All Products
Search
Document Center

Resource Access Management:Elastic Compute Service (ECS)

Last Updated:Sep 07, 2022

Resource Access Management (RAM) users or RAM roles must be granted permissions before they can access cloud resources. RAM uses policies to define permissions. A cloud service defines elements that can be used in a policy statement, such as Action, Resource, and Condition. This topic describes the permissions on Elastic Compute Service (ECS). 

The code (RamCode) in RAM that is used to indicate ECS is ecs. You can grant permissions on ECS at the resource level

Action

The following table describes the values that you can use in the Action element of a policy statement. The values are defined by ECS. The following list describes the columns in the table:

  • Action: the value that you can use in the Action element to specify the operation on a resource. 

  • API: the API operation that you can call to perform the action. In most cases, only one API operation of a cloud service is required to perform an action. In some cases, multiple API operations must be called to perform an action, or an API operation can be called to perform multiple actions. 

  • Access level: the access level of each action. The levels are read, write, and list. 

  • Resource type: the type of the resource on which you can authorize a RAM user or a RAM role to perform the operation. Take note of the following items:

    • The required resource types are displayed in bold characters. 

    • If the permissions cannot be granted at the resource level, All resources is used in the Resource type column of the action. 

  • Condition key: the condition keys that are defined by a cloud service. The Condition key column does not list the common condition keys that are defined by Alibaba Cloud. For more information about the common condition keys, see Policy elements

  • Dependent action: other actions that a RAM user or a RAM role must have permissions to perform the action. To successfully call the action, a RAM user or a RAM role must have the permissions to perform the dependent action.

Actions

APIs

Access level

Resource types

Condition keys 

Dependent actions

ecs:AcceptInquiredSystemEvent

AcceptInquiredSystemEvent

WRITE

All resources

acs:ecs:*:{#accountId}:*

ecs:tag

N/A

ecs:AddTags

AddTags

WRITE

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}

ReservedInstance

acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

snapshotpolicy

acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId}

ecs:tag

N/A

ecs:AllocateDedicatedHosts

AllocateDedicatedHosts

WRITE

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/*

ecs:tag

N/A

ecs:AllocatePublicIpAddress

AllocatePublicIpAddress

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ApplyAutoSnapshotPolicy

ApplyAutoSnapshotPolicy

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

AutoSnapshotPolicy

acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId}

ecs:tag

N/A

ecs:AssignIpv6Addresses

AssignIpv6Addresses

WRITE

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

ecs:tag

N/A

ecs:AssignPrivateIpAddresses

AssignPrivateIpAddresses

WRITE

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

ecs:tag

N/A

ecs:AttachClassicLinkVpc

AttachClassicLinkVpc

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

VPC:VPC

acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId}

vpc:tag

N/A

ecs:AttachDisk

AttachDisk

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:AttachInstanceRamRole

AttachInstanceRamRole

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

RAM:Role

acs:ram:*:{#accountId}:role/{#roleName}

ecs:tag

ram:PassRole

ecs:AttachKeyPair

AttachKeyPair

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}

ecs:tag

N/A

ecs:AttachNetworkInterface

AttachNetworkInterface

WRITE

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:AttachVolume

N/A

Write

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId}

Volume

acs:ecs:{#regionId}:{#accountId}:volume/{#volumeId}

ecs:tag

N/A

ecs:AuthorizeSecurityGroup

AuthorizeSecurityGroup

WRITE

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

ecs:tag

N/A

ecs:AuthorizeSecurityGroupEgress

AuthorizeSecurityGroupEgress

WRITE

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

ecs:tag

N/A

ecs:CancelAutoSnapshotPolicy

CancelAutoSnapshotPolicy

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

AutoSnapshotPolicy

acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/*

ecs:tag

N/A

ecs:CancelCopyImage

CancelCopyImage

WRITE

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

ecs:tag

N/A

ecs:CancelImagePipelineExecution

CancelImagePipelineExecution

WRITE

ImagePipeline

acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId}

N/A

N/A

ecs:CancelSimulatedSystemEvents

CancelSimulatedSystemEvents

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

N/A

N/A

ecs:CancelTask

CancelTask

WRITE

All resources

acs:ecs:*:{#accountId}:*

N/A

N/A

ecs:ConfirmReservationDemand

ConfirmReservationDemand

Write

capacityreservation

acs:ecs:{#regionId}:{#accountId}:capacityreservation/{#demandId}

N/A

N/A

ecs:ConvertNatPublicIpToEip

ConvertNatPublicIpToEip

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:CopyImage

CopyImage

WRITE

Image

acs:ecs:{#regionId}:{#accountId}:image/*

ecs:tag

N/A

ecs:CopySnapshot

CopySnapshot

WRITE

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

ecs:tag

N/A

ecs:CreateActivation

CreateActivation

WRITE

Activation

acs:ecs:{#regionId}:{#accountId}:activation/*

N/A

N/A

ecs:CreateAutoProvisioningGroup

CreateAutoProvisioningGroup

WRITE

Fleet

acs:ecs:{#regionId}:{#accountId}:fleet/*

N/A

ram:CreateServiceLinkedRole

ecs:CreateAutoSnapshotPolicy

CreateAutoSnapshotPolicy

WRITE

AutoSnapshotPolicy

acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/*

ecs:tag

N/A

ecs:CreateCapacityReservation

CreateCapacityReservation

WRITE

CapacityReservation

acs:ecs:{#regionId}:{#accountId}:capacityreservation/*

N/A

N/A

ecs:CreateCommand

CreateCommand

WRITE

Command

acs:ecs:{#regionId}:{#accountId}:command/*

N/A

N/A

ecs:CreateDedicatedHostCluster

CreateDedicatedHostCluster

WRITE

ddhcluster

acs:ecs:{#regionId}:{#accountId}:ddhcluster/*

ecs:tag

N/A

ecs:CreateDemand

CreateDemand

WRITE

All resources

acs:ecs:*:{#accountId}:*

N/A

N/A

ecs:CreateDeploymentSet

CreateDeploymentSet

WRITE

All resources

acs:ecs:*:{#accountId}:*

N/A

N/A

ecs:CreateDisk

CreateDisk

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/*

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

ecs:tag

ecs:IsDiskEncrypted

N/A

ecs:CreateElasticityAssurance

CreateElasticityAssurance

WRITE

CapacityReservation

acs:ecs:{#regionId}:{#accountId}:capacityreservation/*

N/A

N/A

ecs:CreateHpcCluster

CreateHpcCluster

WRITE

HpcCluster

acs:ecs:{#regionId}:{#accountId}:hpc/*

N/A

N/A

ecs:CreateImage

CreateImage

WRITE

Image

acs:ecs:{#regionId}:{#accountId}:image/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

ecs:tag

N/A

ecs:CreateImageComponent

CreateImageComponent

WRITE

ImageComponent

acs:ecs:{#regionId}:{#accountId}:imagecomponent/*

ecs:tag

N/A

ecs:CreateImagePipeline

CreateImagePipeline

WRITE

ImagePipeline

acs:ecs:{#regionId}:{#accountId}:imagepipeline/*

ecs:tag

ram:CreateServiceLinkedRole

ecs:CreateInstance

CreateInstance

WRITE

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

VPC:VSwitch

acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId}

Disk

acs:ecs:{#regionId}:{#accountId}:disk/*

VPC:VSwitch

acs:vpc:{#regionId}:{#accountId}:vswitch/*

ecs:tag

vpc:VPC

vpc:tag

vpc:IsDefaultVSwitch

vpc:IsDefaultVpc

ecs:IsDiskEncrypted

ecs:InstanceType

ecs:InstanceTypeFamily

N/A

ecs:CreateKeyPair

CreateKeyPair

WRITE

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/*

ecs:tag

N/A

ecs:CreateLaunchTemplate

CreateLaunchTemplate

WRITE

LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/*

ecs:tag

N/A

ecs:CreateLaunchTemplateVersion

CreateLaunchTemplateVersion

WRITE

LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}

N/A

N/A

ecs:CreateNetworkInterface

CreateNetworkInterface

WRITE

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/*

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

VPC:VSwitch

acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId}

ecs:tag

vpc:IsDefaultVSwitch

vpc:IsDefaultVpc

vpc:VPC

vpc:tag

N/A

ecs:CreateNetworkInterfacePermission

CreateNetworkInterfacePermission

WRITE

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

ecs:tag

N/A

ecs:CreateReservationDemand

CreateReservationDemand

Write

capacityreservation

acs:ecs:{#regionId}:{#accountId}:capacityreservation/*

N/A

N/A

ecs:CreateSecurityGroup

CreateSecurityGroup

WRITE

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/*

VPC:VPC

acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId}

ecs:tag

vpc:tag

N/A

ecs:CreateSimulatedSystemEvents

CreateSimulatedSystemEvents

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:CreateSnapshot

CreateSnapshot

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/*

ecs:tag

N/A

ecs:CreateSnapshotGroup

CreateSnapshotGroup

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:CreateStorageSet

CreateStorageSet

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/*

N/A

N/A

ecs:CreateVolume

N/A

Write

Volume

acs:ecs:{#regionId}:{#accountId}:volume/*

N/A

N/A

ecs:DeleteActivation

DeleteActivation

WRITE

activation

acs:ecs:{#regionId}:{#accountId}:activation/{#activationId}

N/A

N/A

ecs:DeleteAutoProvisioningGroup

DeleteAutoProvisioningGroup

WRITE

AutoProvisioningGroup

acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId}

N/A

ram:CreateServiceLinkedRole

ecs:DeleteAutoSnapshotPolicy

DeleteAutoSnapshotPolicy

WRITE

AutoSnapshotPolicy

acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#SnapshotPolicyId}

N/A

N/A

ecs:DeleteCommand

DeleteCommand

WRITE

Command

acs:ecs:{#regionId}:{#accountId}:command/{#commandId}

N/A

N/A

ecs:DeleteDedicatedHostCluster

DeleteDedicatedHostCluster

WRITE

All resources

acs:ecs:*:{#accountId}:*

N/A

N/A

ecs:DeleteDemand

DeleteDemand

WRITE

All resources

acs:ecs:*:{#accountId}:*

N/A

N/A

ecs:DeleteDeploymentSet

DeleteDeploymentSet

WRITE

DeploymentSet

acs:ecs:{#regionid}:{#accountId}:deploymentset/{#deploymentSetId}

N/A

N/A

ecs:DeleteDisk

DeleteDisk

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

ecs:tag

N/A

ecs:DeleteHpcCluster

DeleteHpcCluster

WRITE

HpcCluster

acs:ecs:{#regionId}:{#accountId}:hpc/*

N/A

N/A

ecs:DeleteImage

DeleteImage

WRITE

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

ecs:tag

N/A

ecs:DeleteImageComponent

DeleteImageComponent

WRITE

ImageComponent

acs:ecs:{#regionId}:{#accountId}:imagecomponent/{#imagecomponentId}

ecs:tag

N/A

ecs:DeleteImagePipeline

DeleteImagePipeline

WRITE

ImagePipeline

acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId}

ecs:tag

N/A

ecs:DeleteInstance

DeleteInstance

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DeleteInstances

DeleteInstances

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DeleteKeyPairs

DeleteKeyPairs

WRITE

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}

ecs:tag

N/A

ecs:DeleteLaunchTemplate

DeleteLaunchTemplate

WRITE

LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/*

LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}

ecs:tag

N/A

ecs:DeleteLaunchTemplateVersion

DeleteLaunchTemplateVersion

WRITE

LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}

N/A

N/A

ecs:DeleteNetworkInterface

DeleteNetworkInterface

WRITE

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

ecs:tag

N/A

ecs:DeleteNetworkInterfacePermission

DeleteNetworkInterfacePermission

WRITE

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

N/A

N/A

ecs:DeleteSecurityGroup

DeleteSecurityGroup

WRITE

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

ecs:tag

N/A

ecs:DeleteSnapshot

DeleteSnapshot

WRITE

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

ecs:tag

N/A

ecs:DeleteSnapshotGroup

DeleteSnapshotGroup

WRITE

SnapshotGroup

acs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#snapshotgroupId}

N/A

N/A

ecs:DeleteStorageSet

DeleteStorageSet

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

N/A

N/A

ecs:DeleteVolume

N/A

Write

Volume

acs:ecs:{#regionId}:{#accountId}:volume/{#volumeId}

N/A

N/A

ecs:DeregisterManagedInstance

DeregisterManagedInstance

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

N/A

N/A

ecs:DescribeAccountAttributes

DescribeAccountAttributes

LIST

All resources

acs:ecs:*:{#accountId}:*

N/A

N/A

ecs:DescribeActivations

DescribeActivations

READ

Activation

acs:ecs:{#regionId}:{#accountId}:activation/*

Activation

acs:ecs:{#regionId}:{#accountId}:activation/{#activationId}

N/A

N/A

ecs:DescribeAutoProvisioningGroupHistory

DescribeAutoProvisioningGroupHistory

READ

AutoProvisioningGroup

acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId}

N/A

N/A

ecs:DescribeAutoProvisioningGroupInstances

DescribeAutoProvisioningGroupInstances

READ

AutoProvisioningGroup

acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId}

N/A

N/A

ecs:DescribeAutoProvisioningGroups

DescribeAutoProvisioningGroups

READ

AutoProvisioningGroup

acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/*

AutoProvisioningGroup

acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId}

N/A

N/A

ecs:DescribeAutoSnapshotPolicy

N/A

READ

AutoSnapshotPolicy

acs:ecs:{#regionId}:{#accountId}:autosnapshotpolicy/*

N/A

N/A

ecs:DescribeAutoSnapshotPolicyEX

DescribeAutoSnapshotPolicyEx

READ

AutoSnapshotPolicy

acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/*

AutoSnapshotPolicy

acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId}

ecs:tag

N/A

ecs:DescribeBandwidthLimitation

DescribeBandwidthLimitation

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DescribeCapacityReservationInstances

DescribeCapacityReservationInstances

LIST

CapacityReservation

acs:ecs:{#regionId}:{#accountId}:capacityreservation/*

N/A

N/A

ecs:DescribeCapacityReservations

DescribeCapacityReservations

LIST

CapacityReservation

acs:ecs:{#regionId}:{#accountId}:capacityreservation/*

N/A

N/A

ecs:DescribeClassicLinkInstances

DescribeClassicLinkInstances

LIST

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

N/A

N/A

ecs:DescribeCloudAssistantStatus

DescribeCloudAssistantStatus

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DescribeClusters

DescribeClusters

LIST

All resources

acs:ecs:*:{#accountId}:*

N/A

N/A

ecs:DescribeCommands

DescribeCommands

READ

Command

acs:ecs:{#regionId}:{#accountId}:command/*

Command

acs:ecs:{#regionId}:{#accountId}:command/{#commandId}

N/A

N/A

ecs:DescribeDedicatedHostAutoRenew

DescribeDedicatedHostAutoRenew

READ

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

ecs:tag

N/A

ecs:DescribeDedicatedHostClusters

DescribeDedicatedHostClusters

READ

DedicatedHostCluster

acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}

DedicatedHostCluster

acs:ecs:{#regionId}:{#accountId}:ddhcluster/*

ecs:tag

N/A

ecs:DescribeDedicatedHosts

DescribeDedicatedHosts

READ

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/*

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

ecs:tag

N/A

ecs:DescribeDemands

DescribeDemands

LIST

Demand

acs:ecs:{#regionId}:{#accountId}:ecsdemand/*

N/A

N/A

ecs:DescribeDeploymentSets

DescribeDeploymentSets

LIST

DeploymentSet

acs:ecs:{#regionId}:{#accountId}:deploymentset/*

N/A

N/A

ecs:DescribeDiskMonitorData

DescribeDiskMonitorData

READ

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

ecs:tag

N/A

ecs:DescribeDisks

DescribeDisks

READ

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

Disk

acs:ecs:{#regionId}:{#accountId}:disk/*

ecs:tag

N/A

ecs:DescribeDisksFullStatus

DescribeDisksFullStatus

READ

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

Disk

acs:ecs:{#regionId}:{#accountId}:disk/*

ecs:tag

N/A

ecs:DescribeElasticityAssuranceInstances

DescribeElasticityAssuranceInstances

READ

CapacityReservation

acs:ecs:{#regionId}:{#accountId}:capacityreservation/*

N/A

N/A

ecs:DescribeElasticityAssurances

DescribeElasticityAssurances

READ

ElasticityAssurance

acs:ecs:{#regionId}:{#accountId}:elasticityassurance/*

N/A

N/A

ecs:DescribeEniMonitorData

DescribeEniMonitorData

READ

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DescribeFleetInstances

N/A

List

AutoProvisioningGroup

acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId}

N/A

N/A

ecs:DescribeFleets

N/A

List

AutoProvisioningGroup

acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/*

N/A

N/A

ecs:DescribeHpcClusters

DescribeHpcClusters

LIST

HpcCluster

acs:ecs:{#regionId}:{#accountId}:hpc/*

N/A

N/A

ecs:DescribeImageComponents

DescribeImageComponents

READ

ImageComponent

acs:ecs:{#regionId}:{#accountId}:imagecomponent/*

ImageComponent

acs:ecs:{#regionId}:{#accountId}:imagecomponent/{#imagecomponentId}

ecs:tag

N/A

ecs:DescribeImageFromFamily

DescribeImageFromFamily

READ

Image

acs:ecs:{#regionId}:{#accountId}:image/*

N/A

N/A

ecs:DescribeImagePipelineExecutions

DescribeImagePipelineExecutions

READ

ImagePipeline

acs:ecs:{#regionId}:{#accountId}:imagepipeline/*

ImagePipeline

acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId}

N/A

N/A

ecs:DescribeImagePipelines

DescribeImagePipelines

READ

ImagePipeline

acs:ecs:{#regionId}:{#accountId}:imagepipeline/*

ImagePipeline

acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId}

ecs:tag

N/A

ecs:DescribeImageSharePermission

DescribeImageSharePermission

READ

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

ecs:tag

N/A

ecs:DescribeImageSupportInstanceTypes

DescribeImageSupportInstanceTypes

READ

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

N/A

N/A

ecs:DescribeImages

DescribeImages

READ

Image

acs:ecs:{#regionId}:{#accountId}:image/*

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

ecs:tag

N/A

ecs:DescribeInstanceAttachmentAttributes

DescribeInstanceAttachmentAttributes

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DescribeInstanceAttribute

DescribeInstanceAttribute

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DescribeInstanceAutoRenewAttribute

DescribeInstanceAutoRenewAttribute

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

ecs:tag

N/A

ecs:DescribeInstanceHistoryEvents

DescribeInstanceHistoryEvents

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

ecs:tag

N/A

ecs:DescribeInstanceMaintenanceAttributes

DescribeInstanceMaintenanceAttributes

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DescribeInstanceMonitorData

DescribeInstanceMonitorData

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DescribeInstanceRamRole

DescribeInstanceRamRole

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

RAM:Role

acs:ram:*:{#accountId}:role/{#roleName}

ecs:tag

N/A

ecs:DescribeInstanceStatus

DescribeInstanceStatus

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

N/A

N/A

ecs:DescribeInstanceTopology

DescribeInstanceTopology

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DescribeInstanceVncPasswd

DescribeInstanceVncPasswd

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

N/A

N/A

ecs:DescribeInstanceVncUrl

DescribeInstanceVncUrl

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DescribeInstances

DescribeInstances

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ResourceOwner

ecs:tag

N/A

ecs:DescribeInstancesFullStatus

DescribeInstancesFullStatus

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

ecs:tag

N/A

ecs:DescribeInvocationResults

DescribeInvocationResults

READ

Command

acs:ecs:{#regionId}:{#accountId}:command/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

Command

acs:ecs:{#regionId}:{#accountId}:command/{#CommandId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId}

ecs:tag

N/A

ecs:DescribeInvocations

DescribeInvocations

READ

Command

acs:ecs:{#regionId}:{#accountId}:command/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId}

Command

acs:ecs:{#regionId}:{#accountId}:command/{#CommandId}

ecs:tag

N/A

ecs:DescribeKeyPairs

DescribeKeyPairs

READ

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/*

ecs:tag

N/A

ecs:DescribeLaunchTemplateVersions

DescribeLaunchTemplateVersions

READ

LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/*

LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}

ecs:tag

N/A

ecs:DescribeLaunchTemplates

DescribeLaunchTemplates

READ

LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/*

LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}

ecs:tag

N/A

ecs:DescribeManagedInstances

DescribeManagedInstances

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DescribeNetworkInterfaceAttribute

DescribeNetworkInterfaceAttribute

READ

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

ecs:tag

N/A

ecs:DescribeNetworkInterfacePermissions

DescribeNetworkInterfacePermissions

READ

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/*

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

ecs:tag

N/A

ecs:DescribeNetworkInterfaces

DescribeNetworkInterfaces

READ

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/*

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

ecs:tag

N/A

ecs:DescribePrice

DescribePrice

READ

All resources

acs:ecs:*:{#accountId}:*

Disk

acs:ecs:{#regionId}:{#accountId}:disk/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

N/A

N/A

ecs:DescribeRecommendInstanceType

DescribeRecommendInstanceType

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

N/A

N/A

ecs:DescribeRenewalPrice

DescribeRenewalPrice

READ

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DescribeReservationDemandCommittedAmount

DescribeReservationDemandCommittedAmount

Read

CapacityReservation

acs:ecs:{#regionId}:{#accountId}:capacityreservation/*

N/A

N/A

ecs:DescribeReservationDemands

DescribeReservationDemands

Read

N/A

N/A

N/A

ecs:DescribeReservedInstances

DescribeReservedInstances

READ

ReservedInstance

acs:ecs:{#regionId}:{#accountId}:reservedinstance/*

ReservedInstance

acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}

ecs:tag

N/A

ecs:DescribeResourceByTags

DescribeResourceByTags

READ

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/*

Disk

acs:ecs:{#regionId}:{#accountId}:disk/*

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/*

Image

acs:ecs:{#regionId}:{#accountId}:image/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/*

LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/*

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/*

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/*

All resources

acs:ecs:*:{#accountId}:*

ecs:tag

N/A

ecs:DescribeResourcesModification

DescribeResourcesModification

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DescribeSecurityGroupAttribute

DescribeSecurityGroupAttribute

READ

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

ecs:tag

N/A

ecs:DescribeSecurityGroupReferences

DescribeSecurityGroupReferences

READ

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

ecs:tag

N/A

ecs:DescribeSecurityGroups

DescribeSecurityGroups

READ

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/*

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

ecs:tag

N/A

ecs:DescribeSendFileResults

DescribeSendFileResults

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DescribeSnapshotGroups

DescribeSnapshotGroups

READ

SnapshotGroup

acs:ecs:{#regionId}:{#accountId}:snapshotgroup/*

SnapshotGroup

acs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#snapshotgroupId}

N/A

N/A

ecs:DescribeSnapshotLinks

DescribeSnapshotLinks

READ

Disk

acs:ecs:{#regionId}:{#accountId}:disk/*

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

N/A

N/A

ecs:DescribeSnapshotMonitorData

DescribeSnapshotMonitorData

READ

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/*

N/A

N/A

ecs:DescribeSnapshotPackage

DescribeSnapshotPackage

READ

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/*

N/A

N/A

ecs:DescribeSnapshots

DescribeSnapshots

READ

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/*

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

ecs:tag

N/A

ecs:DescribeSnapshotsUsage

DescribeSnapshotsUsage

READ

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/*

N/A

N/A

ecs:DescribeStorageCapacityUnits

DescribeStorageCapacityUnits

READ

StorageCapacityUnit

acs:ecs:{#regionId}:{#accountId}:scu/*

StorageCapacityUnit

acs:ecs:{#regionId}:{#accountId}:scu/{#scuId}

N/A

N/A

ecs:DescribeStorageSetDetails

DescribeStorageSetDetails

READ

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

N/A

N/A

ecs:DescribeStorageSets

DescribeStorageSets

READ

Disk

acs:ecs:{#regionId}:{#accountId}:disk/*

N/A

N/A

ecs:DescribeTagKeys

N/A

READ

All resources

acs:ecs:*:{#accountId}:*

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/*

DedicatedHostCluster

acs:ecs:{#regionId}:{#accountId}:ddhcluster/*

Disk

acs:ecs:{#regionId}:{#accountId}:disk/*

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/*

Image

acs:ecs:{#regionId}:{#accountId}:image/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/*

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/*

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/*

AutoSnapshotPolicy

acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/*

N/A

N/A

ecs:DescribeTags

DescribeTags

READ

All resources

acs:ecs:*:{#accountId}:*

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/*

DedicatedHostCluster

acs:ecs:{#regionId}:{#accountId}:ddhcluster/*

Disk

acs:ecs:{#regionId}:{#accountId}:disk/*

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/*

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

Image

acs:ecs:{#regionId}:{#accountId}:image/*

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/*

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/*

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/*

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

AutoSnapshotPolicy

acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/*

ecs:tag

N/A

ecs:DescribeTaskAttribute

DescribeTaskAttribute

READ

All resources

acs:ecs:*:{#accountId}:*

N/A

N/A

ecs:DescribeTasks

DescribeTasks

READ

All resources

acs:ecs:*:{#accountId}:*

N/A

N/A

ecs:DescribeUserBusinessBehavior

DescribeUserBusinessBehavior

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

N/A

N/A

ecs:DescribeUserData

DescribeUserData

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DescribeVolumes

N/A

List

Volume

acs:ecs:{#regionId}:{#accountId}:volume/*

Volume

acs:ecs:{#regionId}:{#accountId}:volume/{#volumeId}

N/A

N/A

ecs:DetachClassicLinkVpc

DetachClassicLinkVpc

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

VPC:VPC

acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId}

N/A

N/A

ecs:DetachDisk

DetachDisk

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DetachInstanceRamRole

DetachInstanceRamRole

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

RAM:Role

acs:ram:*:{#accountId}:role/{#roleName}

ecs:tag

N/A

ecs:DetachKeyPair

DetachKeyPair

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}

ecs:tag

N/A

ecs:DetachNetworkInterface

DetachNetworkInterface

WRITE

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:DetachVolume

N/A

Write

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId}

Volume

acs:ecs:{#regionId}:{#accountId}:volume/{#volumeId}

ecs:tag

N/A

ecs:ExportImage

ExportImage

WRITE

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

ecs:tag

N/A

ecs:ExportSnapshot

ExportSnapshot

WRITE

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

N/A

N/A

ecs:GetInstanceConsoleOutput

GetInstanceConsoleOutput

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:GetInstanceScreenshot

GetInstanceScreenshot

READ

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ImportImage

ImportImage

WRITE

Image

acs:ecs:{#regionId}:{#accountId}:image/*

ecs:tag

N/A

ecs:ImportKeyPair

ImportKeyPair

WRITE

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/*

ecs:tag

N/A

ecs:ImportSnapshot

ImportSnapshot

WRITE

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/*

N/A

N/A

ecs:InstallCloudAssistant

InstallCloudAssistant

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:InvokeCommand

InvokeCommand

WRITE

Command

acs:ecs:{#regionId}:{#accountId}:command/{#commandId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

ecs:CommandRunAs

N/A

ecs:JoinResourceGroup

JoinResourceGroup

WRITE

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}

LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#SnapshotId}

ecs:tag

N/A

ecs:JoinSecurityGroup

JoinSecurityGroup

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

ecs:tag

N/A

ecs:LeaveSecurityGroup

LeaveSecurityGroup

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

ecs:tag

N/A

ecs:ListServiceSettings

ListServiceSettings

Read

ServiceSettings

acs:ecs:{#regionId}:{#accountId}:servicesettings/*

ServiceSettings

acs:ecs:{#regionId}:{#accountId}:servicesettings/cloudassistantdeliverysettings

ecs:tag

N/A

ecs:ListTagResources

ListTagResources

READ

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

Disk

acs:ecs:{#regionId}:{#accountId}:disk/*

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/*

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

Image

acs:ecs:{#regionId}:{#accountId}:image/*

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/*

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}

ReservedInstance

acs:ecs:{#regionId}:{#accountId}:reservedinstance/*

ReservedInstance

acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/*

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/*

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/*

ecs:tag

N/A

ecs:ModifyAutoProvisioningGroup

ModifyAutoProvisioningGroup

WRITE

autoprovisioninggroup

acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId}

N/A

ram:CreateServiceLinkedRole

ecs:ModifyAutoSnapshotPolicy

ModifyAutoSnapshotPolicy

WRITE

AutoSnapshotPolicy

acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#SnapshotPolicyId}

N/A

N/A

ecs:ModifyAutoSnapshotPolicyEx

ModifyAutoSnapshotPolicyEx

WRITE

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/*

N/A

N/A

ecs:ModifyCapacityReservation

ModifyCapacityReservation

WRITE

CapacityReservation

acs:ecs:{#regionId}:{#accountId}:capacityreservation/*

N/A

N/A

ecs:ModifyCommand

ModifyCommand

WRITE

Command

acs:ecs:{#regionId}:{#accountId}:command/{#commandId}

N/A

N/A

ecs:ModifyDedicatedHostAttribute

ModifyDedicatedHostAttribute

WRITE

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

DedicatedHostCluster

acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}

ecs:tag

N/A

ecs:ModifyDedicatedHostAutoReleaseTime

ModifyDedicatedHostAutoReleaseTime

WRITE

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

N/A

N/A

ecs:ModifyDedicatedHostAutoRenewAttribute

ModifyDedicatedHostAutoRenewAttribute

WRITE

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

ecs:tag

N/A

ecs:ModifyDedicatedHostClusterAttribute

ModifyDedicatedHostClusterAttribute

WRITE

ddhcluster

acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}

ecs:tag

N/A

ecs:ModifyDedicatedHostsChargeType

ModifyDedicatedHostsChargeType

WRITE

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

N/A

N/A

ecs:ModifyDeploymentSetAttribute

ModifyDeploymentSetAttribute

WRITE

DeploymentSet

acs:ecs:{#regionId}:{#accountId}:deploymentset/{#DeploymentSetId}

N/A

N/A

ecs:ModifyDiskAttribute

ModifyDiskAttribute

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

ecs:tag

N/A

ecs:ModifyDiskChargeType

ModifyDiskChargeType

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ModifyDiskSpec

ModifyDiskSpec

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

ecs:tag

N/A

ecs:ModifyHpcClusterAttribute

ModifyHpcClusterAttribute

WRITE

HpcCluster

acs:ecs:{#regionId}:{#accountId}:hpc/*

N/A

N/A

ecs:ModifyImageAttribute

ModifyImageAttribute

WRITE

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

ecs:tag

N/A

ecs:ModifyImageShareGroupPermission

ModifyImageShareGroupPermission

WRITE

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

N/A

N/A

ecs:ModifyImageSharePermission

ModifyImageSharePermission

WRITE

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

ecs:tag

N/A

ecs:ModifyInstanceAttachmentAttributes

ModifyInstanceAttachmentAttributes

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

N/A

N/A

ecs:ModifyInstanceAttribute

ModifyInstanceAttribute

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ModifyInstanceAutoReleaseTime

ModifyInstanceAutoReleaseTime

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ModifyInstanceAutoRenewAttribute

ModifyInstanceAutoRenewAttribute

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ModifyInstanceChargeType

ModifyInstanceChargeType

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ModifyInstanceDeployment

ModifyInstanceDeployment

WRITE

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ModifyInstanceMaintenanceAttributes

ModifyInstanceMaintenanceAttributes

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ModifyInstanceMetadataOptions

ModifyInstanceMetadataOptions

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ModifyInstanceNetworkSpec

ModifyInstanceNetworkSpec

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ModifyInstanceSpec

ModifyInstanceSpec

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ModifyInstanceVncPasswd

ModifyInstanceVncPasswd

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ModifyInstanceVpcAttribute

ModifyInstanceVpcAttribute

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

VPC:VSwitch

acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId}

ecs:tag

vpc:tag

vpc:VPC

N/A

ecs:ModifyLaunchTemplateDefaultVersion

ModifyLaunchTemplateDefaultVersion

WRITE

LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/*

LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}

N/A

N/A

ecs:ModifyManagedInstance

ModifyManagedInstance

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

N/A

N/A

ecs:ModifyNetworkInterfaceAttribute

ModifyNetworkInterfaceAttribute

WRITE

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

ecs:tag

N/A

ecs:ModifyPrepayInstanceSpec

ModifyPrepayInstanceSpec

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ModifyReservationDemand

ModifyReservationDemand

Write

capacityreservation

acs:ecs:{#regionId}:{#accountId}:capacityreservation/{#demandId}

N/A

N/A

ecs:ModifyReservedInstanceAttribute

ModifyReservedInstanceAttribute

WRITE

ReservedInstance

acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}

ecs:tag

N/A

ecs:ModifyReservedInstances

ModifyReservedInstances

WRITE

ReservedInstance

acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}

N/A

N/A

ecs:ModifySecurityGroupAttribute

ModifySecurityGroupAttribute

WRITE

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

ecs:tag

N/A

ecs:ModifySecurityGroupEgressRule

ModifySecurityGroupEgressRule

WRITE

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

ecs:tag

N/A

ecs:ModifySecurityGroupPolicy

ModifySecurityGroupPolicy

WRITE

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

ecs:tag

N/A

ecs:ModifySecurityGroupRule

ModifySecurityGroupRule

WRITE

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

ecs:tag

N/A

ecs:ModifySnapshotAttribute

ModifySnapshotAttribute

WRITE

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

ecs:tag

N/A

ecs:ModifyStorageCapacityUnitAttribute

ModifyStorageCapacityUnitAttribute

Write

StorageCapacityUnit

acs:ecs:{#regionId}:{#accountId}:scu/{#scuId}

N/A

N/A

ecs:ModifyStorageSetAttribute

ModifyStorageSetAttribute

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

N/A

N/A

ecs:ModifyUserBusinessBehavior

ModifyUserBusinessBehavior

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

N/A

N/A

ecs:PurchaseReservedInstancesOffering

PurchaseReservedInstancesOffering

WRITE

ReservedInstance

acs:ecs:{#regionId}:{#accountId}:reservedinstance/*

ecs:tag

N/A

ecs:PurchaseSavingPlanOffering

PurchaseSavingPlanOffering

Write

SavingPlan

acs:ecs:{#regionId}:{#accountId}:savingplan/*

N/A

N/A

ecs:PurchaseStorageCapacityUnit

PurchaseStorageCapacityUnit

WRITE

StorageCapacityUnit

acs:ecs:{#regionId}:{#accountId}:scu/*

N/A

N/A

ecs:ReActivateInstances

ReActivateInstances

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ReInitDisk

ReInitDisk

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

ecs:tag

N/A

ecs:RebootInstance

RebootInstance

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:RebootInstances

RebootInstances

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:RedeployDedicatedHost

RedeployDedicatedHost

WRITE

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

N/A

N/A

ecs:RedeployInstance

RedeployInstance

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ReleaseCapacityReservation

ReleaseCapacityReservation

WRITE

CapacityReservation

acs:ecs:{#regionId}:{#accountId}:capacityreservation/*

N/A

N/A

ecs:ReleaseDedicatedHost

ReleaseDedicatedHost

WRITE

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

ecs:tag

N/A

ecs:ReleasePublicIpAddress

ReleasePublicIpAddress

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

N/A

N/A

ecs:RemoveTags

RemoveTags

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ReservedInstance

acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

snapshotpolicy

acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId}

ecs:tag

N/A

ecs:RenewDedicatedHosts

RenewDedicatedHosts

WRITE

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

N/A

N/A

ecs:RenewInstance

RenewInstance

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ReplaceSystemDisk

ReplaceSystemDisk

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ReportInstancesStatus

ReportInstancesStatus

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:ResetDisk

ResetDisk

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

ecs:tag

N/A

ecs:ResetDisks

ResetDisks

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

ecs:tag

N/A

ecs:ResizeDisk

ResizeDisk

WRITE

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

ecs:tag

N/A

ecs:RevokeSecurityGroup

RevokeSecurityGroup

WRITE

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

ecs:tag

N/A

ecs:RevokeSecurityGroupEgress

RevokeSecurityGroupEgress

WRITE

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

ecs:tag

N/A

ecs:RunCommand

RunCommand

WRITE

Command

acs:ecs:{#regionId}:{#accountId}:command/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

ecs:CommandRunAs

N/A

ecs:RunInstances

RunInstances

WRITE

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

Disk

acs:ecs:{#regionId}:{#accountId}:disk/*

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

VPC:VSwitch

acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId}

VPC:VSwitch

acs:vpc:{#regionId}:{#accountId}:vswitch/*

ecs:tag

vpc:IsDefaultVSwitch

vpc:IsDefaultVpc

vpc:VPC

vpc:tag

ecs:IsDiskEncrypted

ecs:InstanceTypeFamily

ecs:InstanceType

N/A

ecs:SendFile

SendFile

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:StartImagePipelineExecution

StartImagePipelineExecution

WRITE

ImagePipeline

acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId}

N/A

N/A

ecs:StartInstance

StartInstance

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:StartInstances

StartInstances

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:StopInstance

StopInstance

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:StopInstances

StopInstances

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:StopInvocation

StopInvocation

WRITE

Instance

acs:ecs:{#regionId}:{#accountId}:instance/*

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

ecs:tag

N/A

ecs:TagResources

TagResources

WRITE

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}

LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}

ReservedInstance

acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

AutoSnapshotPolicy

acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId}

ecs:tag

N/A

ecs:UnassignIpv6Addresses

UnassignIpv6Addresses

WRITE

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

ecs:tag

N/A

ecs:UnassignPrivateIpAddresses

UnassignPrivateIpAddresses

WRITE

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

ecs:tag

N/A

ecs:UntagResources

UntagResources

WRITE

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}

ReservedInstance

acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}

LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}

AutoSnapshotPolicy

acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotpolicyId}

ecs:tag

N/A

ecs:UpdateServiceSettings

UpdateServiceSettings

Write

ServiceSettings

acs:ecs:{#regionId}:{#accountId}:servicesettings/*

ServiceSettings

acs:ecs:{#regionId}:{#accountId}:servicesettings/cloudassistantdeliverysettings

ecs:tag

N/A

Resource

The following table describes the values that you can use in the Resource element of a policy statement. The values are defined by ECS.

The Alibaba Cloud Resource Name (ARN) is the unique identifier of the resource on Alibaba Cloud. Take note of the following items:

  • {#} indicates a variable. {#} must be replaced with an actual value. For example, {#regionId} must be replaced with the actual ID of the region where your resource resides. 

  • An asterisk (*) is used as a wildcard. Examples:

    • If you specify {#resourceType}/*, all resources are specified. 

    • If {#regionId} is set to *, all regions are specified. 

    • If {#accountId} is set to *, all Alibaba Cloud accounts are specified.

Resource type 

ARN 

DedicatedHost

acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}

Disk

acs:ecs:{#regionId}:{#accountId}:disk/{#DiskId}

NetworkInterface

acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}

Image

acs:ecs:{#regionId}:{#accountId}:image/{#ImageId}

Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId}

KeyPair

acs:ecs:{#regionId}:{#accountId}:keypair/{#KeyPairName}

ReservedInstance

acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#ReservedInstanceId}

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#SecurityGroupId}

Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#SnapshotId}

AutoSnapshotPolicy

acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#SnapshotPolicyId}

ImagePipeline

acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#ImagePipelineId}

CapacityReservation

acs:ecs:{#regionId}:{#accountId}:capacityreservation/{#CapacityReservationId}

Command

acs:ecs:{#regionId}:{#accountId}:command/{#CommandId}

HpcCluster

acs:ecs:{#regionId}:{#accountId}:hpc/{#HpcId}

LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#LaunchTemplateId}

DeploymentSet

acs:ecs:{#regionId}:{#accountId}:deploymentset/{#DeploymentSetId}

SnapshotGroup

acs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#SnapshotGroupId}

DedicatedHostCluster

acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}

Demand

acs:ecs:{#regionId}:{#accountId}:ecsdemand/{#DemandId}

ServiceSettings

acs:ecs:{#regionId}:{#accountId}:servicesettings/{#RegionId}

SavingPlan

acs:ecs:{#regionId}:{#accountId}:savingplan/{#SavingPlanId}

Volume

acs:ecs:{#regionId}:{#accountId}:volume/{#volumeId}

Condition

The following table describes the values that you can use in the Condition element of a policy statement. The values are defined by ECS. The following table describes the service-specific condition keys. The common condition keys that are defined by Alibaba Cloud also apply to ECS. For more information about the common condition keys, see Policy elements

The data type determines which condition operators you can use to compare the value in a request with the value in a policy statement. You must use condition operators that are supported by the data type. Otherwise, you cannot compare the value in the request with the value in the policy statement. In this case, the authorization is invalid. For more information about the condition operators that are supported by each data type, see Policy elements

Condition keys 

Description 

Type 

ecs:tag

A tag key and value pair that are attached to a ECS resource.

String

vpc:VPC

The resource ARN of a VPC Instance. You can use Condition to restrict access to a specified VPC.

String

vpc:tag

A tag key and value pair that are attached to a VPC resource.

String

vpc:IsDefaultVSwitch

Indicates whether the VSwitch is the default VSwitch.

Boolean

vpc:IsDefaultVpc

Indicates whether the VPC is the default VPC.

Boolean

ecs:IsDiskEncrypted

Indicates whether each data disk is encrypted. Valid values: [true, false].

  • true: encrypts data

  • false: does not encrypt data

String

ecs:InstanceType

The instance type.

String

ecs:InstanceTypeFamily

The instance type family.

String

ecs:ImagePlatform

The operating system type (Windows, Linux) of the image.

String

ecs:ImageSource

The source of the image.

  • System: A public image provided by Alibaba Cloud.

  • Custom: The custom image you created.

  • Marketplace: An image provided by marketplace.

String

ecs:CommandRunAs

The user who run cloud assistant commands in ECS instances, such as "root" or "system".

String