在私网连接中可进行RAM授权的资源类型和接口-阿里云帮助中心

在使用RAM账号调用私网连接API前，需要主账号通过创建授权策略对RAM账号进行授权。在授权策略中，使用资源描述符（Alibaba Cloud Resource Name, ARN）指定授权资源。

可授权的私网连接资源类型

下表列举了PrivateLink中可授权的资源及其描述方式，其中$regionid:$accountid:vpcendpoint/$endpointid 为具体的资源ID，*代表对应的所有资源。


资源类型	授权策略中的资源描述方法
终端节点服务（VpcEndpointService）	`acs:privatelink:$regionid:$accountid:vpcendpointservice/$serviceid`
	`acs:privatelink:$regionid:$accountid:vpcendpointservice/*`
	`acs:privatelink::$accountid:vpcendpointservice/`
终端节点（VpcEndpoint）	`acs:privatelink:$regionid:$accountid:vpcendpoint/$endpointid`
	`acs:privatelink:$regionid:$accountid:vpcendpoint/*`
	`acs:privatelink::$accountid:vpcendpoint/`

可授权的私网连接接口

下表列举了PrivateLink中可授权的API及其描述方式，其中$regionid:$accountid:vpcendpoint/$endpointid为具体的资源ID，*代表对应的所有资源。


API	资源描述
AddUserToVpcEndpointService	`acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/{#ServiceId}`
AttachResourceToVpcEndpointService	`acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/{#ServiceId}`
AttachResourceToVpcEndpointService	可选：`acs:slb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}`
AddZoneToVpcEndpoint	`acs:privatelink:{#regionId}:{#accountId}:vpcendpoint/{#EndpointId}`
AttachSecurityGroupToVpcEndpoint	`acs:privatelink:{#regionId}:{#accountId}:vpcendpoint/{#EndpointId}`
AttachSecurityGroupToVpcEndpoint	`acs:ecs:{#regionId}:{#accountId}:securitygroup/{#SecurityGroupId}`
CreateVpcEndpoint	`acs:privatelink:{#regionId}:{#accountId}:vpcendpoint/*`
	`acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`
	`acs:vpc:{#regionId}:{#accountId}:securitygroup/{#SecurityGroupId}`
	可选：`acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`
CreateVpcEndpointService	`acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/*`
CreateVpcEndpointService	可选：`acs:slb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}`
DeleteVpcEndpoint	`acs:privatelink:{#regionId}:{#accountId}:vpcendpoint/{#EndpointId}`
DeleteVpcEndpointService	`acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/{#ServiceId}`
DetachResourceFromVpcEndpointService	`acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/{#ServiceId}`
DetachSecurityGroupFromVpcEndpoint	`acs:privatelink:{#regionId}:{#accountId}:vpcendpoint/{#EndpointId}`
DisableVpcEndpointConnection	`acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/{#ServiceId}`
EnableVpcEndpointConnection	`acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/{#ServiceId}`
GetVpcEndpointAttribute	`acs:privatelink:{#regionId}:{#accountId}:vpcendpoint/{#EndpointId}`
GetVpcEndpointServiceAttribute	`acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/{#ServiceId}`
ListVpcEndpointConnections	`acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/*`
ListVpcEndpoints	`acs:privatelink:{#regionId}:{#accountId}:vpcendpoint/*`
ListVpcEndpointSecurityGroups	`acs:privatelink:{#regionId}:{#accountId}:vpcendpoint/{#EndpointId}`
ListVpcEndpointServiceResources	`acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/{#ServiceId}`
ListVpcEndpointServices	`acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/*`
ListVpcEndpointServiceUsers	`acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/{#ServiceId}`
ListVpcEndpointZones	`acs:privatelink:{#regionId}:{#accountId}:vpcendpoint/{#EndpointId}`
RemoveUserFromVpcEndpointService	`acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/{#ServiceId}`
RemoveZoneFromVpcEndpoint	`acs:privatelink:{#regionId}:{#accountId}:vpcendpoint/{#EndpointId}`
UpdateVpcEndpointAttribute	`acs:privatelink:{#regionId}:{#accountId}:vpcendpoint/{#EndpointId}`
UpdateVpcEndpointConnectionAttribute	`acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/{#ServiceId}`
UpdateVpcEndpointServiceAttribute	`acs:privatelink:{#regionId}:{#accountId}:vpcendpointservice/{#ServiceId}`
ListVpcEndpointServicesByEndUser	`Condition： privatelink:VpcEndpointServiceIdacs:privatelink:::*`
DescribeRegions	无需鉴权
DescribeZones	无需鉴权