{"id":7919,"library":"alibabacloud-ram20150501","title":"Alibaba Cloud Resource Access Management (RAM) SDK for Python","description":"The `alibabacloud-ram20150501` library is the official Python SDK for interacting with Alibaba Cloud's Resource Access Management (RAM) service, allowing developers to programmatically manage users, groups, roles, and access policies. It is part of the broader Alibaba Cloud Python SDK ecosystem. The current version is 1.2.1, and the library is actively maintained with regular updates.","status":"active","version":"1.2.1","language":"en","source_language":"en","source_url":"https://github.com/aliyun/alibabacloud-python-sdk","tags":["aliyun","alibaba cloud","ram","sdk","cloud security","iam"],"install":[{"cmd":"pip install alibabacloud-ram20150501","lang":"bash","label":"Install using pip"}],"dependencies":[{"reason":"Core utility functions for Alibaba Cloud SDKs.","package":"alibabacloud-tea-util","optional":false},{"reason":"OpenAPI models and client for Alibaba Cloud SDKs.","package":"alibabacloud-tea-openapi","optional":false},{"reason":"Credential management for authenticating with Alibaba Cloud services.","package":"alibabacloud-credentials","optional":false}],"imports":[{"note":"This is the main client class for interacting with RAM.","symbol":"Client","correct":"from alibabacloud_ram20150501.client import Client"},{"note":"Contains request and response models for RAM API operations.","symbol":"models","correct":"from alibabacloud_ram20150501 import models as ram_20150501_models"},{"note":"Used to configure the SDK client, including endpoint and credentials.","symbol":"Config","correct":"from alibabacloud_tea_openapi.models import Config"},{"note":"Helper for robust credential management, often picking up from environment variables.","symbol":"CredentialClient","correct":"from alibabacloud_credentials.client import Client as CredentialClient"},{"note":"Allows specifying runtime options for API calls, like timeout or retry settings.","symbol":"RuntimeOptions","correct":"from alibabacloud_tea_util.models import RuntimeOptions"}],"quickstart":{"code":"import os\nimport json\nfrom alibabacloud_ram20150501.client import Client as Ram20150501Client\nfrom alibabacloud_credentials.client import Client as CredentialClient\nfrom alibabacloud_tea_openapi.models import Config as OpenApiConfig\nfrom alibabacloud_ram20150501 import models as ram_20150501_models\nfrom alibabacloud_tea_util.models import RuntimeOptions\n\n# It is highly recommended to use environment variables for AccessKey credentials\n# For example:\n# export ALIBABA_CLOUD_ACCESS_KEY_ID='your_access_key_id'\n# export ALIBABA_CLOUD_ACCESS_KEY_SECRET='your_access_key_secret'\n\n# Configure Client\n# The CredentialClient will automatically pick up credentials from environment variables\n# or other configured sources.\ncredential = CredentialClient()\nconfig = OpenApiConfig(\n    credential=credential,\n    endpoint='ram.aliyuncs.com' # Specify the appropriate endpoint for RAM\n)\n\n# Initialize the RAM client\nclient = Ram20150501Client(config)\n\n# Example: Create a user request\ncreate_user_request = ram_20150501_models.CreateUserRequest(\n    user_name='example_ram_user_py_sdk',\n    display_name='Example RAM User Python SDK',\n    comments='Created by Python SDK quickstart'\n)\n\n# Set runtime options (optional)\nruntime_options = RuntimeOptions()\n\ntry:\n    # Call the CreateUser API\n    response = client.create_user_with_options(create_user_request, runtime_options)\n    print(\"Successfully created RAM user:\")\n    print(json.dumps(response.to_map(), indent=2, default=str))\nexcept Exception as error:\n    print(f\"Error creating RAM user: {error.message}\")\n    if hasattr(error, 'data') and error.data.get('Recommend'):\n        print(f\"Recommendation: {error.data.get('Recommend')}\")\n\n# Clean up (optional: delete the created user)\n# Uncomment and provide the actual user_name to delete\n# delete_user_request = ram_20150501_models.DeleteUserRequest(\n#     user_name='example_ram_user_py_sdk'\n# )\n# try:\n#     client.delete_user_with_options(delete_user_request, runtime_options)\n#     print(f\"Successfully deleted RAM user: {'example_ram_user_py_sdk'}\")\n# except Exception as error:\n#     print(f\"Error deleting RAM user: {error.message}\")\n","lang":"python","description":"This quickstart demonstrates how to initialize the `alibabacloud-ram20150501` client and create a new RAM user. It's recommended to configure your Alibaba Cloud AccessKey ID and Secret as environment variables (`ALIBABA_CLOUD_ACCESS_KEY_ID`, `ALIBABA_CLOUD_ACCESS_KEY_SECRET`). The `CredentialClient` will automatically pick these up for secure authentication. Replace `'your_value'` placeholders with actual data when using other APIs."},"warnings":[{"fix":"Create a dedicated RAM user, grant only necessary permissions, and use that RAM user's AK/SK. Configure credentials via environment variables (`ALIBABA_CLOUD_ACCESS_KEY_ID`, `ALIBABA_CLOUD_ACCESS_KEY_SECRET`) or an SDK credential file.","message":"Avoid using your Alibaba Cloud root account's AccessKey (AK) and SecretKey (SK) directly in applications. Always create and use a RAM user with appropriate, least-privilege permissions for enhanced security.","severity":"gotcha","affected_versions":"All"},{"fix":"After creating a RAM user, explicitly attach authorization policies (system or custom) to grant the necessary permissions for the operations your application needs to perform.","message":"By default, new RAM users have no permissions. Any API calls will result in `AccessDenied` errors if the RAM user is not explicitly granted the required permissions.","severity":"breaking","affected_versions":"All"},{"fix":"Always explicitly set the `config.endpoint` to the correct service endpoint for the region you intend to operate in. Refer to the Alibaba Cloud documentation for service-specific endpoints.","message":"Incorrect or missing endpoint configuration can lead to connection errors or requests being sent to the wrong region/service. While `ram.aliyuncs.com` is a common endpoint, specific regions might have their own.","severity":"gotcha","affected_versions":"All"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Use the AccessKey pair of a RAM user (who has `AliyunSTSAssumeRoleAccess` permission) instead of the root account.","cause":"Attempting to use the Alibaba Cloud root account's AccessKey to assume an STS role, which is not allowed.","error":"ErrorCode: NoPermission ErrorMessage: Roles may not be assumed by root accounts."},{"fix":"Verify the AccessKey ID for accuracy, ensure it's active in the RAM console, and remove any extra spaces.","cause":"The provided AccessKey ID is incorrect, has leading/trailing spaces, or the AccessKey is disabled or non-existent.","error":"Error code: InvalidAccessKeyId.NotFound Error message: Specified access key is not found"},{"fix":"Consult the API documentation for the method being called (`ram_20150501_models.YourRequestClass`) and ensure all mandatory fields are populated.","cause":"A required parameter for the specific API operation was not provided in the request object.","error":"MissingParameter, The input parameter “parameter name” that is mandatory for processing this request is not supplied."},{"fix":"Ensure your `ALIBABA_CLOUD_ACCESS_KEY_ID` and `ALIBABA_CLOUD_ACCESS_KEY_SECRET` environment variables are correctly set and valid. Verify that the RAM user associated with the AccessKey has the necessary permissions.","cause":"The authentication token is missing, incorrect, expired, or used improperly, preventing the SDK from authorizing the request.","error":"401 Authorization Failed"}]}