Description

Your Alibaba Cloud account has full access to all resources under the account.

You can grant the access and management permissions to sub-accounts (which are also called RAM users) by creating an authorization policy. In an authorization policy, an Alibaba Cloud Resource Name (ARN) is used as the unique identifier of resources. This topic introduces the format of ARNs.

Note For RDS, the resources are dbinstance.

Request parameters

Resource type ARN format
dbinstance acs:rds:$regionid:$accountid:dbinstance/$dbinstanceid

acs:rds:$regionid:$accountid:dbinstance/

acs:rds:::dbinstance/

Parameters

Parameter Description
$regionid
Region ID, which can be replaced with *
$dbinstanceid
Instance ID, which can be replaced with *
$accountid
Alibaba Cloud account ID, which can be replaced with *

RDS API authenication rules

When you use a RAM user account to access RDS through an API, RDS checks whether the RAM user has permissions.