Before calling SLB APIs using a RAM user, the primary account must grant the RAM user the corresponding permission by creating an authentication policy. In the authentication policy, an Alibaba Cloud Resource Name (ARN) is used as the unique identifier of the resource to authorize.
This document introduces the SLB resources and APIs that can be authorized and the corresponding ARN format.
SLB resources
The following table lists the SLB resources that can be authorized and the ARN format.
| Resource | ARN format |
|---|---|
| LoadBalancer | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
acs:slb:$regionid:$accountid:loadbalancer/* |
|
acs:slb:*:$accountid:loadbalancer/* |
|
acs:slb:*:*:loadbalancer/* |
|
| Certificate | acs:slb:$regionid:$accountid:certificate/$servercertificateId |
acs:slb:$regionid:$accountid:certificate/* |
SLB APIs
The following table lists the SLB resources that can be authorized and the ARN format.
SLB instance APIs
| API | ARN format |
|---|---|
| CreateLoadBalancer | acs:slb:$regionid:$accountid:loadbalancer/* |
| ModifyLoadBalancerInternetSpec | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DeleteLoadBalancer | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| SetLoadBalancerStatus | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| SetLoadBalancerName | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeLoadBalancers | acs:slb:$regionid:$accountid:loadbalancer/* |
| DescribeLoadBalancerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeRegions | acs:slb:*:$accountid:* |
| UploadServerCertificate | acs:slb:%s:%s:certificate/* |
| DeleteServerCertificate | acs:slb:%s:%s:certificate/% |
| DescribeServerCertificate | acs:slb:%s:%s:certificate/% |
| SetServerCertificateName | acs:slb:%s:%s:certificate/% |
| DescribeServerCertificates | acs:slb:%s:%s:certificate/* |
| CreateLoadBalancerHTTPListener | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| CreateLoadBalancerHTTPSListener | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
acs:slb:%s:%s:certificate/% |
|
| CreateLoadBalancerTCPListener | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| CreateLoadBalancerUDPListener | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DeleteLoadBalancerListener | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| StartLoadBalancerListener | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| StopLoadBalancerListener | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| SetLoadBalancerHTTPListenerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| SetLoadBalancerHTTPSListenerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
acs:slb:%s:%s:certificate/% |
|
| SetLoadBalancerTCPListenerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| SetLoadBalancerUDPListenerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeLoadBalancerHTTPListenerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeLoadBalancerHTTPSListenerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeLoadBalancerTCPListenerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeLoadBalancerUDPListenerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| AddBackendServers | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
acs:ecs:$regionid:$accountid:instance/$instanceid |
|
| RemoveBackendServers | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
acs:ecs:$regionid:$accountid:instance/$instanceid |
|
| SetBackendServers | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
acs:ecs:$regionid:$accountid:instance/$instanceid |
|
| DescribeHealthStatus | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
VServerGroup APIs
| API | ARN format |
|---|---|
| CreateVServerGroup | acs:slb:$regionid:$accountid:loadbalancer/$loadbalanceridacs:ecs:$regionid:$accountid:instance/$instanceid |
| SetVServerGroupAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DeleteVServerGroup | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeVServerGroups | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeVServerGroupAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| AddVServerGroupBackendServers | acs:slb:$regionid:$accountid:loadbalancer/$loadbalanceridacs:ecs:$regionid:$accountid:instance/$instanceid |
| RemoveVServerGroupBackendServers | acs:slb:$regionid:$accountid:loadbalancer/$loadbalanceridacs:ecs:$regionid:$accountid:instance/$instanceid |
| ModifyVServerGroupBackendServers | acs:slb:$regionid:$accountid:loadbalancer/$loadbalanceridacs:ecs:$regionid:$accountid:instance/$instanceid |
Master-slave server group APIs
| API | ARN format |
|---|---|
| CreateMasterSlaveServerGroup | acs:slb:$regionid:$accountid:loadbalancer/$loadbalanceridacs:ecs:$regionid:$accountid:instance/$instanceid |
| DescribeMasterSlaveServerGroupAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeMasterSlaveServerGroups | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DeleteMasterSlaveServerGroup | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |