访问控制(RAM)是阿里云提供的管理用户身份与资源访问权限的服务。使用RAM可以让您避免与其他用户共享阿里云账号密钥,并可按需为用户授予最小权限。RAM中使用权限策略描述授权的具体内容。
本文为您介绍API 网关(CloudAPI)为RAM权限策略定义的操作(Action)、资源(Resource)和条件(Condition)。API 网关(CloudAPI)的RAM代码(RamCode)为 apigateway、cloudapi,支持的授权粒度为资源级。
权限策略通用结构
权限策略支持JSON格式,其通用结构如下:
{
"Version": "1",
"Statement": [
{
"Effect": "<Effect>",
"Action": "<Action>",
"Resource": "<Resource>",
"Condition": {
"<Condition_operator>": {
"<Condition_key>": [
"<Condition_value>"
]
}
}
}
]
}- Effect:权限策略效果。取值:Allow(允许)、Deny(拒绝)。
- Action:授予允许或拒绝权限的具体操作。具体信息,请参见操作(Action)。
- Resource:受操作影响的具体对象,您可以使用资源ARN来描述指定资源。具体信息,请参见资源(Resource)。
- Condition:指授权生效的条件。可选字段。具体信息,请参见条件(Condition)。
- Condition_operator:条件运算符,不同类型的条件对应不同的条件运算符。具体信息,请参见权限策略基本元素。
- Condition_key:条件关键字。
- Condition_value:条件关键字对应的值。
操作(Action)
下表是API 网关(CloudAPI)定义的操作,这些操作可以在RAM权限策略语句的Action元素中使用,用来授予执行该操作的权限。下面对表中的具体项提供说明:- 操作:是指具体的权限点。
- API:是指操作对应的API接口。
- 访问级别:是指每个操作的访问级别,取值为写入(Write)、读取(Read)或列出(List)。
- 资源类型:是指操作中支持授权的资源类型。具体说明如下:
- 对于必选的资源类型,用前面加 * 表示。
- 对于不支持资源级授权的操作,用
全部资源表示。
- 条件关键字:是指云产品自身定义的条件关键字。该列不体现适用于任何操作的通用条件关键字。
- 关联操作:是指成功执行操作所需要的其他权限。操作者必须同时具备关联操作的权限,操作才能成功。
| 操作 | API | 访问级别 | 资源类型 | 条件关键字 | 关联操作 |
|---|---|---|---|---|---|
| apigateway:AbolishApi | AbolishApi | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:AddAccessControlListEntry | AddAccessControlListEntry | update | *AccessControlList acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId} | 无 | 无 |
| apigateway:AddIpControlPolicyItem | AddIpControlPolicyItem | create | *IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId} | 无 | 无 |
| apigateway:AddTrafficSpecialControl | AddTrafficSpecialControl | create | *TrafficControl acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/{#TrafficControlId} | 无 | 无 |
| apigateway:AssociateInstanceWithPrivateDNS | AssociateInstanceWithPrivateDNS | update | *全部资源 * | 无 | 无 |
| apigateway:AttachApiProduct | AttachApiProduct | create | *全部资源 * | 无 | 无 |
| apigateway:AttachGroupPlugin | AttachGroupPlugin | none | *Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId} | 无 | 无 |
| apigateway:AttachPlugin | AttachPlugin | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}*Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId} | 无 | 无 |
| apigateway:BatchAbolishApis | BatchAbolishApis | update | *全部资源 * | 无 | 无 |
| apigateway:BatchDeployApis | BatchDeployApis | update | *全部资源 * | 无 | 无 |
| apigateway:CreateAccessControlList | CreateAccessControlList | create | *全部资源 * | 无 | 无 |
| apigateway:CreateApi | CreateApi | create | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:CreateApiGroup | CreateApiGroup | create | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/* | 无 | 无 |
| apigateway:CreateApiStageVariable | CreateApiStageVariable | create | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:CreateApp | CreateApp | create | *App acs:apigateway:{#regionId}:{#accountId}:app/* | 无 | 无 |
| apigateway:CreateAppCode | CreateAppCode | create | *App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:CreateAppKey | CreateAppKey | create | *App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:CreateBackend | CreateBackend | create | *全部资源 * | 无 | 无 |
| apigateway:CreateBackendModel | CreateBackendModel | create | *Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId} | 无 | 无 |
| apigateway:CreateDataset | CreateDataset | create | *Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/* | 无 | 无 |
| apigateway:CreateDatasetItem | CreateDatasetItem | create | *Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId} | 无 | 无 |
| apigateway:CreateInstance | CreateInstance | create | *Instance acs:apigateway:{#regionId}:{#accountId}:instance/* | 无 | 无 |
| apigateway:CreateIpControl | CreateIpControl | create | *IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/* | 无 | 无 |
| apigateway:CreateLogConfig | CreateLogConfig | create | *全部资源 * | 无 | 无 |
| apigateway:CreateModel | CreateModel | create | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:CreateMonitorGroup | CreateMonitorGroup | create | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:CreatePlugin | CreatePlugin | create | *Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/* | 无 | 无 |
| apigateway:CreatePrivateDNS | CreatePrivateDNS | create | *全部资源 * | 无 | 无 |
| apigateway:CreateSignature | CreateSignature | create | *全部资源 * | 无 | 无 |
| apigateway:CreateTrafficControl | CreateTrafficControl | create | *TrafficControl acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/* | 无 | 无 |
| apigateway:DeleteAccessControlList | DeleteAccessControlList | delete | *全部资源 * | 无 | 无 |
| apigateway:DeleteAllTrafficSpecialControl | DeleteAllTrafficSpecialControl | delete | *全部资源 * | 无 | 无 |
| apigateway:DeleteApi | DeleteApi | delete | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DeleteApiGroup | DeleteApiGroup | delete | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DeleteApiProduct | DeleteApiProduct | delete | *全部资源 * | 无 | 无 |
| apigateway:DeleteApiStageVariable | DeleteApiStageVariable | delete | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DeleteApp | DeleteApp | delete | *App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:DeleteAppCode | DeleteAppCode | delete | *App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:DeleteAppKey | DeleteAppKey | delete | *App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:DeleteBackend | DeleteBackend | delete | *Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId} | 无 | 无 |
| apigateway:DeleteBackendModel | DeleteBackendModel | delete | *Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId} | 无 | 无 |
| apigateway:DeleteDataset | DeleteDataset | delete | *Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId} | 无 | 无 |
| apigateway:DeleteDatasetItem | DeleteDatasetItem | delete | *Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId} | 无 | 无 |
| apigateway:DeleteDomain | DeleteDomain | delete | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DeleteDomainCertificate | DeleteDomainCertificate | delete | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DeleteInstance | DeleteInstance | delete | *Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:DeleteIpControl | DeleteIpControl | delete | *IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId} | 无 | 无 |
| apigateway:DeleteLogConfig | DeleteLogConfig | delete | *LogConfig acs:apigateway:{#regionId}:{#accountId}:logconfig/{#LogType} | 无 | 无 |
| apigateway:DeleteModel | DeleteModel | delete | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DeleteMonitorGroup | DeleteMonitorGroup | delete | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DeletePlugin | DeletePlugin | delete | *Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId} | 无 | 无 |
| apigateway:DeletePrivateDNS | DeletePrivateDNS | delete | *全部资源 * | 无 | 无 |
| apigateway:DeleteSignature | DeleteSignature | delete | *全部资源 * | 无 | 无 |
| apigateway:DeleteTrafficControl | DeleteTrafficControl | delete | *TrafficControl acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/{#TrafficControlId} | 无 | 无 |
| apigateway:DeleteTrafficSpecialControl | DeleteTrafficSpecialControl | delete | *全部资源 * | 无 | 无 |
| apigateway:DeployApi | DeployApi | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeAbolishApiTask | DescribeAbolishApiTask | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeAccessControlListAttribute | DescribeAccessControlListAttribute | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeAccessControlLists | DescribeAccessControlLists | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeApi | DescribeApi | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApiDoc | DescribeApiDoc | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApiGroup | DescribeApiGroup | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApiGroupVpcWhitelist | DescribeApiGroupVpcWhitelist | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApiGroups | DescribeApiGroups | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/* | 无 | 无 |
| apigateway:DescribeApiHistories | DescribeApiHistories | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApiHistory | DescribeApiHistory | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApiIpControls | DescribeApiIpControls | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApiLatencyData | DescribeApiLatencyData | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApiMarketAttributes | DescribeApiMarketAttributes | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApiProductApis | DescribeApiProductApis | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeApiProductsByApp | DescribeApiProductsByApp | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeApiQpsData | DescribeApiQpsData | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApiSignatures | DescribeApiSignatures | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApiTrafficControls | DescribeApiTrafficControls | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApiTrafficData | DescribeApiTrafficData | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApis | DescribeApis | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApisByApp | DescribeApisByApp | get | *App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:DescribeApisByBackend | DescribeApisByBackend | get | *Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId} | 无 | 无 |
| apigateway:DescribeApisByIpControl | DescribeApisByIpControl | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeApisBySignature | DescribeApisBySignature | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeApisByTrafficControl | DescribeApisByTrafficControl | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeApisByVpcAccess | DescribeApisByVpcAccess | list | *全部资源 * | 无 | 无 |
| apigateway:DescribeApisWithStageNameIntegratedByApp | DescribeApisWithStageNameIntegratedByApp | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeApp | DescribeApp | get | *App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:DescribeAppAttributes | DescribeAppAttributes | get | *App acs:apigateway:{#regionId}:{#accountId}:app/* | 无 | 无 |
| apigateway:DescribeAppSecurities | DescribeAppSecurities | get | *App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:DescribeAppSecurity | DescribeAppSecurity | get | *App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:DescribeApps | DescribeApps | get | *App acs:apigateway:{#regionId}:{#accountId}:app/* | 无 | 无 |
| apigateway:DescribeAppsByApiProduct | DescribeAppsByApiProduct | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeAuthorizedApis | DescribeAuthorizedApis | get | *App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:DescribeAuthorizedApps | DescribeAuthorizedApps | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeBackendInfo | DescribeBackendInfo | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeBackendList | DescribeBackendList | get | *Backend acs:apigateway:{#regionId}:{#accountId}:backend/* | 无 | 无 |
| apigateway:DescribeDatasetInfo | DescribeDatasetInfo | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeDatasetItemInfo | DescribeDatasetItemInfo | get | *Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId} | 无 | 无 |
| apigateway:DescribeDatasetItemList | DescribeDatasetItemList | get | *Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId} | 无 | 无 |
| apigateway:DescribeDatasetList | DescribeDatasetList | get | *Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/* | 无 | 无 |
| apigateway:DescribeDeployApiTask | DescribeDeployApiTask | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeDeployedApi | DescribeDeployedApi | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeDeployedApis | DescribeDeployedApis | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeDomain | DescribeDomain | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeGroupLatency | DescribeGroupLatency | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeGroupQps | DescribeGroupQps | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeGroupTraffic | DescribeGroupTraffic | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeHistoryApis | DescribeHistoryApis | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeImportOASTask | DescribeImportOASTask | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeInstanceClusterInfo | DescribeInstanceClusterInfo | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeInstanceClusterList | DescribeInstanceClusterList | list | *全部资源 * | 无 | 无 |
| apigateway:DescribeInstanceDropConnections | DescribeInstanceDropConnections | get | *Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:DescribeInstanceDropPacket | DescribeInstanceDropPacket | get | *Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:DescribeInstanceHttpCode | DescribeInstanceHttpCode | get | *Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:DescribeInstanceLatency | DescribeInstanceLatency | get | *Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:DescribeInstanceNewConnections | DescribeInstanceNewConnections | get | *Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:DescribeInstancePackets | DescribeInstancePackets | get | *Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:DescribeInstanceQps | DescribeInstanceQps | get | *Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:DescribeInstanceSlbConnect | DescribeInstanceSlbConnect | get | *Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:DescribeInstanceTraffic | DescribeInstanceTraffic | get | *Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:DescribeInstances | DescribeInstances | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeIpControlPolicyItems | DescribeIpControlPolicyItems | get | *IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId} | 无 | 无 |
| apigateway:DescribeIpControls | DescribeIpControls | get | *IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/* | 无 | 无 |
| apigateway:DescribeLogConfig | DescribeLogConfig | get | *LogConfig acs:apigateway:{#regionId}:{#accountId}:logconfig/{#LogType} | 无 | 无 |
| apigateway:DescribeMarketRemainsQuota | DescribeMarketRemainsQuota | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeModels | DescribeModels | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribePluginApis | DescribePluginApis | get | *Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId} | 无 | 无 |
| apigateway:DescribePluginGroups | DescribePluginGroups | get | *Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId} | 无 | 无 |
| apigateway:DescribePluginSchemas | DescribePluginSchemas | get | *全部资源 * | 无 | 无 |
| apigateway:DescribePluginTemplates | DescribePluginTemplates | get | *全部资源 * | 无 | 无 |
| apigateway:DescribePlugins | DescribePlugins | get | *Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/* | 无 | 无 |
| apigateway:DescribePluginsByApi | DescribePluginsByApi | get | *全部资源 * | 无 | 无 |
| apigateway:DescribePluginsByGroup | DescribePluginsByGroup | get | *全部资源 * | 无 | 无 |
| apigateway:DescribePurchasedApiGroup | DescribePurchasedApiGroup | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribePurchasedApiGroups | DescribePurchasedApiGroups | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/* | 无 | 无 |
| apigateway:DescribePurchasedApis | DescribePurchasedApis | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeSignatures | DescribeSignatures | get | *Signature acs:apigateway:{#regionId}:{#accountId}:secretkey/* | 无 | 无 |
| apigateway:DescribeSignaturesByApi | DescribeSignaturesByApi | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeSummaryData | DescribeSummaryData | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeSystemParameters | DescribeSystemParameters | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeTrafficControls | DescribeTrafficControls | get | *TrafficControl acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/{#TrafficControlId} | 无 | 无 |
| apigateway:DescribeTrafficControlsByApi | DescribeTrafficControlsByApi | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeUpdateBackendTask | DescribeUpdateBackendTask | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeUpdateVpcInfoTask | DescribeUpdateVpcInfoTask | get | *全部资源 * | 无 | 无 |
| apigateway:DescribeVpcAccesses | DescribeVpcAccesses | get | *Vpc acs:apigateway:{#regionId}:{#accountId}:vpcaccess/{#VpcAccessId} | 无 | 无 |
| apigateway:DetachApiProduct | DetachApiProduct | delete | *全部资源 * | 无 | 无 |
| apigateway:DetachGroupPlugin | DetachGroupPlugin | none | *Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId} | 无 | 无 |
| apigateway:DetachPlugin | DetachPlugin | update | *Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId} | 无 | 无 |
| apigateway:DisableInstanceAccessControl | DisableInstanceAccessControl | update | *AccessControlList acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId} | 无 | 无 |
| apigateway:DissociateInstanceWithPrivateDNS | DissociateInstanceWithPrivateDNS | update | *全部资源 * | 无 | 无 |
| apigateway:DryRunSwagger | DryRunSwagger | none | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:EnableInstanceAccessControl | EnableInstanceAccessControl | update | *AccessControlList acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId} | 无 | 无 |
| apigateway:ExportOAS | ExportOAS | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:ImportOAS | ImportOAS | create | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:ImportSwagger | ImportSwagger | create | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:ListPrivateDNS | ListPrivateDNS | list | *全部资源 * | 无 | 无 |
| apigateway:ListTagResources | ListTagResources | get | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#ResourceId} | 无 | 无 |
| apigateway:ModifyApi | ModifyApi | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:ModifyApiConfiguration | ModifyApiConfiguration | update | *全部资源 * | 无 | 无 |
| apigateway:ModifyApiGroup | ModifyApiGroup | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:ModifyApiGroupInstance | ModifyApiGroupInstance | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:ModifyApiGroupNetworkPolicy | ModifyApiGroupNetworkPolicy | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:ModifyApiGroupVpcWhitelist | ModifyApiGroupVpcWhitelist | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:ModifyApp | ModifyApp | update | *App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:ModifyBackend | ModifyBackend | update | *Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId} | 无 | 无 |
| apigateway:ModifyBackendModel | ModifyBackendModel | update | *Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId} | 无 | 无 |
| apigateway:ModifyDataset | ModifyDataset | update | *Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId} | 无 | 无 |
| apigateway:ModifyDatasetItem | ModifyDatasetItem | update | *Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId} | 无 | 无 |
| apigateway:ModifyInstanceAttribute | ModifyInstanceAttribute | update | *Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:ModifyInstanceSpec | ModifyInstanceSpec | update | *全部资源 * | 无 | 无 |
| apigateway:ModifyInstanceVpcAttributeForConsole | ModifyInstanceVpcAttributeForConsole | update | *全部资源 * | 无 | 无 |
| apigateway:ModifyIntranetDomainPolicy | ModifyIntranetDomainPolicy | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:ModifyIpControl | ModifyIpControl | update | *全部资源 * | 无 | 无 |
| apigateway:ModifyIpControlPolicyItem | ModifyIpControlPolicyItem | update | *IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId} | 无 | 无 |
| apigateway:ModifyLogConfig | ModifyLogConfig | update | *全部资源 * | 无 | 无 |
| apigateway:ModifyModel | ModifyModel | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:ModifyPlugin | ModifyPlugin | update | *Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId} | 无 | 无 |
| apigateway:ModifySignature | ModifySignature | update | *全部资源 * | 无 | 无 |
| apigateway:ModifyTrafficControl | ModifyTrafficControl | update | *TrafficControl acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/{#TrafficControlId} | 无 | 无 |
| apigateway:ModifyVpcAccessAndUpdateApis | ModifyVpcAccessAndUpdateApis | update | *全部资源 * | 无 | 无 |
| apigateway:OpenApiGatewayService | OpenApiGatewayService | none | *全部资源 * | 无 | 无 |
| apigateway:QueryRequestLogs | QueryRequestLogs | get | *全部资源 * | 无 | 无 |
| apigateway:ReactivateDomain | ReactivateDomain | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:RemoveAccessControlListEntry | RemoveAccessControlListEntry | update | *AccessControlList acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId} | 无 | 无 |
| apigateway:RemoveApiProductsAuthorities | RemoveApiProductsAuthorities | delete | *全部资源 * | 无 | 无 |
| apigateway:RemoveApisAuthorities | RemoveApisAuthorities | delete | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:RemoveAppsAuthorities | RemoveAppsAuthorities | delete | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}*App acs:apigateway:{#regionId}:{#accountId}:app/{#AppIds} | 无 | 无 |
| apigateway:RemoveIpControlApis | RemoveIpControlApis | delete | *全部资源 * | 无 | 无 |
| apigateway:RemoveIpControlPolicyItem | RemoveIpControlPolicyItem | delete | *IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId} | 无 | 无 |
| apigateway:RemoveSignatureApis | RemoveSignatureApis | delete | *全部资源 * | 无 | 无 |
| apigateway:RemoveTrafficControlApis | RemoveTrafficControlApis | delete | *全部资源 * | 无 | 无 |
| apigateway:RemoveVpcAccess | RemoveVpcAccess | delete | *全部资源 * | 无 | 无 |
| apigateway:RemoveVpcAccessAndAbolishApis | RemoveVpcAccessAndAbolishApis | delete | *全部资源 * | 无 | 无 |
| apigateway:ResetAppCode | ResetAppCode | update | *全部资源 * | 无 | 无 |
| apigateway:ResetAppSecret | ResetAppSecret | update | *全部资源 * | 无 | 无 |
| apigateway:SdkGenerateByApp | SdkGenerateByApp | create | *全部资源 * | 无 | 无 |
| apigateway:SdkGenerateByAppForRegion | SdkGenerateByAppForRegion | get | *App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:SdkGenerateByGroup | SdkGenerateByGroup | create | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:SetAccessControlListAttribute | SetAccessControlListAttribute | update | *AccessControlList acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId} | 无 | 无 |
| apigateway:SetApiProductsAuthorities | SetApiProductsAuthorities | create | *全部资源 * | 无 | 无 |
| apigateway:SetApisAuthorities | SetApisAuthorities | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:SetAppsAuthToApiProduct | SetAppsAuthToApiProduct | create | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apiproduct/{#ApiProductId} | 无 | 无 |
| apigateway:SetAppsAuthorities | SetAppsAuthorities | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}*App acs:apigateway:{#regionId}:{#accountId}:app/{#AppIds} | 无 | 无 |
| apigateway:SetDomain | SetDomain | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:SetDomainCertificate | SetDomainCertificate | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:SetDomainWebSocketStatus | SetDomainWebSocketStatus | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:SetIpControlApis | SetIpControlApis | update | *全部资源 * | 无 | 无 |
| apigateway:SetSignatureApis | SetSignatureApis | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:SetTrafficControlApis | SetTrafficControlApis | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:SetVpcAccess | SetVpcAccess | update | *Vpc acs:apigateway:{#regionId}:{#accountId}:vpcaccess/* | 无 | 无 |
| apigateway:SetWildcardDomainPatterns | SetWildcardDomainPatterns | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:SwitchApi | SwitchApi | update | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:TagResources | TagResources | create | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#ResourceId}*App acs:apigateway:{#regionId}:{#accountId}:app/{#ResourceId} | 无 | 无 |
| apigateway:UntagResources | UntagResources | delete | *ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#ResourceId}*App acs:apigateway:{#regionId}:{#accountId}:app/{#ResourceId} | 无 | 无 |
| apigateway:UpdatePrivateDNS | UpdatePrivateDNS | update | *全部资源 * | 无 | 无 |
| apigateway:ValidateVpcConnectivity | ValidateVpcConnectivity | get | *全部资源 * | 无 | 无 |
资源(Resource)
下表是API 网关(CloudAPI)定义的资源,这些资源可以在RAM权限策略语句的Resource元素中使用,用来授予对该资源执行具体操作的权限。 其中,资源ARN是资源在阿里云上的唯一标识。具体说明如下:{#}为变量标识,需要您替换为实际值。例如:{#ramcode}需要您替换为实际的云服务RAM代码。-
*表示全部。例如:{#resourceType}为*时:表示全部资源。{#regionId}为*时:表示全部地域。{#accountId}为*时:表示全部阿里云账号。
| 资源类型 | 资源ARN |
|---|---|
| AccessControl |
|
| AccessControlList |
|
| ApiGroup |
|
| App |
|
| Backend |
|
| Dataset |
|
| Instance |
|
| IpControl |
|
| LogConfig |
|
| Plugin |
|
| Signature |
|
| TrafficControl |
|
| Vpc |
|
| VpcAccess |
|
条件(Condition)
API 网关(CloudAPI)未定义产品级别的条件关键字。如需查看适用于所有云产品的通用条件关键字,请参见通用条件关键字。