Initialization

```typescript
import Ram20150501, * as $_model from '@alicloud/ram20150501';
import * as $OpenApi from '@alicloud/openapi-client';
import Credential from '@alicloud/credentials';

const cred = new Credential();
const config = new $OpenApi.Config({ credential: cred });
config.endpoint = 'ram.aliyuncs.com';
const client = new Ram20150501(config);
```

> **Reusable factory**: See `scripts/setup_client.ts` for production-ready client creation with AK/STS support.

## API Functional Domains

| Domain | APIs | Reference | Description |
|--------|------|-----------|-------------|
| RAM User | 9 | `references/user.md` | Create, query, update, delete RAM users; attach/detach policies; query MFA info |
| RAM User Group | 12 | `references/group.md` | Create, manage groups; add/remove users; attach/detach group policies |
| RAM Role | 8 | `references/role.md` | Create, manage roles (cross-account, service); attach/detach role policies |
| Policy | 13 | `references/policy.md` | Create custom policies; manage versions; set default version; password policy |
| AccessKey | 5 | `references/accesskey.md` | Create, delete, enable/disable AccessKey pairs; query last used time |
| Security & Login | 12 | `references/security.md` | Login profiles; MFA devices; password change; security preferences |
| Account & Tag | 7 | `references/account.md` | Account alias; resource tagging; diagnostic message decoding |

## Quick Examples

### Create a RAM User

```typescript
const result = await client.createUser(new $_model.CreateUserRequest({
  userName: 'alice',
  displayName: 'Alice',
}));
console.log(result.body.user);
```

### Attach a System Policy to User

```typescript
await client.attachPolicyToUser(new $_model.AttachPolicyToUserRequest({
  userName: 'alice',
  policyName: 'AliyunECSReadOnlyAccess',
  policyType: 'System',
}));
```

### Create a RAM Role for Service

```typescript
await client.createRole(new $_model.CreateRoleRequest({
  roleName: 'FCAccessOSSRole',
  assumeRolePolicyDocument: JSON.stringify({
    Statement: [{
      Action: 'sts:AssumeRole',
      Effect: 'Allow',
      Principal: { Service: ['fc.aliyuncs.com'] },
    }],
    Version: '1',
  }),
}));
```

### Create a Custom Policy

```typescript
await client.createPolicy(new $_model.CreatePolicyRequest({
  policyName: 'MyBucketReadOnly',
  policyDocument: JSON.stringify({
    Version: '1',
    Statement: [{
      Effect: 'Allow',
      Action: ['oss:GetObject', 'oss:ListObjects'],
      Resource: ['acs:oss:*:*:my-bucket', 'acs:oss:*:*:my-bucket/*'],
    }],
  }),
}));
```

### List All Users

```typescript
const result = await client.listUsers(new $_model.ListUsersRequest({}));
for (const user of result.body.users?.user || []) {
  console.log(user.userName, user.displayName);
}
```

## Key Patterns

### Policy Types

- `System`: Predefined by Alibaba Cloud (e.g., `AliyunECSFullAccess`, `AliyunOSSReadOnlyAccess`)
- `Custom`: User-created policies with JSON policy documents

### Role Trust Policy Principals

```typescript
// Trust another Alibaba Cloud account
{ Principal: { RAM: ['acs:ram::123456789012****:root'] } }

// Trust an Alibaba Cloud service
{ Principal: { Service: ['fc.aliyuncs.com'] } }

// Trust an external IdP (SAML)
{ Principal: { Federated: ['acs:ram::123456789012****:saml-provider/MyIdP'] } }
```

### Safe Deletion Pattern

Before deleting a RAM user, you must:
1. Detach all policies (`detachPolicyFromUser`)
2. Remove from all groups (`removeUserFromGroup`)
3. Delete all AccessKeys (`deleteAccessKey`)
4. Unbind MFA device (`unbindMFADevice`)
5. Delete login profile (`deleteLoginProfile`)
6. Then delete the user (`deleteUser`)

See `references/workflows.md` → Workflow 8 for complete code.

## Common Workflows

See `references/workflows.md` for complete code examples:

1. Create RAM User with Console Access
2. Create RAM User with Programmatic Access
3. Manage RAM User Groups
4. Create and Manage Custom Policy
5. Create RAM Role for Cross-Account Access
6. Create RAM Role for Alibaba Cloud Service
7. Setup MFA for RAM User
8. Safely Delete RAM User (Clean Dependencies)
9. Configure Account Security Settings

## Reference Loading Guide

Load references on demand based on the task:

- **Getting started** → `references/quickstart.md`
- **User operations** → `references/user.md`
- **Group operations** → `references/group.md`
- **Role operations** → `references/role.md`
- **Policy operations** → `references/policy.md`
- **AccessKey operations** → `references/accesskey.md`
- **Security/MFA/Login** → `references/security.md`
- **Account/Tags** → `references/account.md`
- **End-to-end workflows** → `references/workflows.md`

Related Skills

cursor-context-management

25
from ComeOnOliver/skillshub

Optimize context window usage in Cursor with @-mentions, context pills, and conversation strategy. Triggers on "cursor context", "context window", "context limit", "cursor memory", "context management", "@-mentions", "context pills".

cursor-api-key-management

25
from ComeOnOliver/skillshub

Configure BYOK API keys for OpenAI, Anthropic, Google, Azure, and custom models in Cursor. Triggers on "cursor api key", "cursor openai key", "cursor anthropic key", "own api key cursor", "BYOK cursor", "cursor azure key".

cloudwatch-alarm-creator

25
from ComeOnOliver/skillshub

Cloudwatch Alarm Creator - Auto-activating skill for AWS Skills. Triggers on: cloudwatch alarm creator, cloudwatch alarm creator Part of the AWS Skills skill category.

cloudfront-distribution-setup

25
from ComeOnOliver/skillshub

Cloudfront Distribution Setup - Auto-activating skill for AWS Skills. Triggers on: cloudfront distribution setup, cloudfront distribution setup Part of the AWS Skills skill category.

cloudformation-template-creator

25
from ComeOnOliver/skillshub

Cloudformation Template Creator - Auto-activating skill for AWS Skills. Triggers on: cloudformation template creator, cloudformation template creator Part of the AWS Skills skill category.

cloud-tasks-queue-setup

25
from ComeOnOliver/skillshub

Cloud Tasks Queue Setup - Auto-activating skill for GCP Skills. Triggers on: cloud tasks queue setup, cloud tasks queue setup Part of the GCP Skills skill category.

cloud-sql-instance-setup

25
from ComeOnOliver/skillshub

Cloud Sql Instance Setup - Auto-activating skill for GCP Skills. Triggers on: cloud sql instance setup, cloud sql instance setup Part of the GCP Skills skill category.

cloud-security-posture

25
from ComeOnOliver/skillshub

Cloud Security Posture - Auto-activating skill for Security Advanced. Triggers on: cloud security posture, cloud security posture Part of the Security Advanced skill category.

cloud-scheduler-job-creator

25
from ComeOnOliver/skillshub

Cloud Scheduler Job Creator - Auto-activating skill for GCP Skills. Triggers on: cloud scheduler job creator, cloud scheduler job creator Part of the GCP Skills skill category.

cloud-run-service-config

25
from ComeOnOliver/skillshub

Cloud Run Service Config - Auto-activating skill for GCP Skills. Triggers on: cloud run service config, cloud run service config Part of the GCP Skills skill category.

cloud-monitoring-alert

25
from ComeOnOliver/skillshub

Cloud Monitoring Alert - Auto-activating skill for GCP Skills. Triggers on: cloud monitoring alert, cloud monitoring alert Part of the GCP Skills skill category.

cloud-logging-sink-setup

25
from ComeOnOliver/skillshub

Cloud Logging Sink Setup - Auto-activating skill for GCP Skills. Triggers on: cloud logging sink setup, cloud logging sink setup Part of the GCP Skills skill category.