全部产品
弹性计算 会员服务 网络 安全 移动云 数加·大数据分析及展现 数加·大数据应用 管理与监控 云通信 阿里云办公 培训与认证 更多
存储与CDN 数据库 域名与网站(万网) 应用服务 数加·人工智能 数加·大数据基础服务 互联网中间件 视频服务 开发者工具 解决方案 物联网 智能硬件
专有网络 VPC

RAM鉴权

更新时间:2018-04-07 15:49:53

在使用RAM账号调用VPC API前,需要主账号通过创建授权策略对RAM账号进行授权。在授权策略中,使用资源描述符(Alibaba Cloud Resource Name, ARN)指定授权资源。

本文档介绍了VPC中可授权的资源和资源描述。

可授权的VPC资源

下表列举了VPC中可授权的资源及其描述方式:

资源 资源描述
专有网络(VPC) acs:vpc:$regionid:$accountid:vpc/$vpcid
acs:vpc:$regionid:$accountid:vpc/*
acs:vpc:*:$accountid:vpc/*
路由器(VRouter) acs:vpc:$regionid:$accountid:vrouter/$vrouterid
acs:vpc:$regionid:$accountid:vrouter/*
acs:vpc:*:$accountid:vrouter/*
交换机(VSwitch) acs:vpc:$regionid:$accountid:vswitch/$vswitchid
acs:vpc:$regionid:$accountid:vswitch/*
acs:vpc:*:$accountid:vswitch/*
路由表(Route Table) acs:vpc:$regionid:$accountid:routetable/$routetableid
acs:vpc:$regionid:$accountid:routetable/*
acs:vpc:*:$accountid:routetable/*
高可用IP (HaVip) acs:vpc:$regionid:$accountid:havip/$havipid
acs:vpc:$regionid:$accountid:havip/*
acs:vpc:*:$accountid:havip/*
弹性公网IP(EIP) acs:vpc:$regionid:$accountid:eip/$allocationid
acs:vpc:$regionid:$accountid:eip/*
acs:vpc:*:$accountid:eip/*
NAT网关(NAT Gateway) acs:vpc:$regionid:$accountid:natgateway/$natgatewayid
acs:vpc:$regionid:$accountid:natgateway/*
acs:vpc*:$accountid:vpc/*
NAT网关带宽包(NAT Gateway Bandwidth Package) acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid
acs:vpc:$regionid:$accountid:bandwidthpackage/*
acs:vpc:*:$accountid:vpc/*
端口转发表(Forward Table) acs:vpc:$regionid:$accountid:forwardtable/$forwardtableid
acs:vpc:$regionid:$accountid:forwardtable/*
acs:vpc:*:$accountid:vpc/*
SNAT表(SNAT Table) acs:vpc:$regionid:$accountid:snattable/$snattableid
acs:vpc:$regionid:$accountid:snattable/*
acs:vpc:*:$accountid:vpc/*
用户网关(Customer Gateway) acs:vpc:$regionid:$accountid:customergateway/$customergatewayid
acs:vpc:$regionid:$accountid:customergateway/*
acs:vpc:*:$accountid:customergateway/*
IPsec连接(IPsec Connection) acs:vpc:$regionid:$accountid:vpnconnection/$vpnconnectionid
acs:vpc:$regionid:$accountid:vpnconnection/*
acs:vpc:*:$accountid:vpnconnection/*
VPN网关(VPN Gateway) acs:vpc:$regionid:$accountid:vpngateway/$vpngatewayid
acs:vpc:$regionid:$accountid:vpngateway/*
acs:vpc:*:$accountid:vpngateway/*
全球加速实例(Global Acceleration Instance) acs:vpc:$regionid:$accountid: globalaccelerationinstance /$ globalaccelerationinstanceid
acs:vpc:$regionid:$accountid: globalaccelerationinstance /
acs:vpc:
:$accountid: globalaccelerationinstance /*
通用资源 acs:vpc:$regionid:$accountid:*
acs:vpc:*:$accountid:*

可授权的VPC接口

下表列举了VPC中可授权的API及其描述方式。

API ARN format
vpc:CreateVpc acs:vpc:$regionid:$accountid:vpc/*
vpc:DeleteVpc acs:vpc:$regionid:$accountid:vpc/$vpcid
vpc:DescribeVpcs acs:vpc:$regionid:$accountid:vpc/*
vpc:ModifyVpcAttribute acs:vpc:$regionid:$accountid:vpc/$vpcid
vpc:DescribeVRouters acs:vpc:$regionid:$accountid:vrouter/*
VRouterId specified:
“vpc:Vpc”:”acs:vpc:$regionid:$accountid:vpc/$vpcid”
VRouterId not specified:
“vpc:Vpc”:”acs:vpc:$regionid:$accountid:vpc/*”
vpc:ModifyVRouterAttribute acs:vpc:$regionid:$accountid:vrouter/$vrouterid
vpc:CreateVSwitch acs:vpc:$regionid:$accountid:vswitch/*
acs:vpc:$regionid:$accountid:vpc/$vpcid
vpc:DeleteVSwitch acs:vpc:$regionid:$accountid:vswitch/$vswitchid
vpc:DescribeVSwitches acs:vpc:$regionid:$accountid:vswitch/*
“vpc:Vpc”:”acs:vpc:$regionid:$accountid:vpc/$vpcid”
vpc:ModifyVSwitchAttribute acs:vpc:$regionid:$accountid:vswitch/$vswitchid
vpc:CreateRouteEntry acs:vpc:$regionid:$accountid:routetable/$routetableid
vpc:DeleteRouteEntry acs:vpc:$regionid:$accountid:routetable/$routetableid
vpc:DescribeRouteTables acs:vpc:$regionid:$accountid:routetable/*
The route table in VRouter:
“vpc:VRouter”:”acs:vpc$regionid:$accountid:vrouter/$vrouterid”
vpc:CreateHaVip acs:vpc:$regionid:$accountid:havip/*
acs:vpc:$regionid:$accountid:vswitch/$vswitchid
vpc:DeleteHaVip acs:vpc:$regionid:$accountid:havip/$havipid
vpc:AssociateHaVip acs:vpc:$regionid:$accountid:havip/$havipid
acs:ecs:$regionid:$accountid:instance/$instanceid
vpc:UnassociateHaVip acs:vpc:$regionid:$accountid:havip/$havipid
acs:ecs:$regionid:$accountid:instance/$instanceid
vpc:DescribeHaVips acs:vpc:$regionid:$accountid:havip/*
vpc:AllocateEipAddress acs:vpc:$regionid:$accountid:eip/*
vpc:AssociateEipAddres The InstanceType is EcsInstance:
acs:vpc:$regionid:$accountid:eip/$allocationid
acs:ecs:$regionid:$accountid:instance/$instanceid
The InstanceType is HaVip:
acs:vpc:$regionid:$accountid:eip/$allocationid
acs:vpc:$regionid:$accountid:havip/$havipid
vpc:DescribeEipAddresses acs:vpc:$regionid:$accountid:eip/*
vpc:ModifyEipAddressAttribute acs:vpc:$regionid:$accountid:eip/$allocationid
vpc:UnassociateEipAddress The InstanceType is EcsInstance:
acs:vpc:$regionid:$accountid:eip/$allocationid
acs:ecs:$regionid:$accountid:instance/$instanceid
The InstanceType is HaVip:
acs:vpc:$regionid:$accountid:eip/$allocationid
acs:vpc:$regionid:$accountid:havip/$havipid
vpc:ReleaseEipAddress acs:vpc:$regionid:$accountid:eip/$allocationid
vpc:DescribeEipMonitorData acs:vpc:$regionid:$accountid:eip/$allocationid
CreaeNatGateway acs:vpc:$regionid:$accountid:natgateway/*
DescribeNatGateways Query the specified NAT gateway:
acs:vpc:$regionid:$accountid:natgateway/$natgatewayid
Query the list of NAT gateways:
acs:vpc:$regionid:$accountid:natgateway/*
ModifyNatGatewaySpec acs:vpc:$regionid:$accountid:natgateway/$natgatewayid
ModifyNatGatewayAttribute acs:vpc:$regionid:$accountid:natgateway/$natgatewayid
DeleteNatGateway acs:vpc:$regionid:$accountid:natgateway/$natgatewayid
CreateBandwidthPackage acs:vpc:$regionid:$accountid:bandwidthpackage/*
DescribeBandwidthPackages Query the specified bandwidth package:
acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid
Query the list of bandwidth packages:
acs:vpc:$regionid:$accountid:bandwidthpackage/*
ModifyBandwidthPackageSpec acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid
ModifyBandwidthPackageAttribute acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid
AddBandwidthPackageIps acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid
RemoveBandwidthPackageIps acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid
DeleteBandwidthPackage acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid
CreateForwardEntry acs:vpc:$regionid:$accountid:forwardtable/$forwardtableid
DeleteForwardEntry acs:vpc:$regionid:$accountid:forwardtable/$forwardtableid
ModifyForwardEntry acs:vpc:$regionid:$accountid:forwardtable/$forwardtableid
DescribeForwardTableEntries acs:vpc:$regionid:$accountid:forwardtable/$forwardtableid
CreateSnatEntry acs:vpc:$regionid:$accountid:snattable/*
ModifySnatEntry acs:vpc:$regionid:$accountid:snattable/$snattableid
DescribeSnatTableEntries acs:vpc:$regionid:$accountid:snattable/$snattableid
DeleteSnatEntry acs:vpc:$regionid:$accountid:snattable/$snattableid
vpc:CreateCustomerGateway acs:vpc:$regionid:$accountid:customergateway/*
vpc:DeleteCustomerGateway acs:vpc:$regionid:$accountid:customergateway/$customergatewayid
vpc:DescribeCustomerGateway acs:vpc:$regionid:$accountid:customergateway/$customergatewayid
vpc:DescribeCustomerGateways acs:vpc:$regionid:$accountid:customergateway/*
vpc:ModifyCustomerGatewayAttribute acs:vpc:$regionid:$accountid:customergateway/$customergatewayid
vpc:CreateVpnConnection acs:vpc:$regionid:$accountid:vpnconnection/*
vpc:DeleteVpnConnection acs:vpc:$regionid:$accountid:vpnconnection/$vpnconnectionid
vpc:DescribeVpnConnection acs:vpc:$regionid:$accountid:vpnconnection/$vpnconnectionid
vpc:DescribeVpnConnections acs:vpc:$regionid:$accountid:vpnconnection/*
vpc:ModifyVpnConnectionAttribute acs:vpc:$regionid:$accountid:vpnconnection/$vpnconnectionid
vpc:DownloadVpnConnectionConfig acs:vpc:$regionid:$accountid:vpnconnection/$vpnconnectionid
vpc:DeleteVpnGateway acs:vpc:$regionid:$accountid:vpngateway/$vpngatewayid
vpc:DescribeVpnGateway acs:vpc:$regionid:$accountid:vpngateway/$vpngatewayid
vpc:DescribeVpnGateways acs:vpc:$regionid:$accountid:vpngateway/*
vpc:ModifyVpnGatewayAttribute acs:vpc:$regionid:$accountid:vpngateway/$vpngatewayid
vpc:CreateGlobalAccelerationInstance acs:vpc:$regionid:$accountid:globalaccelerationinstance/*
vpc:AssociateGlobalAccelerationInstance acs:vpc:$regionid:$accountid:globalaccelerationinstance/$globalaccelerationinstanceid
acs:ecs:$regionid:$accountid:instance/$instanceid
vpc:UnassociateGlobalAccelerationInstance acs:vpc:$regionid:$accountid:globalaccelerationinstance/$globalaccelerationinstanceid
vpc:ModifyGlobalAccerlationInstanceSpec acs:vpc:$regionid:$accountid:globalaccelerationinstance/$globalaccelerationinstanceid
vpc:ModifyGlobalAccerlationInstanceAttributes acs:vpc:$regionid:$accountid:globalaccelerationinstance/$globalaccelerationinstanceid
vpc:DeleteGlobalAccelerationInstance acs:vpc:$regionid:$accountid:globalaccelerationinstance/$globalaccelerationinstanceid
vpc:DescribeGlobalAccelerationInstances acs:vpc:$regionid:$accountid:globalaccelerationinstance/*
vpc:DescribeServerRelatedGlobalAccelerationInstances acs:vpc:$regionid:$accountid:globalaccelerationinstance/*
acs:ecs:$regionid:$accountid:instance/$instanceid
本文导读目录