API网关有哪些操作/资源和条件_API 网关(API Gateway)-阿里云帮助中心

访问控制（RAM）是阿里云提供的管理用户身份与资源访问权限的服务。使用RAM可以让您避免与其他用户共享阿里云账号密钥，并可按需为用户授予最小权限。RAM中使用权限策略描述授权的具体内容。

本文为您介绍API 网关（CloudAPI）为RAM权限策略定义的操作（Action）、资源（Resource）和条件（Condition）。API 网关（CloudAPI）的RAM代码（RamCode）为[{"popCode":"CloudAPI","ramCodes":["cloudapi","apigateway"]}]，支持的授权粒度为RESOURCE。

权限策略通用结构

权限策略支持JSON格式，其通用结构如下：

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}

各字段含义如下：

Effect：权限策略效果。取值：Allow（允许）、Deny（拒绝）。
Action：授予允许或拒绝权限的具体操作。具体信息，请参见操作（Action）。
Resource：受操作影响的具体对象，您可以使用资源ARN来描述指定资源。具体信息，请参见资源（Resource）。
Condition：指授权生效的条件。可选字段。具体信息，请参见条件（Condition）。
- Condition_operator：条件运算符，不同类型的条件对应不同的条件运算符。具体信息，请参见权限策略基本元素。
- Condition_key：条件关键字。
- Condition_value：条件关键字对应的值。

操作（Action）

下表是API 网关（CloudAPI）定义的操作，这些操作可以在RAM权限策略语句的Action元素中使用，用来授予执行该操作的权限。下面对表中的具体项提供说明：

操作：是指具体的权限点。
API：是指操作对应的API接口。
访问级别：是指每个操作的访问级别，取值为写入（Write）、读取（Read）或列出（List）。
资源类型：是指操作中支持授权的资源类型。具体说明如下：
- 对于必选的资源类型，用背景高亮的方式表示。
- 对于不支持资源级授权的操作，用全部资源表示。
条件关键字：是指云产品自身定义的条件关键字。该列不体现适用于任何操作的通用条件关键字。
关联操作：是指成功执行操作所需要的其他权限。操作者必须同时具备关联操作的权限，操作才能成功。

操作	API	访问级别	资源类型	条件关键字	关联操作
apigateway:ValidateVpcConnectivity	ValidateVpcConnectivity	get	全部资源 *	无	无
apigateway:DescribeApiGroups	DescribeApiGroups	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/*	无	无
apigateway:ModifyApi	ModifyApi	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:ModifyApiGroupNetworkPolicy	ModifyApiGroupNetworkPolicy	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DeleteTrafficSpecialControl	DeleteTrafficSpecialControl	delete	全部资源 *	无	无
apigateway:CreateBackendModel	CreateBackendModel	create	Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId}	无	无
apigateway:DescribeApp	DescribeApp	get	App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId}	无	无
apigateway:DescribeApiTrafficData	DescribeApiTrafficData	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeDatasetItemInfo	DescribeDatasetItemInfo	get	Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId}	无	无
apigateway:DescribeDeployApiTask	DescribeDeployApiTask	get	全部资源 *	无	无
apigateway:CreateApiStageVariable	CreateApiStageVariable	create	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:ModifyInstanceSpec	ModifyInstanceSpec	update	全部资源 *	无	无
apigateway:AssociateInstanceWithPrivateDNS	AssociateInstanceWithPrivateDNS	update	全部资源 *	无	无
apigateway:ModifyPlugin	ModifyPlugin	update	Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId}	无	无
apigateway:SetVpcAccess	SetVpcAccess	update	Vpc acs:apigateway:{#regionId}:{#accountId}:vpcaccess/*	无	无
apigateway:DescribeDomain	DescribeDomain	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:CreateInstance	CreateInstance	create	Instance acs:apigateway:{#regionId}:{#accountId}:instance/*	无	无
apigateway:ImportOAS	ImportOAS	create	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DeletePrivateDNS	DeletePrivateDNS	delete	全部资源 *	无	无
apigateway:DescribeBackendList	DescribeBackendList	get	Backend acs:apigateway:{#regionId}:{#accountId}:backend/*	无	无
apigateway:DetachApiProduct	DetachApiProduct	delete	全部资源 *	无	无
apigateway:DescribePurchasedApiGroup	DescribePurchasedApiGroup	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:SetApiProductsAuthorities	SetApiProductsAuthorities	create	全部资源 *	无	无
apigateway:RemoveAccessControlListEntry	RemoveAccessControlListEntry	update	AccessControlList acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId}	无	无
apigateway:BatchDeployApis	BatchDeployApis	update	全部资源 *	无	无
apigateway:RemoveApiProductsAuthorities	RemoveApiProductsAuthorities	delete	全部资源 *	无	无
apigateway:DissociateInstanceWithPrivateDNS	DissociateInstanceWithPrivateDNS	update	全部资源 *	无	无
apigateway:DescribeGroupTraffic	DescribeGroupTraffic	get	全部资源 *	无	无
apigateway:CreateAppCode	CreateAppCode	create	App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId}	无	无
apigateway:DescribeApisByBackend	DescribeApisByBackend	get	Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId}	无	无
apigateway:DeleteBackend	DeleteBackend	delete	Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId}	无	无
apigateway:SdkGenerateByApp	SdkGenerateByApp	create	全部资源 *	无	无
apigateway:DescribePluginSchemas	DescribePluginSchemas	get	全部资源 *	无	无
apigateway:DescribeInstanceQps	DescribeInstanceQps	get	Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId}	无	无
apigateway:DeleteDataset	DeleteDataset	delete	Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId}	无	无
apigateway:SetAccessControlListAttribute	SetAccessControlListAttribute	update	AccessControlList acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId}	无	无
apigateway:DeleteAllTrafficSpecialControl	DeleteAllTrafficSpecialControl	delete	全部资源 *	无	无
apigateway:RemoveVpcAccess	RemoveVpcAccess	delete	全部资源 *	无	无
apigateway:DescribeAuthorizedApis	DescribeAuthorizedApis	get	App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId}	无	无
apigateway:DescribeInstanceLatency	DescribeInstanceLatency	get	Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId}	无	无
apigateway:DescribeApisByIpControl	DescribeApisByIpControl	get	全部资源 *	无	无
apigateway:DescribePurchasedApiGroups	DescribePurchasedApiGroups	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/*	无	无
apigateway:DescribeApiMarketAttributes	DescribeApiMarketAttributes	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DeleteDomain	DeleteDomain	delete	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:SetTrafficControlApis	SetTrafficControlApis	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeAppSecurity	DescribeAppSecurity	get	App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId}	无	无
apigateway:DescribeAccessControlLists	DescribeAccessControlLists	get	全部资源 *	无	无
apigateway:DescribeInstanceNewConnections	DescribeInstanceNewConnections	get	Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId}	无	无
apigateway:DescribeSummaryData	DescribeSummaryData	get	全部资源 *	无	无
apigateway:DescribeApiHistories	DescribeApiHistories	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:ModifyApiGroup	ModifyApiGroup	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribePluginTemplates	DescribePluginTemplates	get	全部资源 *	无	无
apigateway:DescribeImportOASTask	DescribeImportOASTask	get	全部资源 *	无	无
apigateway:UpdatePrivateDNS	UpdatePrivateDNS	update	全部资源 *	无	无
apigateway:DeployApi	DeployApi	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DeleteApiGroup	DeleteApiGroup	delete	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:ModifyTrafficControl	ModifyTrafficControl	update	TrafficControl acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/{#TrafficControlId}	无	无
apigateway:CreateSignature	CreateSignature	create	全部资源 *	无	无
apigateway:DescribeDeployedApis	DescribeDeployedApis	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeApiProductApis	DescribeApiProductApis	get	全部资源 *	无	无
apigateway:CreatePrivateDNS	CreatePrivateDNS	create	全部资源 *	无	无
apigateway:DescribeUpdateVpcInfoTask	DescribeUpdateVpcInfoTask	get	全部资源 *	无	无
apigateway:DescribeApiIpControls	DescribeApiIpControls	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:TagResources	TagResources	create	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#ResourceId} App acs:apigateway:{#regionId}:{#accountId}:app/{#ResourceId}	无	无
apigateway:BatchAbolishApis	BatchAbolishApis	update	全部资源 *	无	无
apigateway:DescribeGroupQps	DescribeGroupQps	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeApiQpsData	DescribeApiQpsData	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:AbolishApi	AbolishApi	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:RemoveSignatureApis	RemoveSignatureApis	delete	全部资源 *	无	无
apigateway:DescribeAccessControlListAttribute	DescribeAccessControlListAttribute	get	全部资源 *	无	无
apigateway:DescribeInstances	DescribeInstances	get	全部资源 *	无	无
apigateway:AddIpControlPolicyItem	AddIpControlPolicyItem	create	IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId}	无	无
apigateway:CreateBackend	CreateBackend	create	全部资源 *	无	无
apigateway:AttachPlugin	AttachPlugin	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId}	无	无
apigateway:DeleteApp	DeleteApp	delete	App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId}	无	无
apigateway:DeleteAppKey	DeleteAppKey	delete	App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId}	无	无
apigateway:DescribeApisWithStageNameIntegratedByApp	DescribeApisWithStageNameIntegratedByApp	get	全部资源 *	无	无
apigateway:DescribeAbolishApiTask	DescribeAbolishApiTask	get	全部资源 *	无	无
apigateway:DescribeDatasetList	DescribeDatasetList	get	Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/*	无	无
apigateway:QueryRequestLogs	QueryRequestLogs	get	全部资源 *	无	无
apigateway:DescribePluginsByApi	DescribePluginsByApi	get	全部资源 *	无	无
apigateway:ModifyDataset	ModifyDataset	update	Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId}	无	无
apigateway:DescribePlugins	DescribePlugins	get	Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/*	无	无
apigateway:CreateModel	CreateModel	create	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:SwitchApi	SwitchApi	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:ModifyVpcAccessAndUpdateApis	ModifyVpcAccessAndUpdateApis	update	全部资源 *	无	无
apigateway:DescribeSystemParameters	DescribeSystemParameters	get	全部资源 *	无	无
apigateway:DeleteLogConfig	DeleteLogConfig	delete	LogConfig acs:apigateway:{#regionId}:{#accountId}:logconfig/{#LogType}	无	无
apigateway:DeleteMonitorGroup	DeleteMonitorGroup	delete	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:ModifyIntranetDomainPolicy	ModifyIntranetDomainPolicy	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeApis	DescribeApis	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeApiTrafficControls	DescribeApiTrafficControls	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:ModifyLogConfig	ModifyLogConfig	update	全部资源 *	无	无
apigateway:DeleteAppCode	DeleteAppCode	delete	App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId}	无	无
apigateway:DisableInstanceAccessControl	DisableInstanceAccessControl	update	AccessControlList acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId}	无	无
apigateway:DeleteDomainCertificate	DeleteDomainCertificate	delete	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:ListTagResources	ListTagResources	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#ResourceId}	无	无
apigateway:CreateApiGroup	CreateApiGroup	create	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/*	无	无
apigateway:RemoveApisAuthorities	RemoveApisAuthorities	delete	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeDatasetInfo	DescribeDatasetInfo	get	全部资源 *	无	无
apigateway:DescribeApiDoc	DescribeApiDoc	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:ModifyBackendModel	ModifyBackendModel	update	Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId}	无	无
apigateway:CreateDatasetItem	CreateDatasetItem	create	Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId}	无	无
apigateway:DescribeApisBySignature	DescribeApisBySignature	get	全部资源 *	无	无
apigateway:DescribeLogConfig	DescribeLogConfig	get	LogConfig acs:apigateway:{#regionId}:{#accountId}:logconfig/{#LogType}	无	无
apigateway:DescribeApiGroupVpcWhitelist	DescribeApiGroupVpcWhitelist	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:SetApisAuthorities	SetApisAuthorities	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:CreateAccessControlList	CreateAccessControlList	create	全部资源 *	无	无
apigateway:DryRunSwagger	DryRunSwagger	none	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:ModifyInstanceAttribute	ModifyInstanceAttribute	update	Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId}	无	无
apigateway:ModifyApiGroupInstance	ModifyApiGroupInstance	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeTrafficControlsByApi	DescribeTrafficControlsByApi	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeInstanceDropPacket	DescribeInstanceDropPacket	get	Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId}	无	无
apigateway:ModifySignature	ModifySignature	update	全部资源 *	无	无
apigateway:SetDomainWebSocketStatus	SetDomainWebSocketStatus	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeDeployedApi	DescribeDeployedApi	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DeletePlugin	DeletePlugin	delete	Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId}	无	无
apigateway:SetAppsAuthToApiProduct	SetAppsAuthToApiProduct	create	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apiproduct/{#ApiProductId}	无	无
apigateway:DescribeInstanceDropConnections	DescribeInstanceDropConnections	get	Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId}	无	无
apigateway:DeleteSignature	DeleteSignature	delete	全部资源 *	无	无
apigateway:DescribeApiSignatures	DescribeApiSignatures	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:CreateDataset	CreateDataset	create	Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/*	无	无
apigateway:DescribeModels	DescribeModels	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:RemoveAppsAuthorities	RemoveAppsAuthorities	delete	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} App acs:apigateway:{#regionId}:{#accountId}:app/{#AppIds}	无	无
apigateway:CreateLogConfig	CreateLogConfig	create	全部资源 *	无	无
apigateway:DescribeApiLatencyData	DescribeApiLatencyData	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:ResetAppCode	ResetAppCode	update	全部资源 *	无	无
apigateway:RemoveIpControlPolicyItem	RemoveIpControlPolicyItem	delete	IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId}	无	无
apigateway:CreateMonitorGroup	CreateMonitorGroup	create	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:SetAppsAuthorities	SetAppsAuthorities	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} App acs:apigateway:{#regionId}:{#accountId}:app/{#AppIds}	无	无
apigateway:CreateTrafficControl	CreateTrafficControl	create	TrafficControl acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/*	无	无
apigateway:CreateApi	CreateApi	create	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeApisByApp	DescribeApisByApp	get	App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId}	无	无
apigateway:RemoveVpcAccessAndAbolishApis	RemoveVpcAccessAndAbolishApis	delete	全部资源 *	无	无
apigateway:AddAccessControlListEntry	AddAccessControlListEntry	update	AccessControlList acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId}	无	无
apigateway:DescribeInstanceClusterInfo	DescribeInstanceClusterInfo	get	全部资源 *	无	无
apigateway:CreateIpControl	CreateIpControl	create	IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/*	无	无
apigateway:ModifyBackend	ModifyBackend	update	Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId}	无	无
apigateway:RemoveIpControlApis	RemoveIpControlApis	delete	全部资源 *	无	无
apigateway:DeleteAccessControlList	DeleteAccessControlList	delete	全部资源 *	无	无
apigateway:UntagResources	UntagResources	delete	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#ResourceId} App acs:apigateway:{#regionId}:{#accountId}:app/{#ResourceId}	无	无
apigateway:DeleteBackendModel	DeleteBackendModel	delete	Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId}	无	无
apigateway:EnableInstanceAccessControl	EnableInstanceAccessControl	update	AccessControlList acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId}	无	无
apigateway:CreatePlugin	CreatePlugin	create	Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/*	无	无
apigateway:DescribePurchasedApis	DescribePurchasedApis	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeBackendInfo	DescribeBackendInfo	get	全部资源 *	无	无
apigateway:DeleteDatasetItem	DeleteDatasetItem	delete	Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId}	无	无
apigateway:DescribeDatasetItemList	DescribeDatasetItemList	get	Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId}	无	无
apigateway:DescribeHistoryApis	DescribeHistoryApis	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:SetDomain	SetDomain	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:SetDomainCertificate	SetDomainCertificate	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeApiProductsByApp	DescribeApiProductsByApp	get	全部资源 *	无	无
apigateway:DescribeInstanceHttpCode	DescribeInstanceHttpCode	get	Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId}	无	无
apigateway:DescribeAppSecurities	DescribeAppSecurities	get	App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId}	无	无
apigateway:SetWildcardDomainPatterns	SetWildcardDomainPatterns	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:CreateApp	CreateApp	create	App acs:apigateway:{#regionId}:{#accountId}:app/*	无	无
apigateway:SetIpControlApis	SetIpControlApis	update	全部资源 *	无	无
apigateway:ListPrivateDNS	ListPrivateDNS	list	全部资源 *	无	无
apigateway:DetachPlugin	DetachPlugin	update	Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId}	无	无
apigateway:RemoveTrafficControlApis	RemoveTrafficControlApis	delete	全部资源 *	无	无
apigateway:DescribeUpdateBackendTask	DescribeUpdateBackendTask	get	全部资源 *	无	无
apigateway:DescribeIpControls	DescribeIpControls	get	IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/*	无	无
apigateway:ModifyModel	ModifyModel	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeMarketRemainsQuota	DescribeMarketRemainsQuota	get	全部资源 *	无	无
apigateway:ResetAppSecret	ResetAppSecret	update	全部资源 *	无	无
apigateway:ModifyApp	ModifyApp	update	App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId}	无	无
apigateway:DeleteApi	DeleteApi	delete	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DeleteModel	DeleteModel	delete	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeInstancePackets	DescribeInstancePackets	get	Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId}	无	无
apigateway:DescribeApps	DescribeApps	get	App acs:apigateway:{#regionId}:{#accountId}:app/*	无	无
apigateway:ModifyInstanceVpcAttributeForConsole	ModifyInstanceVpcAttributeForConsole	update	全部资源 *	无	无
apigateway:DeleteApiProduct	DeleteApiProduct	delete	全部资源 *	无	无
apigateway:DeleteInstance	DeleteInstance	delete	Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId}	无	无
apigateway:DescribeApiGroup	DescribeApiGroup	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:ModifyIpControl	ModifyIpControl	update	全部资源 *	无	无
apigateway:DescribeInstanceSlbConnect	DescribeInstanceSlbConnect	get	Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId}	无	无
apigateway:DescribeInstanceTraffic	DescribeInstanceTraffic	get	Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId}	无	无
apigateway:DeleteIpControl	DeleteIpControl	delete	IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId}	无	无
apigateway:CreateAppKey	CreateAppKey	create	App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId}	无	无
apigateway:DescribeApiHistory	DescribeApiHistory	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DeleteApiStageVariable	DeleteApiStageVariable	delete	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:AddTrafficSpecialControl	AddTrafficSpecialControl	create	TrafficControl acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/{#TrafficControlId}	无	无
apigateway:DescribeApi	DescribeApi	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeInstanceClusterList	DescribeInstanceClusterList	list	全部资源 *	无	无
apigateway:OpenApiGatewayService	OpenApiGatewayService	none	全部资源 *	无	无
apigateway:DescribePluginApis	DescribePluginApis	get	Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId}	无	无
apigateway:DescribeSignatures	DescribeSignatures	get	Signature acs:apigateway:{#regionId}:{#accountId}:secretkey/*	无	无
apigateway:ModifyDatasetItem	ModifyDatasetItem	update	Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId}	无	无
apigateway:DescribeTrafficControls	DescribeTrafficControls	get	TrafficControl acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/{#TrafficControlId}	无	无
apigateway:DescribeAuthorizedApps	DescribeAuthorizedApps	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:ModifyIpControlPolicyItem	ModifyIpControlPolicyItem	update	IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId}	无	无
apigateway:DeleteTrafficControl	DeleteTrafficControl	delete	TrafficControl acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/{#TrafficControlId}	无	无
apigateway:AttachApiProduct	AttachApiProduct	create	全部资源 *	无	无
apigateway:DescribeAppsByApiProduct	DescribeAppsByApiProduct	get	全部资源 *	无	无
apigateway:DescribeIpControlPolicyItems	DescribeIpControlPolicyItems	get	IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId}	无	无
apigateway:ExportOAS	ExportOAS	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:ModifyApiGroupVpcWhitelist	ModifyApiGroupVpcWhitelist	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:ImportSwagger	ImportSwagger	create	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:SdkGenerateByAppForRegion	SdkGenerateByAppForRegion	get	App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId}	无	无
apigateway:DescribeApisByVpcAccess	DescribeApisByVpcAccess	list	全部资源 *	无	无
apigateway:ReactivateDomain	ReactivateDomain	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:SdkGenerateByGroup	SdkGenerateByGroup	create	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeAppAttributes	DescribeAppAttributes	get	App acs:apigateway:{#regionId}:{#accountId}:app/*	无	无
apigateway:SetSignatureApis	SetSignatureApis	update	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeGroupLatency	DescribeGroupLatency	get	ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}	无	无
apigateway:DescribeSignaturesByApi	DescribeSignaturesByApi	get	全部资源 *	无	无
apigateway:ModifyApiConfiguration	ModifyApiConfiguration	update	全部资源 *	无	无
apigateway:DescribeVpcAccesses	DescribeVpcAccesses	get	全部资源 *	无	无
apigateway:DescribeApisByTrafficControl	DescribeApisByTrafficControl	get	全部资源 *	无	无

资源（Resource）

下表是API 网关（CloudAPI）定义的资源，这些资源可以在RAM权限策略语句的Resource元素中使用，用来授予对该资源执行具体操作的权限。其中，资源ARN是资源在阿里云上的唯一标识。具体说明如下：

{#}为变量标识，需要您替换为实际值。例如：{#ramcode}需要您替换为实际的云服务RAM代码。
*表示全部。例如：
- {#resourceType}为*时：表示全部资源。
- {#regionId}为*时：表示全部地域。
- {#accountId}为*时：表示全部阿里云账号。

资源类型	资源ARN
IpControl	acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#RuleId}
TrafficControl	acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/{#RuleId}
Vpc	acs:apigateway:{#regionId}:{#accountId}:vpcaccess/{#VpcAccessId}
ApiGroup	acs:apigateway:{#regionId}:{#accountId}:apigroup/*
ApiGroup	acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}
Instance	acs:apigateway:{#Region}:{#accountId}:instance/*
Backend	acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId}
App	acs:apigateway:{#regionId}:{#accountId}:app/{#AppId}
Dataset	acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId}
Instance	acs:apigateway:{#regionId}:{#accountId}:instance/*
Plugin	acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId}
Instance	acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId}
Vpc	acs:apigateway:{#regionId}:{#accountId}:vpcaccess/*
Backend	acs:apigateway:{#regionId}:{#accountId}:backend/*
ApiGroup	acs:apigateway:{#regionId}:{#accountId}:apigroup/{#SourceGroupId}
AccessControlList	acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId}
VpcAccess	acs:apigateway:{#regionId}:{#accountId}:vpcaccess/*
ApiGroup	acs:apigateway::{#accountId}:apigroup/*
AccessControlList	acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/*
AccessControl	acs:apigateway:{#regionId}:{#accountId}:accesscontrol/*
TrafficControl	acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/{#TrafficControlId}
Signature	acs:apigateway:{#regionId}:{#accountId}:signature/*
ApiGroup	acs:apigateway:{#Region}:{#accountId}:apigroup/{#SourceGroupId}
ApiGroup	acs:apigateway:{#regionId}:{#accountId}:apigroup/{#TargetGroupId}
ApiGroup	acs:apigateway:{#regionId}:{#accountId}:apigroup/{#ResourceId}
App	acs:apigateway:{#regionId}:{#accountId}:app/{#ResourceId}
AccessControl	acs:apigateway:{#regionId}:{#accountId}:accesscontrol/{#AclId}
IpControl	acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId}
Dataset	acs:apigateway:{#regionId}:{#accountId}:dataset/*
Plugin	acs:apigateway:{#regionId}:{#accountId}:plugin/*
LogConfig	acs:apigateway:{#regionId}:{#accountId}:logconfig/{#LogType}
LogConfig	acs:apigateway:{#regionId}:{#accountId}:logconfig/*
ApiGroup	acs:apigateway:{#regionId}:{#accountId}:apiproduct/{#ApiProductId}
Signature	acs:apigateway:{#regionId}:{#accountId}:signature/{#SignatureId}
App	acs:apigateway:{#regionId}:{#accountId}:app/{#AppIds}
App	acs:apigateway:{#regionId}:{#accountId}:app/*
TrafficControl	acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/*
IpControl	acs:apigateway:{#regionId}:{#accountId}:ipcontrol/*
AccessControl	acs:cloudapi:{#regionId}:{#accountId}:accesscontrol/{#AclId}
Signature	acs:apigateway:{#regionId}:{#accountId}:secretkey/*
VpcAccess	acs:apigateway:{#regionId}:{#accountId}:vpcaccess/{#VpcAccessId}

条件（Condition）

API 网关（CloudAPI）未定义产品级别的条件关键字。如需查看适用于所有云产品的通用条件关键字，请参见通用条件关键字。

授权信息

权限策略通用结构

操作（Action）

资源（Resource）

条件（Condition）

相关操作