SFTP Gateway Support

3.0

Configuring your RAM Role

Overview

This article goes over how to set up SFTP Gateway to Use an instance-attached RAM role, otherwise known as an Instance Identity.

Cloud Connections can then use this Identity, instead of using unique credentials, which are an Access Key & Secret from a RAM user with permissions to OSS.

Configure Instance Profile Credentials

The permissions for the instance-attached RAM role are linked to the RAM Role of the instance. Since permissions to OSS are required for SFTP Gateway to function properly, you should always be able to use the instance-attached RAM role.

To create a RAM Role with permission to OSS, in the Alibaba console, go to the Resource Access Management (RAM) service.

Then, on the left side-bar menu, go to the Roles section and click Create Role.

For step 1. Select Role Type, choose the Alibaba Cloud Service trusted entity and click Next.

For step 2. Configure Role, create a RAM Role Name and select OSS as the trusted service, then click OK.

Now that your role has been created, select Add Permissions to RAM Role and under the Permissions tab for the role, select Grant Permission.

Under System Policy, search for OSS and select the AliyunOSSFullAccess role, then click OK & Complete.

Assign this role to your SFTP Gateway instance, and it will now have permission to OSS.

Getting Started with SFTP Gateway 3.xNext