This topic uses a sample policy to demonstrate how to authorize a RAM user to view ECS instances in a specified region.

The following policy indicates that the authorized RAM user can view ECS instances in the China (Qingdao) region, but cannot view disks or snapshots in this region.

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ecs:Describe*",
      "Resource": "acs:ecs:cn-qingdao:*:instance/*"
    }
  ],
  "Version": "1"
}
Note You can grant ECS permissions to the RAM user by region and resource type. If you want to authorize a RAM user or role to view ECS instances in another region, you can change cn-qingdao in the Resource element to the target region. For a list of region IDs, see Regions and zones.