RAM授权策略的操作资源条件参考-专有网络VPC-阿里云-专有网络VPC(VPC)-阿里云帮助中心

访问控制（RAM）是阿里云提供的管理用户身份与资源访问权限的服务。使用 RAM 可以让您避免与其他用户共享阿里云账号密钥，并可按需为用户授予最小权限。RAM 中使用权限策略描述授权的具体内容。

本文为您介绍 专有网络VPC 为 RAM 权限策略定义的操作（Action）、资源（Resource）和条件（Condition）。 专有网络VPC 的 RAM 代码（RamCode）为 vpc ，支持的授权粒度为 资源级 。

权限策略通用结构

权限策略支持 JSON 格式，其通用结构如下：

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}

各字段含义如下：

Effect：权限策略效果。取值：Allow（允许）、Deny（拒绝）。
Action：授予允许或拒绝权限的具体操作。具体信息，请参见操作（Action）。
Resource：受操作影响的具体对象，您可以使用资源 ARN 来描述指定资源。具体信息，请参见资源（Resource）。
Condition：指授权生效的条件。可选字段。具体信息，请参见条件（Condition）。
- Condition_operator：条件运算符，不同类型的条件对应不同的条件运算符。具体信息，请参见权限策略基本元素。
- Condition_key：条件关键字。
- Condition_value：条件关键字对应的值。

操作（Action）

下表是专有网络VPC定义的操作，这些操作可以在 RAM 权限策略语句的Action元素中使用，用来授予执行该操作的权限。下面对表中的具体项提供说明：

操作：是指具体的权限点。
API：是指操作对应的 API 接口。
访问级别：是指每个操作的访问级别，取值为写入（Write）、读取（Read）或列出（List）。
资源类型：是指操作中支持授权的资源类型。具体说明如下：
- 对于必选的资源类型，用前面加 * 表示。
- 对于不支持资源级授权的操作，用全部资源表示。
条件关键字：是指云产品自身定义的条件关键字。该列不体现适用于任何操作的通用条件关键字。
关联操作：是指成功执行操作所需要的其他权限。操作者必须同时具备关联操作的权限，操作才能成功。

操作	API	访问级别	资源类型	条件关键字	关联操作
vpc:DescribeFlowLogs	DescribeFlowLogs	get	FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/`	无	无
vpc:OpenFlowLogService	OpenFlowLogService	create	FlowLogService `acs:vpc:{#regionId}:{#accountId}:flowlog/`	无	无
vpc:ChangeResourceGroup	ChangeResourceGroup	update	全部资源 ``	无	无
vpc:AllocateVpcIpv6Cidr	AllocateVpcIpv6Cidr	none	全部资源 ``	无	无
vpc:ModifyIpv6GatewayAttribute	ModifyIpv6GatewayAttribute	update	*Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	无	无
vpc:CreateVpc	CreateVpc	create	VPC `acs:vpc:{#regionId}:{#accountId}:vpc/`	无	无
vpc:DescribeIpv6Gateways	DescribeIpv6Gateways	get	Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/*` Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	无	无
vpc:ModifyNetworkAclAttributes	ModifyNetworkAclAttributes	update	*NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}`	无	无
vpc:DescribeRouterInterfaces	DescribeRouterInterfaces	list	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	无	无
vpc:DescribeVpcAttribute	DescribeVpcAttribute	get	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	vpc:tag	无
vpc:GetFlowLogServiceStatus	GetFlowLogServiceStatus	get	FlowLogService `acs:vpc:{#regionId}:{#accountId}:flowlog/`	无	无
vpc:ListTagResourcesForExpressConnect	ListTagResourcesForExpressConnect	list	全部资源 ``	无	无
vpc:ModifyRouteEntry	ModifyRouteEntry	update	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	无	无
vpc:UnassociateRouteTable	UnassociateRouteTable	update	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	无	无
vpc:ModifyRouteTableAttributes	ModifyRouteTableAttributes	update	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	vpc:VRouter	无
vpc:DeleteRouterInterface	DeleteRouterInterface	delete	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	无	无
vpc:CreateTrafficMirrorFilter	CreateTrafficMirrorFilter	create	TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/`	无	无
vpc:ActiveFlowLog	ActiveFlowLog	update	*FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}`	无	无
vpc:DescribeIpv6EgressOnlyRules	DescribeIpv6EgressOnlyRules	get	*Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	无	无
vpc:DeactiveFlowLog	DeactiveFlowLog	update	*FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}`	无	无
vpc:CreateDefaultVSwitch	CreateDefaultVSwitch	create	VSwitch `acs:vpc:{#regionid}:{#accountId}:vswitch/`	无	无
vpc:AssociateRouteTablesWithVpcGatewayEndpoint	AssociateRouteTablesWithVpcGatewayEndpoint	create	*GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	无	无
vpc:RevokeInstanceFromCen	RevokeInstanceFromCen	update	*VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}`	无	无
vpc:ListVpcPublishedRouteEntries	ListVpcPublishedRouteEntries	list	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	无	无
vpc:DissociateRouteTablesFromVpcGatewayEndpoint	DissociateRouteTablesFromVpcGatewayEndpoint	delete	*GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	无	无
vpc:UpdateRouteTargetGroup	UpdateRouteTargetGroup	update	*RouteTargetGroup `acs:vpc:{#regionId}:{#accountId}:routetargetgroup/{#RouteTargetGroupId}`	无	无
vpc:DeletionProtection	DeletionProtection	delete	*Address `acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}`	无	无
vpc:GetVpcPrefixListEntries	GetVpcPrefixListEntries	get	*PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}`	无	无
vpc:ListPrefixLists	ListPrefixLists	list	PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/*`	无	无
vpc:ListVpcEndpointServicesByEndUser	ListVpcEndpointServicesByEndUser	list	全部资源 ``	无	无
vpc:TagResourcesForExpressConnect	TagResourcesForExpressConnect	update	PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}` VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}` RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}` TrafficQos `acs:vpc:{#regionId}:{#accountId}:trafficqos/{#QosId}`	无	无
vpc:AssociateHaVip	AssociateHaVip	create	Instance `acs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId}` HaVip `acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}`	无	无
vpc:CreateVpcGatewayEndpoint	CreateVpcGatewayEndpoint	create	GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/`	无	无
vpc:GetVpcRouteEntrySummary	GetVpcRouteEntrySummary	list	RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#routetableId}` *VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId}`	无	无
vpc:ConnectRouterInterface	ConnectRouterInterface	update	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	无	无
vpc:CreateTrafficMirrorSession	CreateTrafficMirrorSession	create	TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/` *TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	无	无
vpc:DeleteRouteTargetGroup	DeleteRouteTargetGroup	delete	全部资源 ``	无	无
vpc:CopyNetworkAclEntries	CopyNetworkAclEntries	update	*NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}`	无	无
vpc:DeleteTrafficMirrorFilterRules	DeleteTrafficMirrorFilterRules	delete	*TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	无	无
vpc:DeleteVpcGatewayEndpoint	DeleteVpcGatewayEndpoint	delete	*GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	无	无
vpc:CreateTrafficMirrorFilterRules	CreateTrafficMirrorFilterRules	create	*TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	无	无
vpc:DeleteHaVip	DeleteHaVip	delete	*HaVip `acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}`	无	无
vpc:ListVpcGatewayEndpoints	ListVpcGatewayEndpoints	list	GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/*` GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	无	无
vpc:CreateNetworkAcl	CreateNetworkAcl	create	NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/` *VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	无	无
vpc:ListTagResources	ListTagResources	get	BandwidthPackage `acs:vpc:{#regionId}:{#accountId}:combandwidthpackage/{#BandwidthPackageId}` Address `acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}` NatGateway `acs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId}` RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTable}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}` VpnGateway `acs:vpc:{#regionId}:{#accountId}:vpngateway/{#VpnGatewayId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	vpc:tag	无
vpc:MoveResourceGroup	MoveResourceGroup	update	BandwidthPackage `acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}` Eip `acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}` PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}` GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}` DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}` FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}` HaVip `acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}` Ipv4Gateway `acs:vpc:{#regionId}:{#accountId}:ipv4gateway/{#Ipv4GatewayId}` Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}` PublicIpAddressPool `acs:vpc:{#regionId}:{#accountId}:publicipaddresspool/{#PublicIpAddressPoolId}` TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}` TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}`	无	无
vpc:DeleteRouteEntry	DeleteRouteEntry	delete	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	无	无
vpc:TagResources	TagResources	update	BandwidthPackage `acs:vpc:{#regionId}:{#accountId}:combandwidthpackage/{#BandwidthPackageId}` Address `acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}` NatGateway `acs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId}` RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}` VpnGateway `acs:vpc:{#regionId}:{#accountId}:vpngateway/{#VpnGatewayId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	vpc:tag	无
vpc:RemoveSourcesFromTrafficMirrorSession	RemoveSourcesFromTrafficMirrorSession	update	*TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}`	无	无
vpc:OpenTrafficMirrorService	OpenTrafficMirrorService	create	全部资源 ``	无	无
vpc:UnassociateVpcCidrBlock	UnassociateVpcCidrBlock	delete	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	无	无
vpc:ListGatewayRouteTableEntries	ListGatewayRouteTableEntries	list	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#routetableId}`	无	无
vpc:DescribeEcGrantRelation	DescribeEcGrantRelation	list	*VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}`	无	无
vpc:DeleteNetworkAcl	DeleteNetworkAcl	delete	*NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}`	无	无
vpc:ModifyVpcPrefixList	ModifyVpcPrefixList	update	*PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}`	无	无
vpc:UpdateDhcpOptionsSetAttribute	UpdateDhcpOptionsSetAttribute	update	*DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}`	无	无
vpc:DescribeIpv6Addresses	DescribeIpv6Addresses	list	Ipv6InternetBandwidth `acs:vpc:{#regionId}:{#accountId}:vpc/`	无	无
vpc:DeleteIpv6Gateway	DeleteIpv6Gateway	delete	*Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	无	无
vpc:AllocateIpv6Address	AllocateIpv6Address	create	Ipv6Address `acs:vpc:{#regionId}:{#accountId}:ipv6address/`	无	无
vpc:DescribeVSwitchAttributes	DescribeVSwitchAttributes	get	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	无	无
vpc:UntagResourcesForExpressConnect	UntagResourcesForExpressConnect	update	PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}` VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}` RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}` TrafficQos `acs:vpc:{#regionId}:{#accountId}:trafficqos/{#QosId}`	无	无
vpc:DescribeVSwitches	DescribeVSwitches	list	VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/`	vpc:VPC	无
vpc:GetVpcPrefixListAssociations	GetVpcPrefixListAssociations	get	*PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}`	无	无
vpc:GetRouteTargetGroup	GetRouteTargetGroup	get	*RouteTargetGroup `acs:vpc:{#regionId}:{#accountId}:routetargetgroup/{#RouteTargetGroupId}`	无	无
vpc:ListTrafficMirrorFilters	ListTrafficMirrorFilters	list	TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/`	无	无
vpc:CreateDefaultVpc	CreateDefaultVpc	create	VPC `acs:vpc:{#regionId}:{#accountId}:vpc/`	无	无
vpc:UpdateGatewayRouteTableEntryAttribute	UpdateGatewayRouteTableEntryAttribute	update	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	无	无
vpc:DescribeNetworkAcls	DescribeNetworkAcls	list	NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/`	无	无
vpc:DeactivateRouterInterface	DeactivateRouterInterface	update	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	无	无
vpc:UpdateNetworkAclEntries	UpdateNetworkAclEntries	update	*NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}`	无	无
vpc:UpdateVpcGatewayEndpointAttribute	UpdateVpcGatewayEndpointAttribute	update	*GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	无	无
vpc:ListTrafficMirrorSessions	ListTrafficMirrorSessions	list	TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/`	无	无
vpc:DisableVpcClassicLink	DisableVpcClassicLink	update	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	无	无
vpc:GrantInstanceToVbr	GrantInstanceToVbr	update	*VPC `acs:vpc:{#regionId}:{#AccountId}:vpc/{#VpcId}`	无	无
vpc:AllocateIpv6InternetBandwidth	AllocateIpv6InternetBandwidth	create	Ipv6InternetBandwidth `acs:vpc:{#regionId}:{#accountId}:ipv6bandwidth/`	无	无
vpc:AssociateVpcCidrBlock	AssociateVpcCidrBlock	create	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	无	无
vpc:CreateVpcPrefixList	CreateVpcPrefixList	create	PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/`	无	无
vpc:DescribeTagKeysForExpressConnect	DescribeTagKeysForExpressConnect	list	全部资源 ``	无	无
vpc:ModifyIpv6InternetBandwidth	ModifyIpv6InternetBandwidth	update	*Ipv6InternetBandwidth `acs:vpc:{#regionId}:{#accountId}:ipv6bandwidth/{#Ipv6InternetBandwidthId}`	无	无
vpc:DeleteRouteTable	DeleteRouteTable	delete	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	无	无
vpc:AssociateRouteTableWithGateway	AssociateRouteTableWithGateway	create	Ipv4Gateway `acs:vpc:{#regionId}:{#accountId}:ipv4gateway/{#ipv4gatewayId}` RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#routetableId}`	无	无
vpc:WithdrawVpcPublishedRouteEntries	WithdrawVpcPublishedRouteEntries	update	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	无	无
vpc:DeleteTrafficMirrorFilter	DeleteTrafficMirrorFilter	delete	*TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	无	无
vpc:DescribeVRouters	DescribeVRouters	list	VRouter `acs:vpc:{#regionId}:{#accountId}:vrouter/`	vpc:VPC	无
vpc:DescribeGrantRulesToCen	DescribeGrantRulesToCen	get	VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#InstanceId}` GrantRuleToCen `acs:vpc:{#regionId}:{#accountId}:vpc/{#InstanceId}`	无	无
vpc:DescribeHaVips	DescribeHaVips	get	HaVip `acs:vpc:{#regionId}:{#accountId}:havip/`	无	无
vpc:DescribeIpv6GatewayAttribute	DescribeIpv6GatewayAttribute	get	*Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	无	无
vpc:AddSourcesToTrafficMirrorSession	AddSourcesToTrafficMirrorSession	update	*TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}`	无	无
vpc:GetDhcpOptionsSet	GetDhcpOptionsSet	get	*DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}`	无	无
vpc:GetTrafficMirrorServiceStatus	GetTrafficMirrorServiceStatus	get	全部资源 ``	无	无
vpc:CreateRouteEntry	CreateRouteEntry	create	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	无	无
vpc:CreateRouteTargetGroup	CreateRouteTargetGroup	create	RouteTargetGroup `acs:vpc:{#regionId}:{#accountId}:routetargetgroup/`	无	无
vpc:DeleteFlowLog	DeleteFlowLog	delete	*FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}`	无	无
vpc:AssociateNetworkAcl	AssociateNetworkAcl	update	NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	无	无
vpc:ListDhcpOptionsSets	ListDhcpOptionsSets	get	DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/*` DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}`	无	无
vpc:CreateDhcpOptionsSet	CreateDhcpOptionsSet	create	DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/`	无	无
vpc:ListVSwitchCidrReservations	ListVSwitchCidrReservations	list	VSwitchCidrReservation `acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/`	无	无
vpc:CreateFlowLog	CreateFlowLog	create	VSwitch `acs:vpc:{#regionid}:{#accountId}:vswitch/{#VSwitchId}` FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	无	无
vpc:CreateHaVip	CreateHaVip	create	HaVip `acs:vpc:{#regionId}:{#accountId}:havip/` *VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	无	无
vpc:DeleteTrafficMirrorSession	DeleteTrafficMirrorSession	delete	*TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}`	无	无
vpc:UnassociateNetworkAcl	UnassociateNetworkAcl	update	NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	无	无
vpc:RetryVpcPrefixListAssociation	RetryVpcPrefixListAssociation	update	*PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}`	无	无
vpc:ModifyVSwitchCidrReservationAttribute	ModifyVSwitchCidrReservationAttribute	update	*VSwitchCidrReservation `acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/{#VSwitchCidrReservationId}`	无	无
vpc:CheckCanAllocateVpcPrivateIpAddress	CheckCanAllocateVpcPrivateIpAddress	none	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	无	无
vpc:ModifyFlowLogAttribute	ModifyFlowLogAttribute	update	*FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}`	无	无
vpc:UpdateTrafficMirrorSessionAttribute	UpdateTrafficMirrorSessionAttribute	update	*TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}` TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	无	无
vpc:DeleteRouteEntries	DeleteRouteEntries	delete	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#routetableId}`	无	无
vpc:ModifyRouterInterfaceAttribute	ModifyRouterInterfaceAttribute	update	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	vpc:TargetAccountRDId	无
vpc:RevokeInstanceFromVbr	RevokeInstanceFromVbr	update	*VPC `acs:vpc:{#regionId}:{#AccountId}:vpc/{#VpcId}`	无	无
vpc:DetachDhcpOptionsSetFromVpc	DetachDhcpOptionsSetFromVpc	update	DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	无	无
vpc:DeleteDhcpOptionsSet	DeleteDhcpOptionsSet	delete	*DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}`	无	无
vpc:GrantInstanceToCen	GrantInstanceToCen	update	VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	无	无
vpc:CreateRouteEntries	CreateRouteEntries	create	*RouteEntry `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	无	无
vpc:CreateIpv6Gateway	CreateIpv6Gateway	create	Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/`	无	无
vpc:DeleteVpcPrefixList	DeleteVpcPrefixList	delete	*PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}`	无	无
vpc:ModifyHaVipAttribute	ModifyHaVipAttribute	update	*HaVip `acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}`	无	无
vpc:CreateIpv6EgressOnlyRule	CreateIpv6EgressOnlyRule	create	*Ipv6EgressRule `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	无	无
vpc:DeleteVSwitch	DeleteVSwitch	delete	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	无	无
vpc:DissociateRouteTableFromGateway	DissociateRouteTableFromGateway	get	Ipv4Gateway `acs:vpc:{#regionId}:{#accountId}:ipv4gateway/{#ipv4gatewayId}` RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#routetableId}`	无	无
vpc:DescribeRouteEntryList	DescribeRouteEntryList	get	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	无	无
vpc:DescribeTags	DescribeTags	get	全部资源 ``	vpc:tag	无
vpc:DeleteVpc	DeleteVpc	delete	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	vpc:tag	无
vpc:UpdateTrafficMirrorFilterRuleAttribute	UpdateTrafficMirrorFilterRuleAttribute	update	*TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	无	无
vpc:PublishVpcRouteEntries	PublishVpcRouteEntries	update	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	无	无
vpc:ModifyVpcAttribute	ModifyVpcAttribute	update	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	vpc:tag	无
vpc:CreateRouterInterface	CreateRouterInterface	create	VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}` RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/*`	vpc:TargetAccountRDId	无
vpc:UpdateTrafficMirrorFilterAttribute	UpdateTrafficMirrorFilterAttribute	update	*TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	无	无
vpc:ModifyRouterInterfaceSpec	ModifyRouterInterfaceSpec	update	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	无	无
vpc:DeleteIpv6EgressOnlyRule	DeleteIpv6EgressOnlyRule	delete	*Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	无	无
vpc:CreateVSwitchCidrReservation	CreateVSwitchCidrReservation	create	VSwitchCidrReservation `acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/`	无	无
vpc:DescribeRouteTables	DescribeRouteTables	list	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	vpc:VBR vpc:VRouter	无
vpc:DeleteVSwitchCidrReservation	DeleteVSwitchCidrReservation	delete	*VSwitchCidrReservation `acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/{#VSwitchCidrReservationId}`	无	无
vpc:SwitchActiveRouteTarget	SwitchActiveRouteTarget	update	*RouteTargetGroup `acs:vpc:{#regionId}:{#accountId}:routetargetgroup/{#RouteTargetGroupId}`	无	无
vpc:DescribeNetworkAclAttributes	DescribeNetworkAclAttributes	get	*NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}`	无	无
vpc:DescribeVpcs	DescribeVpcs	list	VPC `acs:vpc:{#regionId}:{#accountId}:vpc/*` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VPCId}`	vpc:tag	无
vpc:AttachDhcpOptionsSetToVpc	AttachDhcpOptionsSetToVpc	update	DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	无	无
vpc:ActivateRouterInterface	ActivateRouterInterface	update	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	无	无
vpc:UnTagResources	UnTagResources	update	Address `acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}` NatGateway `acs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId}` RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	vpc:tag	无
vpc:DeleteIpv6InternetBandwidth	DeleteIpv6InternetBandwidth	delete	*Ipv6InternetBandwidth `acs:vpc:{#regionId}:{#accountId}:ipv6bandwidth/{#Ipv6InternetBandwidthId}`	无	无
vpc:ModifyVSwitchAttribute	ModifyVSwitchAttribute	update	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	无	无
vpc:DescribeTagKeys	DescribeTagKeys	get	全部资源 ``	无	无
vpc:DescribeRouterInterfaceAttribute	DescribeRouterInterfaceAttribute	get	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	无	无
vpc:UnassociateHaVip	UnassociateHaVip	delete	Instance `acs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId}` HaVip `acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}`	无	无
vpc:AssociateRouteTable	AssociateRouteTable	update	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId}`	无	无
vpc:CreateRouteTable	CreateRouteTable	create	RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/`	无	无
vpc:ReplaceVpcDhcpOptionsSet	ReplaceVpcDhcpOptionsSet	update	DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	无	无
vpc:CreateVSwitch	CreateVSwitch	create	VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/*`	vpc:tag	无
vpc:DeleteRouterInterface	DeleteExpressConnect	delete	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	无	无
vpc:DescribeRouteTableList	DescribeRouteTableList	list	RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/`	vpc:VRouter vpc:VBR	无
vpc:ModifyIpv6AddressAttribute	ModifyIpv6AddressAttribute	update	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	无	无
vpc:GetVpcGatewayEndpointAttribute	GetVpcGatewayEndpointAttribute	get	*GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	无	无
vpc:GetVSwitchCidrReservationUsage	GetVSwitchCidrReservationUsage	get	*VSwitchCidrReservation `acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/{#VSwitchCidrReservationId}`	无	无
vpc:ListRouteTargetGroups	ListRouteTargetGroups	list	RouteTargetGroup `acs:vpc:{#regionId}:{#accountId}:routetargetgroup/`	无	无
vpc:ModifyVRouterAttribute	ModifyVRouterAttribute	update	*VRouter `acs:vpc:{#regionId}:{#accountId}:vrouter/{#VRouterId}`	无	无
vpc:EnableVpcClassicLink	EnableVpcClassicLink	update	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	无	无
vpc:ReleaseIpv6Address	ReleaseIpv6Address	delete	*Ipv6Address `acs:vpc:{#regionId}:{#accountId}:ipv6address/{#Ipv6AddressId}`	无	无

资源（Resource）

下表是专有网络VPC定义的资源，这些资源可以在 RAM 权限策略语句的Resource元素中使用，用来授予对该资源执行具体操作的权限。其中，资源 ARN 是资源在阿里云上的唯一标识。具体说明如下：

{#}为变量标识，需要您替换为实际值。例如：{#ramcode}需要您替换为实际的云服务RAM代码。
*表示全部。例如：
- {#resourceType}为*时：表示全部资源。
- {#regionId}为*时：表示全部地域。
- {#accountId}为*时：表示全部阿里云账号。

资源类型	资源 ARN
FlowLog	acs:vpc:{#regionId}:{#accountId}:flowlog/* acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}
VpnConnection	acs:vpc:{#regionId}:{#accountId}:vpnconnection/{#VpnConnectionId} acs:vpc:{#regionId}:{#accountId}:vpnconnection/* acs:vpc:{#regionId}:{#accountId}:* acs:vpc:{#Region}:{#AccountId}:vpnconnection/{#VpnConnectionId}
VirtualBorderRouter	acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId} acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId} acs:vpc::{#accountId}:virtualborderrouter/{#VirtualBorderRouterId} acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#InstanceId} acs:vpc:{#regionId}:{#AccountId}:virtualborderrouter/
FlowLogService	acs:vpc:{#regionId}:{#accountId}:flowlog/*
NatGateway	acs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId} acs:vpc:{#regionId}:{#accountId}:natgateway/* acs:natgateway:{#regionId}:{#accountId}:natgateway/{#NatGatewayId}
BandwidthPackage	acs:vpc:{#regionId}:{#accountId}:combandwidthpackage/{#BandwidthPackageId} acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}
PhysicalConnection	acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId} acs:vpc:{#regionId}:{#accountId}:physicalconnection/*
RouterInterface	acs:vpc:{#regionId}:{#AccountId}:routerinterface/{#RouterInterfaceId} acs:vpc:{#regionId}:{#accountId}:routerinterface/*
TrafficQos	acs:vpc:{#regionId}:{#accountId}:trafficqos/{#QosId} acs:vpc:{#regionId}:{#accountId}:TrafficQos/*
SnatTable	acs:vpc:{#regionId}:{#accountId}:snattable/{#SnatTableId}
Ipv6Translator	acs:vpc:{#regionId}:{#accountId}:ipv6trans/{#Ipv6TranslatorId} acs:vpc:{#regionId}:{#accountId}:ipv6trans/*
VPC	acs:vpc:{#regionId}:{#accountId}:vpc/* acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId} acs:vpc:{#regionId}:{#accountId}:vpc/{#InstanceId}
Ipv6Gateway	acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId} acs:vpc:{#regionId}:{#accountId}:ipv6gateway/*
VpnGateway	acs:vpc:{#regionId}:{#accountId}:vpngateway/* acs:vpc:{#regionId}:{#accountId}:vpngateway/{#VpnGatewayId} acs:vpc:{#regionId}:{#accountId}:vpngateway/{#VpnInstanceId} acs:vpc:{#Region}:{#AccountId}:vpngateway/{#VpnInstanceId} acs:vpc:{#regionId}:{#accountId}:
PublicIpAddressPool	acs:vpc:{#regionId}:{#accountId}:publicipaddresspool/* acs:vpc:{#regionId}:{#accountId}:publicipaddresspool/{#PublicIpAddressPoolId}
FullNat	acs:vpc:{#regionId}:{#accountId}:vpcfullnattable/{#FullNatTableId}
Ipv4Gateway	acs:vpc:{#regionId}:{#accountId}:ipv4gateway/{#ipv4gatewayId} acs:vpc:{#regionId}:{#accountId}:ipv4gateway/*
NetworkAcl	acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId} acs:vpc:{#regionId}:{#accountId}:networkacl/*
Address	acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId} acs:vpc:{#regionId}:{#accountId}:eip/*
ForwardTable	acs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId}
RouteTable	acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId} acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTable} acs:vpc:{#regionId}:{#accountId}:routetable/*
IpsecServer	acs:vpc:{#regionId}:{#accountId}:vpnipsecserver/{#IpsecServerId} acs:vpc:{#Region}:{#AccountId}: vpnipsecserver/{#IpsecServerId} acs:vpc:{#regionId}:{#accountId}:ipsecserver/* acs:vpc:{#regionId}:{#accountId}: vpnipsecserver/{#IpsecServerId}
VSwitch	acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId} acs:vpc:{#regionid}:{#accountId}:vswitch/*
SegmentAddress	acs:eip:{#regionId}:{#accountId}:eipsegment/{#SegmentInstanceId} acs:vpc:{#regionId}:{#accountId}:eip/* acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}
TrafficMirrorFilter	acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/* acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}
Instance	acs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId} acs:ecs:{#regionId}:{#accountId}:instance/{#Instanceid} acs:ecs:{#regionId}:{#accountId}:instance/*
Association	acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}
GatewayEndpoint	acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId} acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/*
CustomerGateway	acs:vpc:{#regionId}:{#accountId}:customergateway/* acs:vpc:{#regionId}:{#accountId}:customergateway/{#CustomerGatewayId} acs:vpc:{#Region}:{#AccountId}:customergateway/{#CustomerGatewayId}
CommonBandwidthPackage	acs:vpc:{#regionId}:{#accountId}:combandwidthpackage/{#CommonBandwidthPackageId} acs:vpc:{#regionId}:{#accountId}:combandwidthpackage/*
RouteTargetGroup	acs:vpc:{#regionId}:{#accountId}:routetargetgroup/{#RouteTargetGroupId} acs:vpc:{#regionId}:{#accountId}:routetargetgroup/*
PrefixList	acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId} acs:vpc:{#regionId}:{#accountId}:prefixlist/*
VpnConnections	acs:vpc:{#regionId}:{#accountId}:vpnconnection/{#VpnConnectionId}
GlobalAccelerationInstance	acs:vpc:{#regionId}:{#accountId}:globalaccelerationinstance/{#GlobalAccelerationInstanceId} acs:vpc:{#regionId}:{#accountId}:globalaccelerationinstance/* acs:vpc:{#regionId}:{#accountId}:GlobalAccelerationInstance/*
HaVip	acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId} acs:vpc:{#regionId}:{#accountId}:havip/*
SslVpnServer	acs:vpc:{#regionId}:{#accountId}:sslvpnserver/* acs:vpc:{#regionId}:{#accountId}:sslvpnserver/{#SslVpnServerId} acs:vpc:{#Region}:{#AccountId}:sslvpnserver/{#SslVpnServerId}
TrafficMirrorSession	acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/* acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}
Eip	acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId} acs:vpc:{#regionId}:{#accountId}:eip/{#EipId}
DhcpOptionsSet	acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId} acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/*
SslVpnClientCert	acs:vpc:{#regionId}:{#accountId}:sslvpnclientcert/* acs:vpc:{#regionId}:{#accountId}:sslvpnclientcert/{#SslVpnClientCertId}
TrafficMirrorService	acs:vpc:{#regionId}:{#accountId}:trafficmirror/*
Ipv6InternetBandwidth	acs:vpc:{#regionId}:{#accountId}:vpc/* acs:vpc:{#regionId}:{#accountId}:ipv6bandwidth/* acs:vpc:{#regionId}:{#accountId}:ipv6bandwidth/{#Ipv6InternetBandwidthId}
Ipv6Address	acs:vpc:{#regionId}:{#accountId}:ipv6address/* acs:vpc:{#regionId}:{#accountId}:ipv6address/{#Ipv6AddressId}
VpnCertificateAttachment	acs:vpc:{#regionId}:{#accountId}:vpncertificateattachment/{#VpnGatewayId}/{#CertificateType}/{#CertificateId}
IPv6Translator	acs:vpc:{#regionId}:{#accountId}:ipv6trans/* acs:vpc:{#regionId}:{#accountId}:ipv6trans/{#IPv6TranslatorId}
VRouter	acs:vpc:{#regionId}:{#accountId}:vrouter/* acs:vpc:{#regionId}:{#accountId}:vrouter/{#VRouterId}
GrantRuleToCen	acs:vpc:{#regionId}:{#accountId}:vpc/{#InstanceId}
VSwitchCidrReservation	acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/* acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/{#VSwitchCidrReservationId}
GatewayInfo	acs:vpc:{#regionId}:{#accountId}:eip/*
SnatEntry	acs:vpc:{#regionId}:{#accountId}:snattable/*
VpnAttachment	acs:vpc:{#Region}:{#AccountId}:vpnattachment/{#VpnConnectionId}
PublicIpAddressPoolService	acs:vpc:{#regionId}:{#accountId}:publicipaddresspoolservice/*
RouteEntry	acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}
Ipv6EgressRule	acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}
physicalconnection	acs:vpc:{#regionId}:{#accountId}:physicalconnection/*

条件（Condition）

下表是专有网络VPC 定义的产品级条件关键字，这些条件关键字可以在 RAM 权限策略语句的Condition元素中使用，用来描述授予权限的条件。以下仅列举产品级的条件关键字，阿里云定义的通用条件关键字也同样适用专有网络VPC。

其中，数据类型决定了您可以使用哪些条件运算符将请求中的值与权限策略语句中的值进行比较。您必须使用与数据类型匹配的条件运算符，否则无法匹配策略语句，授权行为无效。数据类型与条件运算符的对应关系，请参见条件操作类型。

条件关键字	描述	类型
vpc:VRouter	路由器信息	String
vpc:VPC	VPC信息	String
vpc:tag	VPC的标签	String
vpc:TargetAccountRDId	对端用户资源目录ID信息	String
vpc:PhysicalConnection	物理专线信息	String
vpc:VBR	边界路由器信息	String

授权信息

权限策略通用结构

操作（Action）

资源（Resource）

条件（Condition）

相关操作