Before using a RAM user to call an API, you must grant the RAM user the corresponding permission to call the API by creating an authorization policy and attaching the policy to the RAM user.
You can specify the resource that a RAM user has permission to operate in the authorization policy. In the authorization policy, an Alibaba Resource Name (ARN) is used to identify the resource to authorize.
| Resource | ARN format |
|---|---|
| ceninstance | acs:cen::$accountid: ceninstance /$ceninstanceidacs:cen::$accountid: ceninstance /* |
| cenbandwidthpackage | acs:cen::$accountid: cenbandwidthpackage /$ cenbandwidthpackageidacs:cen::$accountid: cenbandwidthpackage/* |
| Authentication action | Authentication rule |
|---|---|
| cen: CreateCen | acs:cen::$accountid:ceninstance/ |
| cen: ModifyCenAttribute | acs:cen: *:$accountid:ceninstance/$ceninstanceid |
| cen: DeleteCen | acs:cen: *:$accountid:ceninstance/$ceninstanceid |
| cen: DescribeCens | acs:cen: :$accountid: ceninstance/ |
| cen: AttachCenChildInstance |
|
| cen: DetachCenChildInstance |
|
| cen: DescribeCenAttachedChildInstances | acs:cen:*:$accountid: ceninstance/$ceninstanceid |
| cen: DescribeCenRegionDomainRouteEntries | acs:cen:*:$accountid: ceninstance/$ceninstanceid |
| cen: EnableCenVbrHealthCheck | acs:cen:*:$accountid: ceninstance/$ceninstanceidacs:vpc:$regionid:$accountid:virtualborderrouter/$virtualborderrouterid |
| cen: DisableCenVbrHealthCheck | acs:cen:*:$accountid: ceninstance/$ceninstanceidacs:vpc:$regionid:$accountid:virtualborderrouter/$virtualborderrouterid |
| cen: DescribeCenVbrHealthCheck | acs:cen:*:$accountid: ceninstance/$ceninstanceidacs:vpc:$regionid:$accountid:virtualborderrouter/$virtualborderrouterid |
| cen: CreateCenBandwidthPackage | acs:cen::$accountid: cenbandwidthpackage/ |
| cen: DescribeCenBandwidthPackage | acs:cen::$accountid: cenbandwidthpackage/ |
| cen: ModifyCenBandwidthPackageAttribute | acs:cen:*:$accountid:cenbandwidthpackage/$cenbandwidthpackageid |
| cen: ModifyCenBandwidthPackageSpec |
|
| cen: DeleteCenBandwidthPackage | acs:cen:*:$accountid:bandwidthpackage/$cenbandwidthpackageid |
| cen: AssociateCenBandwidthPackage | acs:cen::$accountid: ceninstance/$ceninstanceidacs:cen::$accountid:bandwidthpackage/$cenbandwidthpackageid |
| cen: UnassociateCenBandwidthPackage | acs:cen::$accountid: ceninstance/$ceninstanceid acs:cen::$accountid:bandwidthpackage/$cenbandwidthpackageid |
| cen: DescribeCenGeographicSpanRemainingBandwidth | acs:cen:*:$accountid: ceninstance/$ceninstanceid |
| cen: SetCenInterRegionBandwidthLimit | acs:cen:*:$accountid: ceninstance/$ceninstanceid |
| cen: DescribeCenInterRegionBandwidthLimits | acs:cen:*:$accountid: ceninstance/$ceninstanceid |
| cen: DescribeRouteConflict |
|
| cen: DescribeGeographicRegionMembership | No authentication required. |