Before calling SLB APIs using a RAM user, the primary account must grant the RAM user the corresponding permission by creating an authentication policy. In the authentication policy, an Alibaba Cloud Resource Name (ARN) is used as the unique identifier of the resource to authorize.

SLB resources

The following table lists the SLB resources that can be authorized and the ARN format.

Resource ARN format
LoadBalancer acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:slb:$regionid:$accountid:loadbalancer/*
acs:slb:*:$accountid:loadbalancer/*
acs:slb:*:*:loadbalancer/*
Certificate acs:slb:$regionid:$accountid:certificate/$servercertificateId
acs:slb:$regionid:$accountid:certificate/*
ACL acs:slb:$regionid:$accountid:acl/*
acs:slb:$regionid:$accountid:acl/$aclid

$regionid/accoutid/servercertificateId is the specific resource ID, and * represents all corresponding resources.

SLB APIs

The following table lists the VPC actions that can be authorized and the ARN format.

API  ARN format
CreateLoadBalancer acs:slb:$regionid:$accountid:loadbalancer/*
ModifyLoadBalancerInternetSpec acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DeleteLoadBalancer acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
SetLoadBalancerStatus acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
SetLoadBalancerName acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeLoadBalancers acs:slb:$regionid:$accountid:loadbalancer/*
DescribeLoadBalancerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeRegions acs:slb:*:$accountid:*
UploadServerCertificate acs:slb:%s:%s:certificate/*
DeleteServerCertificate acs:slb:%s:%s:certificate/%
DescribeServerCertificate acs:slb:%s:%s:certificate/%
SetServerCertificateName acs:slb:%s:%s:certificate/%
DescribeServerCertificates acs:slb:%s:%s:certificate/*
CreateLoadBalancerHTTPListener acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
CreateLoadBalancerHTTPSListener acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:slb:%s:%s:certificate/%
CreateLoadBalancerTCPListener acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
CreateLoadBalancerUDPListener acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
Deleteloadbalancerlistener acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
StartLoadBalancerListener acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
StopLoadBalancerListener acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
SetLoadBalancerHTTPListenerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
SetLoadBalancerHTTPSListenerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:slb:%s:%s:certificate/%
SetLoadBalancerTCPListenerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
SetLoadBalancerUDPListenerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeLoadBalancerHTTPListenerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeLoadBalancerHTTPSListenerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeLoadBalancerTCPListenerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeLoadBalancerUDPListenerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
AddBackendServers acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:ecs:$regionid:$accountid:instance/$instanceid
RemoveBackendServers acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:ecs:$regionid:$accountid:instance/$instanceid
SetBackendServers acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:ecs:$regionid:$accountid:instance/$instanceid
DescribeHealthStatus acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
CreateVServerGroup acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:ecs:$regionid:$accountid:instance/$instanceid
SetVServerGroupAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DeleteVServerGroup acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeVServerGroups acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeVServerGroupAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
AddVServerGroupBackendServers acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:ecs:$regionid:$accountid:instance/$instanceid
RemoveVServerGroupBackendServers acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:ecs:$regionid:$accountid:instance/$instanceid
ModifyVServerGroupBackendServers acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:ecs:$regionid:$accountid:instance/$instanceid
CreateAccessControlList acs:slb:$regionid:$accountid:acl/*
DeleteAccessControlList acs:slb:$regionid:$accountid:acl/$aclid
DescribeAccessControlLists acs:slb:$regionid:$accountid:acl/$aclid
DescribeAccessControlListAttribute acs:slb:$regionid:$accountid:acl/$aclid
SetAccessControlListAttribute acs:slb:$regionid:$accountid:acl/$aclid
AddAccessControlListEntry acs:slb:$regionid:$accountid:acl/$aclid
RemoveAccessControlListEntry acs:slb:$regionid:$accountid:acl/$aclid