访问控制(RAM)是阿里云提供的管理用户身份与资源访问权限的服务。使用RAM可以让您避免与其他用户共享阿里云账号密钥,并可按需为用户授予最小权限。RAM中使用权限策略描述授权的具体内容。
本文为您介绍API 网关(ApiGateway)为RAM权限策略定义的操作(Action)、资源(Resource)和条件(Condition)。API 网关(ApiGateway)的RAM代码(RamCode)为apigateway,cloudapi,支持的授权粒度为RESOURCE。
权限策略通用结构
权限策略支持JSON格式,其通用结构如下:
{
"Version": "1",
"Statement": [
{
"Effect": "<Effect>",
"Action": "<Action>",
"Resource": "<Resource>",
"Condition": {
"<Condition_operator>": {
"<Condition_key>": [
"<Condition_value>"
]
}
}
}
]
}- Effect:权限策略效果。取值:Allow(允许)、Deny(拒绝)。
- Action:授予允许或拒绝权限的具体操作。具体信息,请参见操作(Action)。
- Resource:受操作影响的具体对象,您可以使用资源ARN来描述指定资源。具体信息,请参见资源(Resource)。
- Condition:指授权生效的条件。可选字段。具体信息,请参见条件(Condition)。
- Condition_operator:条件运算符,不同类型的条件对应不同的条件运算符。具体信息,请参见权限策略基本元素。
- Condition_key:条件关键字。
- Condition_value:条件关键字对应的值。
操作(Action)
下表是API 网关(ApiGateway)定义的操作,这些操作可以在RAM权限策略语句的Action元素中使用,用来授予执行该操作的权限。下面对表中的具体项提供说明:- 操作:是指具体的权限点。
- API:是指操作对应的API接口。
- 访问级别:是指每个操作的访问级别,取值为写入(Write)、读取(Read)或列出(List)。
- 资源类型:是指操作中支持授权的资源类型。具体说明如下:
- 对于必选的资源类型,用背景高亮的方式表示。
- 对于不支持资源级授权的操作,用
全部资源表示。
- 条件关键字:是指云产品自身定义的条件关键字。该列不体现适用于任何操作的通用条件关键字。
- 关联操作:是指成功执行操作所需要的其他权限。操作者必须同时具备关联操作的权限,操作才能成功。
| 操作 | API | 访问级别 | 资源类型 | 条件关键字 | 关联操作 |
|---|---|---|---|---|---|
| apigateway:DescribeBackendList | DescribeBackendList | get | Backend acs:apigateway:{#regionId}:{#accountId}:backend/* | 无 | 无 |
| apigateway:CreateInstance | CreateInstance | create | Instance acs:apigateway:{#regionId}:{#accountId}:instance/* | 无 | 无 |
| apigateway:DescribeBackendInfo | DescribeBackendInfo | get | 全部资源 * | 无 | 无 |
| apigateway:CreateMonitorGroup | CreateMonitorGroup | create | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:SetApisAuthorities | SetApisAuthorities | update | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DeleteApi | DeleteApi | delete | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:RemoveApisAuthorities | RemoveApisAuthorities | Write | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeAccessControlListAttribute | DescribeAccessControlListAttribute | get | 全部资源 * | 无 | 无 |
| apigateway:ModifyPlugin | ModifyPlugin | update | Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId} | 无 | 无 |
| apigateway:DescribeSummaryData | DescribeSummaryData | get | 全部资源 * | 无 | 无 |
| apigateway:SetSignatureApis | SetSignatureApis | update | 全部资源 * | 无 | 无 |
| apigateway:EnableInstanceAccessControl | EnableInstanceAccessControl | update | AccessControlList acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId} | 无 | 无 |
| apigateway:RemoveAppsAuthorities | RemoveAppsAuthorities | Write | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}App acs:apigateway:{#regionId}:{#accountId}:app/{#AppIds} | 无 | 无 |
| apigateway:ModifyVpcAccessAndUpdateApis | ModifyVpcAccessAndUpdateApis | update | 全部资源 * | 无 | 无 |
| apigateway:DescribeUpdateBackendTask | DescribeUpdateBackendTask | get | 全部资源 * | 无 | 无 |
| apigateway:DetachPlugin | DetachPlugin | update | Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId} | 无 | 无 |
| apigateway:DescribeTrafficControlsByApi | DescribeTrafficControlsByApi | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:SetTrafficControlApis | SetTrafficControlApis | update | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeInstances | DescribeInstances | get | 全部资源 * | 无 | 无 |
| apigateway:SdkGenerateByAppForRegion | SdkGenerateByAppForRegion | get | App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:TagResources | TagResources | Write | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#ResourceId}App acs:apigateway:{#regionId}:{#accountId}:app/{#ResourceId} | 无 | 无 |
| apigateway:ModifyIpControlPolicyItem | ModifyIpControlPolicyItem | update | IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId} | 无 | 无 |
| apigateway:ReactivateDomain | ReactivateDomain | Write | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:ModifyIpControl | ModifyIpControl | update | 全部资源 * | 无 | 无 |
| apigateway:DescribeDatasetItemInfo | DescribeDatasetItemInfo | get | Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId} | 无 | 无 |
| apigateway:RemoveTrafficControlApis | RemoveTrafficControlApis | Write | 全部资源 * | 无 | 无 |
| apigateway:ModifyTrafficControl | ModifyTrafficControl | update | TrafficControl acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/{#TrafficControlId} | 无 | 无 |
| apigateway:SetWildcardDomainPatterns | SetWildcardDomainPatterns | update | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:CreateTrafficControl | CreateTrafficControl | create | TrafficControl acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/* | 无 | 无 |
| apigateway:CreateLogConfig | CreateLogConfig | create | 全部资源 * | 无 | 无 |
| apigateway:DescribeDeployedApis | DescribeDeployedApis | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DeleteApp | DeleteApp | delete | App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:DeleteAppCode | DeleteAppCode | App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 | |
| apigateway:DescribeApp | DescribeApp | get | App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:RemoveAccessControlListEntry | RemoveAccessControlListEntry | update | AccessControlList acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId} | 无 | 无 |
| apigateway:DeleteIpControl | DeleteIpControl | delete | IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId} | 无 | 无 |
| apigateway:DescribeAppSecurity | DescribeAppSecurity | get | App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:DescribeApisByBackend | DescribeApisByBackend | get | Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId} | 无 | 无 |
| apigateway:SetDomainCertificate | SetDomainCertificate | update | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeAppSecurities | DescribeAppSecurities | get | App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:RemoveIpControlApis | RemoveIpControlApis | Write | 全部资源 * | 无 | 无 |
| apigateway:DeleteDomainCertificate | DeleteDomainCertificate | delete | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DeleteAccessControlList | DeleteAccessControlList | delete | 全部资源 * | 无 | 无 |
| apigateway:ValidateVpcConnectivity | ValidateVpcConnectivity | get | 全部资源 * | 无 | 无 |
| apigateway:CreateAppKey | CreateAppKey | App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 | |
| apigateway:SetDomainWebSocketStatus | SetDomainWebSocketStatus | update | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApiIpControls | DescribeApiIpControls | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:ModifyDataset | ModifyDataset | update | Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId} | 无 | 无 |
| apigateway:ModifyDatasetItem | ModifyDatasetItem | update | Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId} | 无 | 无 |
| apigateway:ResetAppCode | ResetAppCode | Write | 全部资源 * | 无 | 无 |
| apigateway:SetAppsAuthorities | SetAppsAuthorities | update | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}App acs:apigateway:{#regionId}:{#accountId}:app/{#AppIds} | 无 | 无 |
| apigateway:ModifyApiGroupVpcWhitelist | ModifyApiGroupVpcWhitelist | update | 全部资源 * | 无 | 无 |
| apigateway:ModifyApiConfiguration | ModifyApiConfiguration | update | 全部资源 * | 无 | 无 |
| apigateway:DeleteApiStageVariable | DeleteApiStageVariable | delete | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeInstancePackets | DescribeInstancePackets | get | Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:ModifyBackend | ModifyBackend | update | Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId} | 无 | 无 |
| apigateway:AddIpControlPolicyItem | AddIpControlPolicyItem | create | IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId} | 无 | 无 |
| apigateway:DescribeIpControls | DescribeIpControls | get | IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/* | 无 | 无 |
| apigateway:DescribeApiTrafficControls | DescribeApiTrafficControls | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:AttachPlugin | AttachPlugin | update | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId}Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId} | 无 | 无 |
| apigateway:DescribeHistoryApis | DescribeHistoryApis | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeInstanceHttpCode | DescribeInstanceHttpCode | get | Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:DescribeApiDoc | DescribeApiDoc | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribePlugins | DescribePlugins | get | Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/* | 无 | 无 |
| apigateway:SetVpcAccess | SetVpcAccess | update | Vpc acs:apigateway:{#regionId}:{#accountId}:vpcaccess/* | 无 | 无 |
| apigateway:DescribeApisByApp | DescribeApisByApp | get | App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:DisableInstanceAccessControl | DisableInstanceAccessControl | update | AccessControlList acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId} | 无 | 无 |
| apigateway:DescribeApisByIpControl | DescribeApisByIpControl | get | 全部资源 * | 无 | 无 |
| apigateway:ModifyApiGroupInstance | ModifyApiGroupInstance | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 | |
| apigateway:DescribePluginSchemas | DescribePluginSchemas | get | 全部资源 * | 无 | 无 |
| apigateway:DescribeAppAttributes | DescribeAppAttributes | get | App acs:apigateway:{#regionId}:{#accountId}:app/* | 无 | 无 |
| apigateway:CreateAccessControlList | CreateAccessControlList | create | 全部资源 * | 无 | 无 |
| apigateway:DeleteMonitorGroup | DeleteMonitorGroup | delete | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:RemoveVpcAccess | RemoveVpcAccess | delete | 全部资源 * | 无 | 无 |
| apigateway:DescribeVpcAccesses | DescribeVpcAccesses | get | 全部资源 * | 无 | 无 |
| apigateway:CreateApi | CreateApi | create | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DeleteDomain | DeleteDomain | delete | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeAccessControlLists | DescribeAccessControlLists | get | 全部资源 * | 无 | 无 |
| apigateway:ModifyApiGroup | ModifyApiGroup | update | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:RemoveIpControlPolicyItem | RemoveIpControlPolicyItem | Write | IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId} | 无 | 无 |
| apigateway:CreateBackendModel | CreateBackendModel | create | Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId} | 无 | 无 |
| apigateway:DescribeApiMarketAttributes | DescribeApiMarketAttributes | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DeleteTrafficControl | DeleteTrafficControl | delete | TrafficControl acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/{#TrafficControlId} | 无 | 无 |
| apigateway:DeleteBackend | DeleteBackend | delete | Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId} | 无 | 无 |
| apigateway:CreateApiStageVariable | CreateApiStageVariable | create | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:RemoveSignatureApis | RemoveSignatureApis | Write | 全部资源 * | 无 | 无 |
| apigateway:DescribePluginsByApi | DescribePluginsByApi | get | 全部资源 * | 无 | 无 |
| apigateway:DeleteDataset | DeleteDataset | delete | Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId} | 无 | 无 |
| apigateway:DescribeApps | DescribeApps | get | App acs:apigateway:{#regionId}:{#accountId}:app/* | 无 | 无 |
| apigateway:DescribeSystemParameters | DescribeSystemParameters | get | 全部资源 * | 无 | 无 |
| apigateway:DeleteSignature | DeleteSignature | delete | 全部资源 * | 无 | 无 |
| apigateway:ImportSwagger | ImportSwagger | create | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DeleteTrafficSpecialControl | DeleteTrafficSpecialControl | delete | 全部资源 * | 无 | 无 |
| apigateway:DescribeInstanceTraffic | DescribeInstanceTraffic | get | Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:DryRunSwagger | DryRunSwagger | Write | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeGroupLatency | DescribeGroupLatency | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApiHistory | DescribeApiHistory | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeGroupTraffic | DescribeGroupTraffic | 全部资源 * | 无 | 无 | |
| apigateway:DescribeApisByVpcAccess | DescribeApisByVpcAccess | list | 全部资源 * | 无 | 无 |
| apigateway:CreateModel | CreateModel | create | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribePurchasedApis | DescribePurchasedApis | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DeleteLogConfig | DeleteLogConfig | delete | LogConfig acs:apigateway:{#regionId}:{#accountId}:logconfig/{#LogType} | 无 | 无 |
| apigateway:DescribeApiHistories | DescribeApiHistories | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeDomain | DescribeDomain | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:SetIpControlApis | SetIpControlApis | update | 全部资源 * | 无 | 无 |
| apigateway:DescribePurchasedApiGroup | DescribePurchasedApiGroup | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeDatasetItemList | DescribeDatasetItemList | get | Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId} | 无 | 无 |
| apigateway:DeleteAppKey | DeleteAppKey | App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 | |
| apigateway:DescribeAuthorizedApps | DescribeAuthorizedApps | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:BatchDeployApis | BatchDeployApis | Write | 全部资源 * | 无 | 无 |
| apigateway:SetAccessControlListAttribute | SetAccessControlListAttribute | update | AccessControlList acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId} | 无 | 无 |
| apigateway:SetDomain | SetDomain | update | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeInstanceDropConnections | DescribeInstanceDropConnections | get | Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:CreateIpControl | CreateIpControl | create | IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/* | 无 | 无 |
| apigateway:ModifyModel | ModifyModel | update | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApiQpsData | DescribeApiQpsData | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApisWithStageNameIntegratedByApp | DescribeApisWithStageNameIntegratedByApp | get | 全部资源 * | 无 | 无 |
| apigateway:DeleteBackendModel | DeleteBackendModel | delete | Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId} | 无 | 无 |
| apigateway:DescribeInstanceDropPacket | DescribeInstanceDropPacket | get | Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:ModifyInstanceSpec | ModifyInstanceSpec | update | 全部资源 * | 无 | 无 |
| apigateway:DescribeInstanceNewConnections | DescribeInstanceNewConnections | get | Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:ModifyApiGroupNetworkPolicy | ModifyApiGroupNetworkPolicy | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 | |
| apigateway:ImportOAS | ImportOAS | create | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApis | DescribeApis | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:ModifySignature | ModifySignature | update | 全部资源 * | 无 | 无 |
| apigateway:DescribeDeployedApi | DescribeDeployedApi | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:ModifyApp | ModifyApp | update | App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:DeleteModel | DeleteModel | delete | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:ModifyIntranetDomainPolicy | ModifyIntranetDomainPolicy | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 | |
| apigateway:DescribeInstanceLatency | DescribeInstanceLatency | get | Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:AbolishApi | AbolishApi | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 | |
| apigateway:DescribeGroupQps | DescribeGroupQps | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:CreateApp | CreateApp | create | App acs:apigateway:{#regionId}:{#accountId}:app/* | 无 | 无 |
| apigateway:DescribeApisByTrafficControl | DescribeApisByTrafficControl | get | 全部资源 * | 无 | 无 |
| apigateway:DescribeDeployApiTask | DescribeDeployApiTask | get | 全部资源 * | 无 | 无 |
| apigateway:DescribeApiLatencyData | DescribeApiLatencyData | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:AddAccessControlListEntry | AddAccessControlListEntry | update | AccessControlList acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId} | 无 | 无 |
| apigateway:CreateSignature | CreateSignature | create | 全部资源 * | 无 | 无 |
| apigateway:ExportOAS | ExportOAS | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:CreateBackend | CreateBackend | create | 全部资源 * | 无 | 无 |
| apigateway:DescribeUpdateVpcInfoTask | DescribeUpdateVpcInfoTask | get | 全部资源 * | 无 | 无 |
| apigateway:DescribeMarketRemainsQuota | DescribeMarketRemainsQuota | get | 全部资源 * | 无 | 无 |
| apigateway:UntagResources | UntagResources | Write | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#ResourceId}App acs:apigateway:{#regionId}:{#accountId}:app/{#ResourceId} | 无 | 无 |
| apigateway:QueryRequestLogs | QueryRequestLogs | get | 全部资源 * | 无 | 无 |
| apigateway:DeleteAllTrafficSpecialControl | DeleteAllTrafficSpecialControl | delete | 全部资源 * | 无 | 无 |
| apigateway:DescribePurchasedApiGroups | DescribePurchasedApiGroups | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/* | 无 | 无 |
| apigateway:DescribeApi | DescribeApi | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeSignaturesByApi | DescribeSignaturesByApi | get | 全部资源 * | 无 | 无 |
| apigateway:ModifyApi | ModifyApi | update | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:ModifyLogConfig | ModifyLogConfig | update | 全部资源 * | 无 | 无 |
| apigateway:OpenApiGatewayService | OpenApiGatewayService | 全部资源 * | 无 | 无 | |
| apigateway:DescribePluginTemplates | DescribePluginTemplates | get | 全部资源 * | 无 | 无 |
| apigateway:DeleteApiGroup | DeleteApiGroup | delete | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeInstanceQps | DescribeInstanceQps | get | Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:CreateAppCode | CreateAppCode | App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 | |
| apigateway:DeleteInstance | DeleteInstance | delete | Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:DescribeIpControlPolicyItems | DescribeIpControlPolicyItems | get | IpControl acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId} | 无 | 无 |
| apigateway:DescribeApisBySignature | DescribeApisBySignature | get | 全部资源 * | 无 | 无 |
| apigateway:DescribeLogConfig | DescribeLogConfig | get | LogConfig acs:apigateway:{#regionId}:{#accountId}:logconfig/{#LogType} | 无 | 无 |
| apigateway:DescribeApiGroups | DescribeApiGroups | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/* | 无 | 无 |
| apigateway:DescribeSignatures | DescribeSignatures | get | Signature acs:apigateway:{#regionId}:{#accountId}:secretkey/* | 无 | 无 |
| apigateway:DeployApi | DeployApi | Write | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:BatchAbolishApis | BatchAbolishApis | Write | 全部资源 * | 无 | 无 |
| apigateway:DescribeApiTrafficData | DescribeApiTrafficData | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:CreateApiGroup | CreateApiGroup | create | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/* | 无 | 无 |
| apigateway:DescribeApiGroupVpcWhitelist | DescribeApiGroupVpcWhitelist | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeDatasetList | DescribeDatasetList | get | Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/* | 无 | 无 |
| apigateway:ResetAppSecret | ResetAppSecret | Write | 全部资源 * | 无 | 无 |
| apigateway:DeletePlugin | DeletePlugin | delete | Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId} | 无 | 无 |
| apigateway:ModifyBackendModel | ModifyBackendModel | update | Backend acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId} | 无 | 无 |
| apigateway:ModifyInstanceAttribute | ModifyInstanceAttribute | update | Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:DeleteDatasetItem | DeleteDatasetItem | delete | Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId} | 无 | 无 |
| apigateway:DescribeImportOASTask | DescribeImportOASTask | get | 全部资源 * | 无 | 无 |
| apigateway:ListTagResources | ListTagResources | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#ResourceId} | 无 | 无 |
| apigateway:DescribeAbolishApiTask | DescribeAbolishApiTask | get | 全部资源 * | 无 | 无 |
| apigateway:DescribeDatasetInfo | DescribeDatasetInfo | get | 全部资源 * | 无 | 无 |
| apigateway:CreateDataset | CreateDataset | create | Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/* | 无 | 无 |
| apigateway:DescribeApiSignatures | DescribeApiSignatures | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribePluginApis | DescribePluginApis | get | Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId} | 无 | 无 |
| apigateway:CreateDatasetItem | CreateDatasetItem | create | Dataset acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId} | 无 | 无 |
| apigateway:DescribeTrafficControls | DescribeTrafficControls | get | TrafficControl acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/{#TrafficControlId} | 无 | 无 |
| apigateway:RemoveVpcAccessAndAbolishApis | RemoveVpcAccessAndAbolishApis | delete | 全部资源 * | 无 | 无 |
| apigateway:DescribeInstanceClusterList | DescribeInstanceClusterList | list | 全部资源 * | 无 | 无 |
| apigateway:DescribeInstanceSlbConnect | DescribeInstanceSlbConnect | get | Instance acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| apigateway:AddTrafficSpecialControl | AddTrafficSpecialControl | create | TrafficControl acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/{#TrafficControlId} | 无 | 无 |
| apigateway:DescribeAuthorizedApis | DescribeAuthorizedApis | get | App acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} | 无 | 无 |
| apigateway:SdkGenerateByGroup | SdkGenerateByGroup | create | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:SdkGenerateByApp | SdkGenerateByApp | create | 全部资源 * | 无 | 无 |
| apigateway:DescribeModels | DescribeModels | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeInstanceClusterInfo | DescribeInstanceClusterInfo | get | 全部资源 * | 无 | 无 |
| apigateway:SwitchApi | SwitchApi | update | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:DescribeApiGroup | DescribeApiGroup | get | ApiGroup acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} | 无 | 无 |
| apigateway:CreatePlugin | CreatePlugin | create | Plugin acs:apigateway:{#regionId}:{#accountId}:plugin/* | 无 | 无 |
资源(Resource)
下表是API 网关(ApiGateway)定义的资源,这些资源可以在RAM权限策略语句的Resource元素中使用,用来授予对该资源执行具体操作的权限。 其中,资源ARN是资源在阿里云上的唯一标识。具体说明如下:{#}为变量标识,需要您替换为实际值。例如:{#ramcode}需要您替换为实际的云服务RAM代码。-
*表示全部。例如:{#resourceType}为*时:表示全部资源。{#regionId}为*时:表示全部地域。{#accountId}为*时:表示全部阿里云账号。
| 资源类型 | 资源ARN |
|---|---|
| ApiGroup | acs:apigateway:{#regionId}:{#accountId}:apigroup/{#GroupId} |
| Backend | acs:apigateway:{#regionId}:{#accountId}:backend/* |
| Instance | acs:apigateway:{#regionId}:{#accountId}:instance/* |
| Instance | acs:apigateway:{#regionId}:{#accountId}:instance/{#InstanceId} |
| AccessControlList | acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/{#AclId} |
| AccessControl | acs:apigateway:{#regionId}:{#accountId}:accesscontrol/{#AclId} |
| Plugin | acs:apigateway:{#regionId}:{#accountId}:plugin/{#PluginId} |
| ApiGroup | acs:apigateway:{#regionId}:{#accountId}:apigroup/* |
| App | acs:apigateway:{#regionId}:{#accountId}:app/{#AppIds} |
| Vpc | acs:apigateway:{#regionId}:{#accountId}:vpcaccess/* |
| App | acs:apigateway:{#regionId}:{#accountId}:app/{#AppId} |
| ApiGroup | acs:apigateway:{#regionId}:{#accountId}:apigroup/{#ResourceId} |
| App | acs:apigateway:{#regionId}:{#accountId}:app/{#ResourceId} |
| IpControl | acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#IpControlId} |
| Dataset | acs:apigateway:{#regionId}:{#accountId}:dataset/{#DatasetId} |
| TrafficControl | acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/{#TrafficControlId} |
| TrafficControl | acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/* |
| LogConfig | acs:apigateway:{#regionId}:{#accountId}:logconfig/* |
| ApiGroup | acs:apigateway:{#regionId}:{#accountId}:apiproduct/{#ApiProductId} |
| Instance | acs:apigateway:{#Region}:{#accountId}:instance/* |
| ApiGroup | acs:apigateway::{#accountId}:apigroup/* |
| Backend | acs:apigateway:{#regionId}:{#accountId}:backend/{#BackendId} |
| AccessControl | acs:cloudapi:{#regionId}:{#accountId}:accesscontrol/{#AclId} |
| Vpc | acs:apigateway:{#regionId}:{#accountId}:vpcaccess/{#VpcAccessId} |
| App | acs:apigateway:{#regionId}:{#accountId}:app/* |
| IpControl | acs:apigateway:{#regionId}:{#accountId}:ipcontrol/* |
| Plugin | acs:apigateway:{#regionId}:{#accountId}:plugin/* |
| AccessControlList | acs:apigateway:{#regionId}:{#accountId}:accesscontrollist/* |
| AccessControl | acs:apigateway:{#regionId}:{#accountId}:accesscontrol/* |
| IpControl | acs:apigateway:{#regionId}:{#accountId}:ipcontrol/{#RuleId} |
| TrafficControl | acs:apigateway:{#regionId}:{#accountId}:trafficcontrol/{#RuleId} |
| Signature | acs:apigateway:{#regionId}:{#accountId}:signature/{#SignatureId} |
| VpcAccess | acs:apigateway:{#regionId}:{#accountId}:vpcaccess/{#VpcAccessId} |
| LogConfig | acs:apigateway:{#regionId}:{#accountId}:logconfig/{#LogType} |
| VpcAccess | acs:apigateway:{#regionId}:{#accountId}:vpcaccess/* |
| ApiGroup | acs:apigateway:{#regionId}:{#accountId}:apigroup/{#SourceGroupId} |
| Signature | acs:apigateway:{#regionId}:{#accountId}:signature/* |
| ApiGroup | acs:apigateway:{#Region}:{#accountId}:apigroup/{#SourceGroupId} |
| ApiGroup | acs:apigateway:{#regionId}:{#accountId}:apigroup/{#TargetGroupId} |
| Signature | acs:apigateway:{#regionId}:{#accountId}:secretkey/* |
| Dataset | acs:apigateway:{#regionId}:{#accountId}:dataset/* |
条件(Condition)
API 网关(ApiGateway)未定义产品级别的条件关键字。如需查看适用于所有云产品的通用条件关键字,请参见通用条件关键字。