在使用RAM用户(子账号)调用网络型负载均衡NLB API前,需要阿里云账号(主账号)通过创建授权策略对RAM账号进行授权。在授权策略中,使用资源描述符ARN(Alibaba Cloud Resource Name)指定授权资源。
本文用到的字段含义如下,请在使用时替换为实际值。
- <regionId>:地域ID。
- <accountId>:阿里云账号ID。
- <LoadBalancerId>:NLB实例ID。
- <ListenerId>:监听ID。
- <ServerGroupId>:服务器组ID。
- <SecurityPolicyId>:安全策略TLS ID。
可授权的NLB接口
下表列举了RAM可授权NLB中的操作(Action)和资源(Resource)。
| Action | Resource |
|---|---|
| CreateLoadBalancer | acs:nlb:{#regionId}:{#accountId}:loadbalancer/* |
| DeleteLoadBalancer | acs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId} |
| UpdateLoadBalancerAttribute | acs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId} |
| UpdateLoadBalancerAddressTypeConfig | acs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId} |
| UpdateLoadBalancerZones | acs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId} |
| GetLoadBalancerAttribute | acs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId} |
| ListLoadBalancers | acs:nlb:{#regionId}:{#accountId}:loadbalancer/* |
| AttachCommonBandwidthPackageToLoadBalancer | acs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId} |
| DetachCommonBandwidthPackageFromLoadBalancer | acs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId} |
| EnableLoadBalancerIpv6Internet | acs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId} |
| DisableLoadBalancerIpv6Internet | acs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId} |
| Action | Resource |
|---|---|
| CreateListener | acs:nlb:{#regionId}:{#accountId}:listener/* |
| DeleteListener | acs:nlb:{#regionId}:{#accountId}:listener/{#ListenerId} |
| ListListeners | acs:nlb:{#regionId}:{#accountId}:listener/* |
| UpdateListenerAttribute | acs:nlb:{#regionId}:{#accountId}:listener/{#ListenerId} |
| StartListener | acs:nlb:{#regionId}:{#accountId}:listener/{#ListenerId} |
| StopListener | acs:nlb:{#regionId}:{#accountId}:listener/{#ListenerId} |
| GetListenerAttribute | acs:nlb:{#regionId}:{#accountId}:listener/{#ListenerId} |
| GetListenerHealthStatus | acs:nlb:{#regionId}:{#accountId}:listener/{#ListenerId} |
| Action | Resource |
|---|---|
| CreateServerGroup | acs:nlb:{#regionId}:{#accountId}:servergroup/* |
| DeleteServerGroup | acs:nlb:{#regionId}:{#accountId}:servergroup/{#ServerGroupId} |
| UpdateServerGroupAttribute | acs:nlb:{#regionId}:{#accountId}:servergroup/{#ServerGroupId} |
| AddServersToServerGroup | acs:nlb:{#regionId}:{#accountId}:servergroup/{#ServerGroupId} |
| RemoveServersFromServerGroup | acs:nlb:{#regionId}:{#accountId}:servergroup/{#ServerGroupId} |
| UpdateServerGroupServersAttribute | acs:nlb:{#regionId}:{#accountId}:servergroup/{#ServerGroupId} |
| ListServerGroups |
|
| ListServerGroupServers | acs:nlb:{#regionId}:{#accountId}:servergroup/{#ServerGroupId} |
| Action | Resource |
|---|---|
| CreateSecurityPolicy | acs:nlb:{#regionId}:{#accountId}:securitypolicy/* |
| UpdateSecurityPolicyAttribute |
|
| ListSecurityPolicy | acs:nlb:{#regionId}:{#accountId}:securitypolicy/* |
| DeleteTLSCipherPolicy | acs:nlb:{#regionId}:{#accountId}:securitypolicy/{#SecurityPolicyId} |
| DeleteSecurityPolicy | acs:nlb:{#regionId}:{#accountId}:securitypolicy/{#SecurityPolicyId} |
| Action | Resource |
|---|---|
| GetJobStatus | acs:nlb::{#accountId}:* |