Resource Access Management (RAM) users or RAM roles must be granted permissions before they can access cloud resources. RAM uses policies to define permissions. A cloud service defines elements that can be used in a policy statement, such as Action, Resource, and Condition. This topic describes the permissions on Elastic Compute Service (ECS).
The code (RamCode) in RAM that is used to indicate ECS is ecs. You can grant permissions on ECS at the resource level.
Action
The following table describes the values that you can use in the Action
element of a policy statement. The values are defined by ECS. The following list describes the columns in the table:
Action: the value that you can use in the
Action
element to specify the operation on a resource.API: the API operation that you can call to perform the action. In most cases, only one API operation of a cloud service is required to perform an action. In some cases, multiple API operations must be called to perform an action, or an API operation can be called to perform multiple actions.
Access level: the access level of each action. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize a RAM user or a RAM role to perform the operation. Take note of the following items:
The required resource types are displayed in bold characters.
If the permissions cannot be granted at the resource level,
All resources
is used in the Resource type column of the action.
Condition key: the condition keys that are defined by a cloud service. The Condition key column does not list the common condition keys that are defined by Alibaba Cloud. For more information about the common condition keys, see Policy elements.
Dependent action: other actions that a RAM user or a RAM role must have permissions to perform the action. To successfully call the action, a RAM user or a RAM role must have the permissions to perform the dependent action.
Actions | APIs | Access level | Resource types | Condition keys | Dependent actions |
ecs:AcceptInquiredSystemEvent | AcceptInquiredSystemEvent | WRITE | All resources acs:ecs:*:{#accountId}:* | ecs:tag | N/A |
ecs:AddTags | AddTags | WRITE | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId} ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId} SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} snapshotpolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId} | ecs:tag | N/A |
ecs:AllocateDedicatedHosts | AllocateDedicatedHosts | WRITE | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/* | ecs:tag | N/A |
ecs:AllocatePublicIpAddress | AllocatePublicIpAddress | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ApplyAutoSnapshotPolicy | ApplyAutoSnapshotPolicy | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId} | ecs:tag | N/A |
ecs:AssignIpv6Addresses | AssignIpv6Addresses | WRITE | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | ecs:tag | N/A |
ecs:AssignPrivateIpAddresses | AssignPrivateIpAddresses | WRITE | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | ecs:tag | N/A |
ecs:AttachClassicLinkVpc | AttachClassicLinkVpc | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} VPC:VPC acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId} | vpc:tag | N/A |
ecs:AttachDisk | AttachDisk | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:AttachInstanceRamRole | AttachInstanceRamRole | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} RAM:Role acs:ram:*:{#accountId}:role/{#roleName} | ecs:tag | ram:PassRole |
ecs:AttachKeyPair | AttachKeyPair | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId} | ecs:tag | N/A |
ecs:AttachNetworkInterface | AttachNetworkInterface | WRITE | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:AttachVolume | N/A | Write | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId} Volume acs:ecs:{#regionId}:{#accountId}:volume/{#volumeId} | ecs:tag | N/A |
ecs:AuthorizeSecurityGroup | AuthorizeSecurityGroup | WRITE | SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag | N/A |
ecs:AuthorizeSecurityGroupEgress | AuthorizeSecurityGroupEgress | WRITE | SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag | N/A |
ecs:CancelAutoSnapshotPolicy | CancelAutoSnapshotPolicy | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/* | ecs:tag | N/A |
ecs:CancelCopyImage | CancelCopyImage | WRITE | Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | ecs:tag | N/A |
ecs:CancelImagePipelineExecution | CancelImagePipelineExecution | WRITE | ImagePipeline acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId} | N/A | N/A |
ecs:CancelSimulatedSystemEvents | CancelSimulatedSystemEvents | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/* Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | N/A | N/A |
ecs:CancelTask | CancelTask | WRITE | All resources acs:ecs:*:{#accountId}:* | N/A | N/A |
ecs:ConfirmReservationDemand | ConfirmReservationDemand | Write | capacityreservation acs:ecs:{#regionId}:{#accountId}:capacityreservation/{#demandId} | N/A | N/A |
ecs:ConvertNatPublicIpToEip | ConvertNatPublicIpToEip | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:CopyImage | CopyImage | WRITE | Image acs:ecs:{#regionId}:{#accountId}:image/* | ecs:tag | N/A |
ecs:CopySnapshot | CopySnapshot | WRITE | Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | ecs:tag | N/A |
ecs:CreateActivation | CreateActivation | WRITE | Activation acs:ecs:{#regionId}:{#accountId}:activation/* | N/A | N/A |
ecs:CreateAutoProvisioningGroup | CreateAutoProvisioningGroup | WRITE | Fleet acs:ecs:{#regionId}:{#accountId}:fleet/* | N/A | ram:CreateServiceLinkedRole |
ecs:CreateAutoSnapshotPolicy | CreateAutoSnapshotPolicy | WRITE | AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/* | ecs:tag | N/A |
ecs:CreateCapacityReservation | CreateCapacityReservation | WRITE | CapacityReservation acs:ecs:{#regionId}:{#accountId}:capacityreservation/* | N/A | N/A |
ecs:CreateCommand | CreateCommand | WRITE | Command acs:ecs:{#regionId}:{#accountId}:command/* | N/A | N/A |
ecs:CreateDedicatedHostCluster | CreateDedicatedHostCluster | WRITE | ddhcluster acs:ecs:{#regionId}:{#accountId}:ddhcluster/* | ecs:tag | N/A |
ecs:CreateDemand | CreateDemand | WRITE | All resources acs:ecs:*:{#accountId}:* | N/A | N/A |
ecs:CreateDeploymentSet | CreateDeploymentSet | WRITE | All resources acs:ecs:*:{#accountId}:* | N/A | N/A |
ecs:CreateDisk | CreateDisk | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/* Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | ecs:tag ecs:IsDiskEncrypted | N/A |
ecs:CreateElasticityAssurance | CreateElasticityAssurance | WRITE | CapacityReservation acs:ecs:{#regionId}:{#accountId}:capacityreservation/* | N/A | N/A |
ecs:CreateHpcCluster | CreateHpcCluster | WRITE | HpcCluster acs:ecs:{#regionId}:{#accountId}:hpc/* | N/A | N/A |
ecs:CreateImage | CreateImage | WRITE | Image acs:ecs:{#regionId}:{#accountId}:image/* Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | ecs:tag | N/A |
ecs:CreateImageComponent | CreateImageComponent | WRITE | ImageComponent acs:ecs:{#regionId}:{#accountId}:imagecomponent/* | ecs:tag | N/A |
ecs:CreateImagePipeline | CreateImagePipeline | WRITE | ImagePipeline acs:ecs:{#regionId}:{#accountId}:imagepipeline/* | ecs:tag | ram:CreateServiceLinkedRole |
ecs:CreateInstance | CreateInstance | WRITE | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} Instance acs:ecs:{#regionId}:{#accountId}:instance/* KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId} SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} VPC:VSwitch acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId} Disk acs:ecs:{#regionId}:{#accountId}:disk/* VPC:VSwitch acs:vpc:{#regionId}:{#accountId}:vswitch/* | ecs:tag vpc:VPC vpc:tag vpc:IsDefaultVSwitch vpc:IsDefaultVpc ecs:IsDiskEncrypted ecs:InstanceType ecs:InstanceTypeFamily | N/A |
ecs:CreateKeyPair | CreateKeyPair | WRITE | KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/* | ecs:tag | N/A |
ecs:CreateLaunchTemplate | CreateLaunchTemplate | WRITE | LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/* | ecs:tag | N/A |
ecs:CreateLaunchTemplateVersion | CreateLaunchTemplateVersion | WRITE | LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId} | N/A | N/A |
ecs:CreateNetworkInterface | CreateNetworkInterface | WRITE | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/* SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} VPC:VSwitch acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId} | ecs:tag vpc:IsDefaultVSwitch vpc:IsDefaultVpc vpc:VPC vpc:tag | N/A |
ecs:CreateNetworkInterfacePermission | CreateNetworkInterfacePermission | WRITE | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | ecs:tag | N/A |
ecs:CreateReservationDemand | CreateReservationDemand | Write | capacityreservation acs:ecs:{#regionId}:{#accountId}:capacityreservation/* | N/A | N/A |
ecs:CreateSecurityGroup | CreateSecurityGroup | WRITE | SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/* VPC:VPC acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId} | ecs:tag vpc:tag | N/A |
ecs:CreateSimulatedSystemEvents | CreateSimulatedSystemEvents | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:CreateSnapshot | CreateSnapshot | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/* | ecs:tag | N/A |
ecs:CreateSnapshotGroup | CreateSnapshotGroup | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:CreateStorageSet | CreateStorageSet | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/* | N/A | N/A |
ecs:CreateVolume | N/A | Write | Volume acs:ecs:{#regionId}:{#accountId}:volume/* | N/A | N/A |
ecs:DeleteActivation | DeleteActivation | WRITE | activation acs:ecs:{#regionId}:{#accountId}:activation/{#activationId} | N/A | N/A |
ecs:DeleteAutoProvisioningGroup | DeleteAutoProvisioningGroup | WRITE | AutoProvisioningGroup acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId} | N/A | ram:CreateServiceLinkedRole |
ecs:DeleteAutoSnapshotPolicy | DeleteAutoSnapshotPolicy | WRITE | AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#SnapshotPolicyId} | N/A | N/A |
ecs:DeleteCommand | DeleteCommand | WRITE | Command acs:ecs:{#regionId}:{#accountId}:command/{#commandId} | N/A | N/A |
ecs:DeleteDedicatedHostCluster | DeleteDedicatedHostCluster | WRITE | All resources acs:ecs:*:{#accountId}:* | N/A | N/A |
ecs:DeleteDemand | DeleteDemand | WRITE | All resources acs:ecs:*:{#accountId}:* | N/A | N/A |
ecs:DeleteDeploymentSet | DeleteDeploymentSet | WRITE | DeploymentSet acs:ecs:{#regionid}:{#accountId}:deploymentset/{#deploymentSetId} | N/A | N/A |
ecs:DeleteDisk | DeleteDisk | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | ecs:tag | N/A |
ecs:DeleteHpcCluster | DeleteHpcCluster | WRITE | HpcCluster acs:ecs:{#regionId}:{#accountId}:hpc/* | N/A | N/A |
ecs:DeleteImage | DeleteImage | WRITE | Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | ecs:tag | N/A |
ecs:DeleteImageComponent | DeleteImageComponent | WRITE | ImageComponent acs:ecs:{#regionId}:{#accountId}:imagecomponent/{#imagecomponentId} | ecs:tag | N/A |
ecs:DeleteImagePipeline | DeleteImagePipeline | WRITE | ImagePipeline acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId} | ecs:tag | N/A |
ecs:DeleteInstance | DeleteInstance | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DeleteInstances | DeleteInstances | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DeleteKeyPairs | DeleteKeyPairs | WRITE | KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId} | ecs:tag | N/A |
ecs:DeleteLaunchTemplate | DeleteLaunchTemplate | WRITE | LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/* LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId} | ecs:tag | N/A |
ecs:DeleteLaunchTemplateVersion | DeleteLaunchTemplateVersion | WRITE | LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId} | N/A | N/A |
ecs:DeleteNetworkInterface | DeleteNetworkInterface | WRITE | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | ecs:tag | N/A |
ecs:DeleteNetworkInterfacePermission | DeleteNetworkInterfacePermission | WRITE | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | N/A | N/A |
ecs:DeleteSecurityGroup | DeleteSecurityGroup | WRITE | SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag | N/A |
ecs:DeleteSnapshot | DeleteSnapshot | WRITE | Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | ecs:tag | N/A |
ecs:DeleteSnapshotGroup | DeleteSnapshotGroup | WRITE | SnapshotGroup acs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#snapshotgroupId} | N/A | N/A |
ecs:DeleteStorageSet | DeleteStorageSet | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | N/A | N/A |
ecs:DeleteVolume | N/A | Write | Volume acs:ecs:{#regionId}:{#accountId}:volume/{#volumeId} | N/A | N/A |
ecs:DeregisterManagedInstance | DeregisterManagedInstance | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | N/A | N/A |
ecs:DescribeAccountAttributes | DescribeAccountAttributes | LIST | All resources acs:ecs:*:{#accountId}:* | N/A | N/A |
ecs:DescribeActivations | DescribeActivations | READ | Activation acs:ecs:{#regionId}:{#accountId}:activation/* Activation acs:ecs:{#regionId}:{#accountId}:activation/{#activationId} | N/A | N/A |
ecs:DescribeAutoProvisioningGroupHistory | DescribeAutoProvisioningGroupHistory | READ | AutoProvisioningGroup acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId} | N/A | N/A |
ecs:DescribeAutoProvisioningGroupInstances | DescribeAutoProvisioningGroupInstances | READ | AutoProvisioningGroup acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId} | N/A | N/A |
ecs:DescribeAutoProvisioningGroups | DescribeAutoProvisioningGroups | READ | AutoProvisioningGroup acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/* AutoProvisioningGroup acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId} | N/A | N/A |
ecs:DescribeAutoSnapshotPolicy | N/A | READ | AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:autosnapshotpolicy/* | N/A | N/A |
ecs:DescribeAutoSnapshotPolicyEX | DescribeAutoSnapshotPolicyEx | READ | AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/* AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId} | ecs:tag | N/A |
ecs:DescribeBandwidthLimitation | DescribeBandwidthLimitation | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DescribeCapacityReservationInstances | DescribeCapacityReservationInstances | LIST | CapacityReservation acs:ecs:{#regionId}:{#accountId}:capacityreservation/* | N/A | N/A |
ecs:DescribeCapacityReservations | DescribeCapacityReservations | LIST | CapacityReservation acs:ecs:{#regionId}:{#accountId}:capacityreservation/* | N/A | N/A |
ecs:DescribeClassicLinkInstances | DescribeClassicLinkInstances | LIST | Instance acs:ecs:{#regionId}:{#accountId}:instance/* | N/A | N/A |
ecs:DescribeCloudAssistantStatus | DescribeCloudAssistantStatus | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DescribeClusters | DescribeClusters | LIST | All resources acs:ecs:*:{#accountId}:* | N/A | N/A |
ecs:DescribeCommands | DescribeCommands | READ | Command acs:ecs:{#regionId}:{#accountId}:command/* Command acs:ecs:{#regionId}:{#accountId}:command/{#commandId} | N/A | N/A |
ecs:DescribeDedicatedHostAutoRenew | DescribeDedicatedHostAutoRenew | READ | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} | ecs:tag | N/A |
ecs:DescribeDedicatedHostClusters | DescribeDedicatedHostClusters | READ | DedicatedHostCluster acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId} DedicatedHostCluster acs:ecs:{#regionId}:{#accountId}:ddhcluster/* | ecs:tag | N/A |
ecs:DescribeDedicatedHosts | DescribeDedicatedHosts | READ | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/* DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} | ecs:tag | N/A |
ecs:DescribeDemands | DescribeDemands | LIST | Demand acs:ecs:{#regionId}:{#accountId}:ecsdemand/* | N/A | N/A |
ecs:DescribeDeploymentSets | DescribeDeploymentSets | LIST | DeploymentSet acs:ecs:{#regionId}:{#accountId}:deploymentset/* | N/A | N/A |
ecs:DescribeDiskMonitorData | DescribeDiskMonitorData | READ | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | ecs:tag | N/A |
ecs:DescribeDisks | DescribeDisks | READ | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} Disk acs:ecs:{#regionId}:{#accountId}:disk/* | ecs:tag | N/A |
ecs:DescribeDisksFullStatus | DescribeDisksFullStatus | READ | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} Disk acs:ecs:{#regionId}:{#accountId}:disk/* | ecs:tag | N/A |
ecs:DescribeElasticityAssuranceInstances | DescribeElasticityAssuranceInstances | READ | CapacityReservation acs:ecs:{#regionId}:{#accountId}:capacityreservation/* | N/A | N/A |
ecs:DescribeElasticityAssurances | DescribeElasticityAssurances | READ | ElasticityAssurance acs:ecs:{#regionId}:{#accountId}:elasticityassurance/* | N/A | N/A |
ecs:DescribeEniMonitorData | DescribeEniMonitorData | READ | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DescribeFleetInstances | N/A | List | AutoProvisioningGroup acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId} | N/A | N/A |
ecs:DescribeFleets | N/A | List | AutoProvisioningGroup acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/* | N/A | N/A |
ecs:DescribeHpcClusters | DescribeHpcClusters | LIST | HpcCluster acs:ecs:{#regionId}:{#accountId}:hpc/* | N/A | N/A |
ecs:DescribeImageComponents | DescribeImageComponents | READ | ImageComponent acs:ecs:{#regionId}:{#accountId}:imagecomponent/* ImageComponent acs:ecs:{#regionId}:{#accountId}:imagecomponent/{#imagecomponentId} | ecs:tag | N/A |
ecs:DescribeImageFromFamily | DescribeImageFromFamily | READ | Image acs:ecs:{#regionId}:{#accountId}:image/* | N/A | N/A |
ecs:DescribeImagePipelineExecutions | DescribeImagePipelineExecutions | READ | ImagePipeline acs:ecs:{#regionId}:{#accountId}:imagepipeline/* ImagePipeline acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId} | N/A | N/A |
ecs:DescribeImagePipelines | DescribeImagePipelines | READ | ImagePipeline acs:ecs:{#regionId}:{#accountId}:imagepipeline/* ImagePipeline acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId} | ecs:tag | N/A |
ecs:DescribeImageSharePermission | DescribeImageSharePermission | READ | Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | ecs:tag | N/A |
ecs:DescribeImageSupportInstanceTypes | DescribeImageSupportInstanceTypes | READ | Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | N/A | N/A |
ecs:DescribeImages | DescribeImages | READ | Image acs:ecs:{#regionId}:{#accountId}:image/* Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | ecs:tag | N/A |
ecs:DescribeInstanceAttachmentAttributes | DescribeInstanceAttachmentAttributes | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DescribeInstanceAttribute | DescribeInstanceAttribute | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DescribeInstanceAutoRenewAttribute | DescribeInstanceAutoRenewAttribute | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} Instance acs:ecs:{#regionId}:{#accountId}:instance/* | ecs:tag | N/A |
ecs:DescribeInstanceHistoryEvents | DescribeInstanceHistoryEvents | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} Instance acs:ecs:{#regionId}:{#accountId}:instance/* | ecs:tag | N/A |
ecs:DescribeInstanceMaintenanceAttributes | DescribeInstanceMaintenanceAttributes | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/* Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DescribeInstanceMonitorData | DescribeInstanceMonitorData | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DescribeInstanceRamRole | DescribeInstanceRamRole | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} RAM:Role acs:ram:*:{#accountId}:role/{#roleName} | ecs:tag | N/A |
ecs:DescribeInstanceStatus | DescribeInstanceStatus | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/* Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | N/A | N/A |
ecs:DescribeInstanceTopology | DescribeInstanceTopology | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DescribeInstanceVncPasswd | DescribeInstanceVncPasswd | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | N/A | N/A |
ecs:DescribeInstanceVncUrl | DescribeInstanceVncUrl | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DescribeInstances | DescribeInstances | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/* Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ResourceOwner ecs:tag | N/A |
ecs:DescribeInstancesFullStatus | DescribeInstancesFullStatus | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} Instance acs:ecs:{#regionId}:{#accountId}:instance/* | ecs:tag | N/A |
ecs:DescribeInvocationResults | DescribeInvocationResults | READ | Command acs:ecs:{#regionId}:{#accountId}:command/* Instance acs:ecs:{#regionId}:{#accountId}:instance/* Command acs:ecs:{#regionId}:{#accountId}:command/{#CommandId} Instance acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId} | ecs:tag | N/A |
ecs:DescribeInvocations | DescribeInvocations | READ | Command acs:ecs:{#regionId}:{#accountId}:command/* Instance acs:ecs:{#regionId}:{#accountId}:instance/* Instance acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId} Command acs:ecs:{#regionId}:{#accountId}:command/{#CommandId} | ecs:tag | N/A |
ecs:DescribeKeyPairs | DescribeKeyPairs | READ | KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId} KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/* | ecs:tag | N/A |
ecs:DescribeLaunchTemplateVersions | DescribeLaunchTemplateVersions | READ | LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/* LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId} | ecs:tag | N/A |
ecs:DescribeLaunchTemplates | DescribeLaunchTemplates | READ | LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/* LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId} | ecs:tag | N/A |
ecs:DescribeManagedInstances | DescribeManagedInstances | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/* Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DescribeNetworkInterfaceAttribute | DescribeNetworkInterfaceAttribute | READ | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | ecs:tag | N/A |
ecs:DescribeNetworkInterfacePermissions | DescribeNetworkInterfacePermissions | READ | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/* NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | ecs:tag | N/A |
ecs:DescribeNetworkInterfaces | DescribeNetworkInterfaces | READ | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/* NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | ecs:tag | N/A |
ecs:DescribePrice | DescribePrice | READ | All resources acs:ecs:*:{#accountId}:* Disk acs:ecs:{#regionId}:{#accountId}:disk/* Instance acs:ecs:{#regionId}:{#accountId}:instance/* | N/A | N/A |
ecs:DescribeRecommendInstanceType | DescribeRecommendInstanceType | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/* | N/A | N/A |
ecs:DescribeRenewalPrice | DescribeRenewalPrice | READ | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DescribeReservationDemandCommittedAmount | DescribeReservationDemandCommittedAmount | Read | CapacityReservation acs:ecs:{#regionId}:{#accountId}:capacityreservation/* | N/A | N/A |
ecs:DescribeReservationDemands | DescribeReservationDemands | Read | N/A | N/A | N/A |
ecs:DescribeReservedInstances | DescribeReservedInstances | READ | ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/* ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId} | ecs:tag | N/A |
ecs:DescribeResourceByTags | DescribeResourceByTags | READ | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/* Disk acs:ecs:{#regionId}:{#accountId}:disk/* NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/* Image acs:ecs:{#regionId}:{#accountId}:image/* Instance acs:ecs:{#regionId}:{#accountId}:instance/* KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/* LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/* SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/* Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/* All resources acs:ecs:*:{#accountId}:* | ecs:tag | N/A |
ecs:DescribeResourcesModification | DescribeResourcesModification | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DescribeSecurityGroupAttribute | DescribeSecurityGroupAttribute | READ | SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag | N/A |
ecs:DescribeSecurityGroupReferences | DescribeSecurityGroupReferences | READ | SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag | N/A |
ecs:DescribeSecurityGroups | DescribeSecurityGroups | READ | SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/* SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag | N/A |
ecs:DescribeSendFileResults | DescribeSendFileResults | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/* Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DescribeSnapshotGroups | DescribeSnapshotGroups | READ | SnapshotGroup acs:ecs:{#regionId}:{#accountId}:snapshotgroup/* SnapshotGroup acs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#snapshotgroupId} | N/A | N/A |
ecs:DescribeSnapshotLinks | DescribeSnapshotLinks | READ | Disk acs:ecs:{#regionId}:{#accountId}:disk/* Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | N/A | N/A |
ecs:DescribeSnapshotMonitorData | DescribeSnapshotMonitorData | READ | Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/* | N/A | N/A |
ecs:DescribeSnapshotPackage | DescribeSnapshotPackage | READ | Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/* | N/A | N/A |
ecs:DescribeSnapshots | DescribeSnapshots | READ | Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/* Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | ecs:tag | N/A |
ecs:DescribeSnapshotsUsage | DescribeSnapshotsUsage | READ | Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/* | N/A | N/A |
ecs:DescribeStorageCapacityUnits | DescribeStorageCapacityUnits | READ | StorageCapacityUnit acs:ecs:{#regionId}:{#accountId}:scu/* StorageCapacityUnit acs:ecs:{#regionId}:{#accountId}:scu/{#scuId} | N/A | N/A |
ecs:DescribeStorageSetDetails | DescribeStorageSetDetails | READ | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | N/A | N/A |
ecs:DescribeStorageSets | DescribeStorageSets | READ | Disk acs:ecs:{#regionId}:{#accountId}:disk/* | N/A | N/A |
ecs:DescribeTagKeys | N/A | READ | All resources acs:ecs:*:{#accountId}:* DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/* DedicatedHostCluster acs:ecs:{#regionId}:{#accountId}:ddhcluster/* Disk acs:ecs:{#regionId}:{#accountId}:disk/* NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/* Image acs:ecs:{#regionId}:{#accountId}:image/* Instance acs:ecs:{#regionId}:{#accountId}:instance/* KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/* SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/* Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/* AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/* | N/A | N/A |
ecs:DescribeTags | DescribeTags | READ | All resources acs:ecs:*:{#accountId}:* DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/* DedicatedHostCluster acs:ecs:{#regionId}:{#accountId}:ddhcluster/* Disk acs:ecs:{#regionId}:{#accountId}:disk/* Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/* NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} Image acs:ecs:{#regionId}:{#accountId}:image/* Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} Instance acs:ecs:{#regionId}:{#accountId}:instance/* Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/* SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/* SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/* Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/* | ecs:tag | N/A |
ecs:DescribeTaskAttribute | DescribeTaskAttribute | READ | All resources acs:ecs:*:{#accountId}:* | N/A | N/A |
ecs:DescribeTasks | DescribeTasks | READ | All resources acs:ecs:*:{#accountId}:* | N/A | N/A |
ecs:DescribeUserBusinessBehavior | DescribeUserBusinessBehavior | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/* | N/A | N/A |
ecs:DescribeUserData | DescribeUserData | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DescribeVolumes | N/A | List | Volume acs:ecs:{#regionId}:{#accountId}:volume/* Volume acs:ecs:{#regionId}:{#accountId}:volume/{#volumeId} | N/A | N/A |
ecs:DetachClassicLinkVpc | DetachClassicLinkVpc | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} VPC:VPC acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId} | N/A | N/A |
ecs:DetachDisk | DetachDisk | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DetachInstanceRamRole | DetachInstanceRamRole | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} RAM:Role acs:ram:*:{#accountId}:role/{#roleName} | ecs:tag | N/A |
ecs:DetachKeyPair | DetachKeyPair | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId} | ecs:tag | N/A |
ecs:DetachNetworkInterface | DetachNetworkInterface | WRITE | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:DetachVolume | N/A | Write | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId} Volume acs:ecs:{#regionId}:{#accountId}:volume/{#volumeId} | ecs:tag | N/A |
ecs:ExportImage | ExportImage | WRITE | Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | ecs:tag | N/A |
ecs:ExportSnapshot | ExportSnapshot | WRITE | Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | N/A | N/A |
ecs:GetInstanceConsoleOutput | GetInstanceConsoleOutput | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:GetInstanceScreenshot | GetInstanceScreenshot | READ | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ImportImage | ImportImage | WRITE | Image acs:ecs:{#regionId}:{#accountId}:image/* | ecs:tag | N/A |
ecs:ImportKeyPair | ImportKeyPair | WRITE | KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/* | ecs:tag | N/A |
ecs:ImportSnapshot | ImportSnapshot | WRITE | Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/* | N/A | N/A |
ecs:InstallCloudAssistant | InstallCloudAssistant | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:InvokeCommand | InvokeCommand | WRITE | Command acs:ecs:{#regionId}:{#accountId}:command/{#commandId} Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag ecs:CommandRunAs | N/A |
ecs:JoinResourceGroup | JoinResourceGroup | WRITE | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId} LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId} SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#SnapshotId} | ecs:tag | N/A |
ecs:JoinSecurityGroup | JoinSecurityGroup | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag | N/A |
ecs:LeaveSecurityGroup | LeaveSecurityGroup | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag | N/A |
ecs:ListServiceSettings | ListServiceSettings | Read | ServiceSettings acs:ecs:{#regionId}:{#accountId}:servicesettings/* ServiceSettings acs:ecs:{#regionId}:{#accountId}:servicesettings/cloudassistantdeliverysettings | ecs:tag | N/A |
ecs:ListTagResources | ListTagResources | READ | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} Disk acs:ecs:{#regionId}:{#accountId}:disk/* Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/* NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} Image acs:ecs:{#regionId}:{#accountId}:image/* Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} Instance acs:ecs:{#regionId}:{#accountId}:instance/* Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/* KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId} ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/* ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId} SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/* SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/* Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/* | ecs:tag | N/A |
ecs:ModifyAutoProvisioningGroup | ModifyAutoProvisioningGroup | WRITE | autoprovisioninggroup acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId} | N/A | ram:CreateServiceLinkedRole |
ecs:ModifyAutoSnapshotPolicy | ModifyAutoSnapshotPolicy | WRITE | AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#SnapshotPolicyId} | N/A | N/A |
ecs:ModifyAutoSnapshotPolicyEx | ModifyAutoSnapshotPolicyEx | WRITE | Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/* | N/A | N/A |
ecs:ModifyCapacityReservation | ModifyCapacityReservation | WRITE | CapacityReservation acs:ecs:{#regionId}:{#accountId}:capacityreservation/* | N/A | N/A |
ecs:ModifyCommand | ModifyCommand | WRITE | Command acs:ecs:{#regionId}:{#accountId}:command/{#commandId} | N/A | N/A |
ecs:ModifyDedicatedHostAttribute | ModifyDedicatedHostAttribute | WRITE | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} DedicatedHostCluster acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId} | ecs:tag | N/A |
ecs:ModifyDedicatedHostAutoReleaseTime | ModifyDedicatedHostAutoReleaseTime | WRITE | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} | N/A | N/A |
ecs:ModifyDedicatedHostAutoRenewAttribute | ModifyDedicatedHostAutoRenewAttribute | WRITE | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} | ecs:tag | N/A |
ecs:ModifyDedicatedHostClusterAttribute | ModifyDedicatedHostClusterAttribute | WRITE | ddhcluster acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId} | ecs:tag | N/A |
ecs:ModifyDedicatedHostsChargeType | ModifyDedicatedHostsChargeType | WRITE | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} | N/A | N/A |
ecs:ModifyDeploymentSetAttribute | ModifyDeploymentSetAttribute | WRITE | DeploymentSet acs:ecs:{#regionId}:{#accountId}:deploymentset/{#DeploymentSetId} | N/A | N/A |
ecs:ModifyDiskAttribute | ModifyDiskAttribute | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | ecs:tag | N/A |
ecs:ModifyDiskChargeType | ModifyDiskChargeType | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ModifyDiskSpec | ModifyDiskSpec | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | ecs:tag | N/A |
ecs:ModifyHpcClusterAttribute | ModifyHpcClusterAttribute | WRITE | HpcCluster acs:ecs:{#regionId}:{#accountId}:hpc/* | N/A | N/A |
ecs:ModifyImageAttribute | ModifyImageAttribute | WRITE | Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | ecs:tag | N/A |
ecs:ModifyImageShareGroupPermission | ModifyImageShareGroupPermission | WRITE | Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | N/A | N/A |
ecs:ModifyImageSharePermission | ModifyImageSharePermission | WRITE | Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | ecs:tag | N/A |
ecs:ModifyInstanceAttachmentAttributes | ModifyInstanceAttachmentAttributes | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/* | N/A | N/A |
ecs:ModifyInstanceAttribute | ModifyInstanceAttribute | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ModifyInstanceAutoReleaseTime | ModifyInstanceAutoReleaseTime | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ModifyInstanceAutoRenewAttribute | ModifyInstanceAutoRenewAttribute | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ModifyInstanceChargeType | ModifyInstanceChargeType | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ModifyInstanceDeployment | ModifyInstanceDeployment | WRITE | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ModifyInstanceMaintenanceAttributes | ModifyInstanceMaintenanceAttributes | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ModifyInstanceMetadataOptions | ModifyInstanceMetadataOptions | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ModifyInstanceNetworkSpec | ModifyInstanceNetworkSpec | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ModifyInstanceSpec | ModifyInstanceSpec | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ModifyInstanceVncPasswd | ModifyInstanceVncPasswd | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ModifyInstanceVpcAttribute | ModifyInstanceVpcAttribute | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} VPC:VSwitch acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId} | ecs:tag vpc:tag vpc:VPC | N/A |
ecs:ModifyLaunchTemplateDefaultVersion | ModifyLaunchTemplateDefaultVersion | WRITE | LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/* LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId} | N/A | N/A |
ecs:ModifyManagedInstance | ModifyManagedInstance | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | N/A | N/A |
ecs:ModifyNetworkInterfaceAttribute | ModifyNetworkInterfaceAttribute | WRITE | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag | N/A |
ecs:ModifyPrepayInstanceSpec | ModifyPrepayInstanceSpec | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ModifyReservationDemand | ModifyReservationDemand | Write | capacityreservation acs:ecs:{#regionId}:{#accountId}:capacityreservation/{#demandId} | N/A | N/A |
ecs:ModifyReservedInstanceAttribute | ModifyReservedInstanceAttribute | WRITE | ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId} | ecs:tag | N/A |
ecs:ModifyReservedInstances | ModifyReservedInstances | WRITE | ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId} | N/A | N/A |
ecs:ModifySecurityGroupAttribute | ModifySecurityGroupAttribute | WRITE | SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag | N/A |
ecs:ModifySecurityGroupEgressRule | ModifySecurityGroupEgressRule | WRITE | SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag | N/A |
ecs:ModifySecurityGroupPolicy | ModifySecurityGroupPolicy | WRITE | SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag | N/A |
ecs:ModifySecurityGroupRule | ModifySecurityGroupRule | WRITE | SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag | N/A |
ecs:ModifySnapshotAttribute | ModifySnapshotAttribute | WRITE | Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | ecs:tag | N/A |
ecs:ModifyStorageCapacityUnitAttribute | ModifyStorageCapacityUnitAttribute | Write | StorageCapacityUnit acs:ecs:{#regionId}:{#accountId}:scu/{#scuId} | N/A | N/A |
ecs:ModifyStorageSetAttribute | ModifyStorageSetAttribute | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | N/A | N/A |
ecs:ModifyUserBusinessBehavior | ModifyUserBusinessBehavior | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/* | N/A | N/A |
ecs:PurchaseReservedInstancesOffering | PurchaseReservedInstancesOffering | WRITE | ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/* | ecs:tag | N/A |
ecs:PurchaseSavingPlanOffering | PurchaseSavingPlanOffering | Write | SavingPlan acs:ecs:{#regionId}:{#accountId}:savingplan/* | N/A | N/A |
ecs:PurchaseStorageCapacityUnit | PurchaseStorageCapacityUnit | WRITE | StorageCapacityUnit acs:ecs:{#regionId}:{#accountId}:scu/* | N/A | N/A |
ecs:ReActivateInstances | ReActivateInstances | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ReInitDisk | ReInitDisk | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | ecs:tag | N/A |
ecs:RebootInstance | RebootInstance | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:RebootInstances | RebootInstances | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:RedeployDedicatedHost | RedeployDedicatedHost | WRITE | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} | N/A | N/A |
ecs:RedeployInstance | RedeployInstance | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ReleaseCapacityReservation | ReleaseCapacityReservation | WRITE | CapacityReservation acs:ecs:{#regionId}:{#accountId}:capacityreservation/* | N/A | N/A |
ecs:ReleaseDedicatedHost | ReleaseDedicatedHost | WRITE | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} | ecs:tag | N/A |
ecs:ReleasePublicIpAddress | ReleasePublicIpAddress | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | N/A | N/A |
ecs:RemoveTags | RemoveTags | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId} SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} snapshotpolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId} | ecs:tag | N/A |
ecs:RenewDedicatedHosts | RenewDedicatedHosts | WRITE | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} | N/A | N/A |
ecs:RenewInstance | RenewInstance | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ReplaceSystemDisk | ReplaceSystemDisk | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ReportInstancesStatus | ReportInstancesStatus | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:ResetDisk | ResetDisk | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | ecs:tag | N/A |
ecs:ResetDisks | ResetDisks | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | ecs:tag | N/A |
ecs:ResizeDisk | ResizeDisk | WRITE | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | ecs:tag | N/A |
ecs:RevokeSecurityGroup | RevokeSecurityGroup | WRITE | SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag | N/A |
ecs:RevokeSecurityGroupEgress | RevokeSecurityGroupEgress | WRITE | SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag | N/A |
ecs:RunCommand | RunCommand | WRITE | Command acs:ecs:{#regionId}:{#accountId}:command/* Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag ecs:CommandRunAs | N/A |
ecs:RunInstances | RunInstances | WRITE | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} Disk acs:ecs:{#regionId}:{#accountId}:disk/* Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} Instance acs:ecs:{#regionId}:{#accountId}:instance/* KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId} SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} VPC:VSwitch acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId} VPC:VSwitch acs:vpc:{#regionId}:{#accountId}:vswitch/* | ecs:tag vpc:IsDefaultVSwitch vpc:IsDefaultVpc vpc:VPC vpc:tag ecs:IsDiskEncrypted ecs:InstanceTypeFamily ecs:InstanceType | N/A |
ecs:SendFile | SendFile | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:StartImagePipelineExecution | StartImagePipelineExecution | WRITE | ImagePipeline acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId} | N/A | N/A |
ecs:StartInstance | StartInstance | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:StartInstances | StartInstances | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:StopInstance | StopInstance | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:StopInstances | StopInstances | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:StopInvocation | StopInvocation | WRITE | Instance acs:ecs:{#regionId}:{#accountId}:instance/* Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:tag | N/A |
ecs:TagResources | TagResources | WRITE | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId} LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId} ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId} SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId} | ecs:tag | N/A |
ecs:UnassignIpv6Addresses | UnassignIpv6Addresses | WRITE | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | ecs:tag | N/A |
ecs:UnassignPrivateIpAddresses | UnassignPrivateIpAddresses | WRITE | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | ecs:tag | N/A |
ecs:UntagResources | UntagResources | WRITE | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId} ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId} SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId} AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotpolicyId} | ecs:tag | N/A |
ecs:UpdateServiceSettings | UpdateServiceSettings | Write | ServiceSettings acs:ecs:{#regionId}:{#accountId}:servicesettings/* ServiceSettings acs:ecs:{#regionId}:{#accountId}:servicesettings/cloudassistantdeliverysettings | ecs:tag | N/A |
Resource
The following table describes the values that you can use in the Resource
element of a policy statement. The values are defined by ECS.
The Alibaba Cloud Resource Name (ARN) is the unique identifier of the resource on Alibaba Cloud. Take note of the following items:
{#}
indicates a variable. {#} must be replaced with an actual value. For example,{#regionId}
must be replaced with the actual ID of the region where your resource resides.An asterisk (
*
) is used as a wildcard. Examples:If you specify
{#resourceType}/*
, all resources are specified.If
{#regionId}
is set to*
, all regions are specified.If
{#accountId}
is set to*
, all Alibaba Cloud accounts are specified.
Resource type | ARN |
DedicatedHost | acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} |
Disk | acs:ecs:{#regionId}:{#accountId}:disk/{#DiskId} |
NetworkInterface | acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} |
Image | acs:ecs:{#regionId}:{#accountId}:image/{#ImageId} |
Instance | acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId} |
KeyPair | acs:ecs:{#regionId}:{#accountId}:keypair/{#KeyPairName} |
ReservedInstance | acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#ReservedInstanceId} |
SecurityGroup | acs:ecs:{#regionId}:{#accountId}:securitygroup/{#SecurityGroupId} |
Snapshot | acs:ecs:{#regionId}:{#accountId}:snapshot/{#SnapshotId} |
AutoSnapshotPolicy | acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#SnapshotPolicyId} |
ImagePipeline | acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#ImagePipelineId} |
CapacityReservation | acs:ecs:{#regionId}:{#accountId}:capacityreservation/{#CapacityReservationId} |
Command | acs:ecs:{#regionId}:{#accountId}:command/{#CommandId} |
HpcCluster | acs:ecs:{#regionId}:{#accountId}:hpc/{#HpcId} |
LaunchTemplate | acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#LaunchTemplateId} |
DeploymentSet | acs:ecs:{#regionId}:{#accountId}:deploymentset/{#DeploymentSetId} |
SnapshotGroup | acs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#SnapshotGroupId} |
DedicatedHostCluster | acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId} |
Demand | acs:ecs:{#regionId}:{#accountId}:ecsdemand/{#DemandId} |
ServiceSettings | acs:ecs:{#regionId}:{#accountId}:servicesettings/{#RegionId} |
SavingPlan | acs:ecs:{#regionId}:{#accountId}:savingplan/{#SavingPlanId} |
Volume | acs:ecs:{#regionId}:{#accountId}:volume/{#volumeId} |
Condition
The following table describes the values that you can use in the Condition
element of a policy statement. The values are defined by ECS. The following table describes the service-specific condition keys. The common condition keys that are defined by Alibaba Cloud also apply to ECS. For more information about the common condition keys, see Policy elements.
The data type determines which condition operators you can use to compare the value in a request with the value in a policy statement. You must use condition operators that are supported by the data type. Otherwise, you cannot compare the value in the request with the value in the policy statement. In this case, the authorization is invalid. For more information about the condition operators that are supported by each data type, see Policy elements.
Condition keys | Description | Type |
ecs:tag | A tag key and value pair that are attached to a ECS resource. | String |
vpc:VPC | The resource ARN of a VPC Instance. You can use Condition to restrict access to a specified VPC. | String |
vpc:tag | A tag key and value pair that are attached to a VPC resource. | String |
vpc:IsDefaultVSwitch | Indicates whether the VSwitch is the default VSwitch. | Boolean |
vpc:IsDefaultVpc | Indicates whether the VPC is the default VPC. | Boolean |
ecs:IsDiskEncrypted | Indicates whether each data disk is encrypted. Valid values: [true, false].
| String |
ecs:InstanceType | The instance type. | String |
ecs:InstanceTypeFamily | The instance type family. | String |
ecs:ImagePlatform | The operating system type (Windows, Linux) of the image. | String |
ecs:ImageSource | The source of the image.
| String |
ecs:CommandRunAs | The user who run cloud assistant commands in ECS instances, such as "root" or "system". | String |