edit-icon download-icon

RAM authentication

Last Updated: Mar 28, 2018

Before using a RAM user to call an API, you must grant the RAM user the corresponding permission to call the API by creating an authorization policy and attaching the policy to the RAM user.

You can specify the resource that a RAM user has permission to operate in the authorization policy. In the authorization policy, an Alibaba Resource Name (ARN) is used to identity the resource to authorize. For more information, see Permissions.

CEN resources

The following table lists the available CEN resources and the corresponding ARN formats.

Resource type ARN format
ceninstance acs:cen::$accountid: ceninstance /$ceninstanceid
acs:cen:
:$accountid: ceninstance /*
cenbandwidthpackage acs:cen::$accountid: cenbandwidthpackage /$ cenbandwidthpackageid
acs:cen:
:$accountid: cenbandwidthpackage/*

Authentication rules

The following table lists the authentication rules of CEN APIs.

Authorization action Authorization rule
cen: CreateCen acs:cen::$accountid:ceninstance/
cen: ModifyCenAttribute acs:cen: *:$accountid:ceninstance/$ceninstanceid
cen: DeleteCen acs:cen: *:$accountid:ceninstance/$ceninstanceid
cen: DescribeCens acs:cen: :$accountid: ceninstance/
cen: AttachCenChildInstance acs:cen:*:$accountid: ceninstance/$ceninstanceid
VPC: acs:vpc:$regionid:$accountid:vpc/$vpcid
VBR: acs:vpc:$regionid:$accountid:virtualborderrouter/$virtualborderrouterid
cen: DetachCenChildInstance acs:cen:*:$accountid: ceninstance/$ ceninstanceid
VPC: acs:vpc:$regionid:$accountid:vpc/$vpcid
VBR: acs:vpc:$regionid:$accountid:virtualborderrouter/$virtualborderrouterid
cen: DescribeCenAttachedChildInstances acs:cen:*:$accountid: ceninstance/$ceninstanceid
cen: DescribeCenRegionDomainRouteEntries acs:cen:*:$accountid: ceninstance/$ceninstanceid
cen: EnableCenVbrHealthCheck acs:cen:*:$accountid: ceninstance/$ceninstanceid
acs:vpc:$regionid:$accountid:virtualborderrouter/$virtualborderrouterid
cen: DisableCenVbrHealthCheck acs:cen:*:$accountid: ceninstance/$ceninstanceid
acs:vpc:$regionid:$accountid:virtualborderrouter/$virtualborderrouterid
cen: DescribeCenVbrHealthCheck acs:cen:*:$accountid: ceninstance/$ceninstanceid
acs:vpc:$regionid:$accountid:virtualborderrouter/$virtualborderrouterid
cen: CreateCenBandwidthPackage acs:cen::$accountid: cenbandwidthpackage/
cen: DescribeCenBandwidthPackage acs:cen::$accountid: cenbandwidthpackage/
cen: ModifyCenBandwidthPackageAttribute acs:cen:*:$accountid:
cenbandwidthpackage/$cenbandwidthpackageid
cen: ModifyCenBandwidthPackageSpec acs:cen:*:$accountid:
cenbandwidthpackage/$cenbandwidthpackageid
cen: DeleteCenBandwidthPackage acs:cen:*:$accountid:bandwidthpackage/$cenbandwidthpackageid
cen: AssociateCenBandwidthPackage acs:cen::$accountid: ceninstance/$ceninstanceid
acs:cen:
:$accountid:bandwidthpackage/$cenbandwidthpackageid
cen: UnassociateCenBandwidthPackage acs:cen::$accountid: ceninstance/$ceninstanceid
acs:cen:
:$accountid:bandwidthpackage/$cenbandwidthpackageid
cen: DescribeCenGeographicSpanRemainingBandwidth acs:cen:*:$accountid: ceninstance/$ceninstanceid
cen: SetCenInterRegionBandwidthLimit acs:cen:*:$accountid: ceninstance/$ceninstanceid
cen: DescribeCenInterRegionBandwidthLimits acs:cen:*:$accountid: ceninstance/$ceninstanceid
cen: DescribeRouteConflict VPC: acs:vpc:$regionid:$accountid:vpc/$vpcid
VBR: acs:vpc:$regionid:$accountid:virtualborderrouter/$virtualborderrouterid
cen: DescribeGeographicRegionMembership No authentication required.
Thank you! We've received your feedback.