Adjustment content

To reduce permission determination complexity and improve permission management experience when Resource Access Management (RAM) users and roles are used to call API operations, Alibaba Cloud Elastic Compute Service (ECS) will upgrade the authentication mechanism for query (Describe) API operations on December 20, 2025 (UTC+8). This upgrade will standardize the return values when API calls lack permissions, including but not limited to SDK, CLI, and Terraform call methods.

The response is upgraded when you use a RAM user or role to call an ECS query (Describe) API operation without the required permissions. Before the upgrade, the operation returns an empty resource list with HttpCode:200 (OK). After the upgrade, the operation returns an error response with HttpCode:403 (Forbidden), which indicates an authentication failure.

Affected API operations

Service: Ecs

API version: 2014-05-26

Operation:

DescribeInstances

DescribeDisks

For more information, please refer to the announcement.

We apologize for any inconvenience. If you encounter issues, submit a ticket to contact us.