Alibaba Cloud Resource Access Management (RAM) SDK for Python

raw JSON →
1.2.1 verified Thu Apr 16 auth: no python

The `alibabacloud-ram20150501` library is the official Python SDK for interacting with Alibaba Cloud's Resource Access Management (RAM) service, allowing developers to programmatically manage users, groups, roles, and access policies. It is part of the broader Alibaba Cloud Python SDK ecosystem. The current version is 1.2.1, and the library is actively maintained with regular updates.

pip install alibabacloud-ram20150501

Common errors

error ErrorCode: NoPermission ErrorMessage: Roles may not be assumed by root accounts.
cause Attempting to use the Alibaba Cloud root account's AccessKey to assume an STS role, which is not allowed.
fix
Use the AccessKey pair of a RAM user (who has AliyunSTSAssumeRoleAccess permission) instead of the root account.
error Error code: InvalidAccessKeyId.NotFound Error message: Specified access key is not found
cause The provided AccessKey ID is incorrect, has leading/trailing spaces, or the AccessKey is disabled or non-existent.
fix
Verify the AccessKey ID for accuracy, ensure it's active in the RAM console, and remove any extra spaces.
error MissingParameter, The input parameter “parameter name” that is mandatory for processing this request is not supplied.
cause A required parameter for the specific API operation was not provided in the request object.
fix
Consult the API documentation for the method being called (ram_20150501_models.YourRequestClass) and ensure all mandatory fields are populated.
error 401 Authorization Failed
cause The authentication token is missing, incorrect, expired, or used improperly, preventing the SDK from authorizing the request.
fix
Ensure your ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET environment variables are correctly set and valid. Verify that the RAM user associated with the AccessKey has the necessary permissions.

Warnings

gotcha Avoid using your Alibaba Cloud root account's AccessKey (AK) and SecretKey (SK) directly in applications. Always create and use a RAM user with appropriate, least-privilege permissions for enhanced security.
fix Create a dedicated RAM user, grant only necessary permissions, and use that RAM user's AK/SK. Configure credentials via environment variables (`ALIBABA_CLOUD_ACCESS_KEY_ID`, `ALIBABA_CLOUD_ACCESS_KEY_SECRET`) or an SDK credential file.
breaking By default, new RAM users have no permissions. Any API calls will result in `AccessDenied` errors if the RAM user is not explicitly granted the required permissions.
fix After creating a RAM user, explicitly attach authorization policies (system or custom) to grant the necessary permissions for the operations your application needs to perform.
gotcha Incorrect or missing endpoint configuration can lead to connection errors or requests being sent to the wrong region/service. While `ram.aliyuncs.com` is a common endpoint, specific regions might have their own.
fix Always explicitly set the `config.endpoint` to the correct service endpoint for the region you intend to operate in. Refer to the Alibaba Cloud documentation for service-specific endpoints.

Imports

Quickstart

This quickstart demonstrates how to initialize the `alibabacloud-ram20150501` client and create a new RAM user. It's recommended to configure your Alibaba Cloud AccessKey ID and Secret as environment variables (`ALIBABA_CLOUD_ACCESS_KEY_ID`, `ALIBABA_CLOUD_ACCESS_KEY_SECRET`). The `CredentialClient` will automatically pick these up for secure authentication. Replace `'your_value'` placeholders with actual data when using other APIs.

import os
import json
from alibabacloud_ram20150501.client import Client as Ram20150501Client
from alibabacloud_credentials.client import Client as CredentialClient
from alibabacloud_tea_openapi.models import Config as OpenApiConfig
from alibabacloud_ram20150501 import models as ram_20150501_models
from alibabacloud_tea_util.models import RuntimeOptions

# It is highly recommended to use environment variables for AccessKey credentials
# For example:
# export ALIBABA_CLOUD_ACCESS_KEY_ID='your_access_key_id'
# export ALIBABA_CLOUD_ACCESS_KEY_SECRET='your_access_key_secret'

# Configure Client
# The CredentialClient will automatically pick up credentials from environment variables
# or other configured sources.
credential = CredentialClient()
config = OpenApiConfig(
    credential=credential,
    endpoint='ram.aliyuncs.com' # Specify the appropriate endpoint for RAM
)

# Initialize the RAM client
client = Ram20150501Client(config)

# Example: Create a user request
create_user_request = ram_20150501_models.CreateUserRequest(
    user_name='example_ram_user_py_sdk',
    display_name='Example RAM User Python SDK',
    comments='Created by Python SDK quickstart'
)

# Set runtime options (optional)
runtime_options = RuntimeOptions()

try:
    # Call the CreateUser API
    response = client.create_user_with_options(create_user_request, runtime_options)
    print("Successfully created RAM user:")
    print(json.dumps(response.to_map(), indent=2, default=str))
except Exception as error:
    print(f"Error creating RAM user: {error.message}")
    if hasattr(error, 'data') and error.data.get('Recommend'):
        print(f"Recommendation: {error.data.get('Recommend')}")

# Clean up (optional: delete the created user)
# Uncomment and provide the actual user_name to delete
# delete_user_request = ram_20150501_models.DeleteUserRequest(
#     user_name='example_ram_user_py_sdk'
# )
# try:
#     client.delete_user_with_options(delete_user_request, runtime_options)
#     print(f"Successfully deleted RAM user: {'example_ram_user_py_sdk'}")
# except Exception as error:
#     print(f"Error deleting RAM user: {error.message}")
last verified Thu Apr 16
next check Wed Jul 15