All Products
Search
Document Center

Global Accelerator:RAM policies

Last Updated:Aug 07, 2023

To ensure the data security of your resources, you can use Resource Access Management (RAM) policies to control access to your cloud resources. This topic describes the RAM policies for Global Accelerator (GA) instances.

RAM policy overview

  • Supports system policies: System policies are created and maintained by Alibaba Cloud. You can only use but cannot modify system policies.

  • Supports custom policies: If system policies do not meet your requirements, you can create custom policies to implement fine-grained permission management.

    For more information about policies, see Policy elements.

  • After you create a policy, you must attach the policy to a RAM user, user group, or RAM role to obtain the access permissions that are specified in the policy.

    For example, you can configure a policy to allow a RAM user to access your cloud resources by using only specific IP addresses or within a specific period of time.

  • You can delete policies that are no longer required. Before you delete a policy, make sure that the policy is not attached to an object. If the policy is attached to an object, detach the policy before you delete it.

Use RAM policies

You can use RAM policies to control the access permissions of a GA instance.

Permissions are used to describe the access capabilities of users, user groups, and roles to specific resources. Policies are the specific authorization methods. You can use RAM policies to determine which users or roles can access specific resources or perform specific operations. RAM supports system policies and custom policies.

System policies

System policies are directly created and maintained by Alibaba Cloud. Compared with custom policies, system policies are easier to use. If you do not require fine-grained permission management, you can use system policies.

You can attach the following policies to a RAM user:

Custom policies

If system policies do not meet your business requirements, you can create custom policies to implement fine-grained permission management. You can create, update, and delete custom policies.

Before you create a custom policy for a GA instance, take note of the following information:

RAM authentication

The authorization statements that can be used in RAM policies for GA include Effect, Action, Resource, and Condition. The RAM code (RamCode) is ga.

The following section describes the available authorization operations and the corresponding descriptions.

Note

Alibaba Cloud Resource Names (ARNs) are used to specify resources in RAM policies. For information about the Resource format, see descriptions about ARNs in the Terms topic.

Action

Resource

Description

API operation

ga:AddEntriesToAcl

acs:ga:{#regionId}:{#accountId}:acl/{#aclId}

Adds IP entries to an access control list (ACL).

AddEntriesToAcl

ga:AssociateAclsWithListener

acs:ga:{#regionId}:{#accountId}:listener/{#ListenerId}

Associates a listener with an ACL.

AssociateAclsWithListener

ga:AssociateAdditionalCertificatesWithListener

acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}

Associates additional certificates with an HTTPS listener.

AssociateAdditionalCertificatesWithListener

ga:AttachDdosToAccelerator

acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Associates an Anti-DDoS Pro or Anti-DDoS Premium instance with a GA instance.

AttachDdosToAccelerator

ga:AttachLogStoreToEndpointGroup

  • acs:ga:{#regionId}:{#accountId}:endpointgroup/*

  • acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Associates a Log Service Logstore with an endpoint group.

AttachLogStoreToEndpointGroup

ga:BandwidthPackageAddAccelerator

  • acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}

  • acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Associates a bandwidth plan with a GA instance.

BandwidthPackageAddAccelerator

ga:BandwidthPackageRemoveAccelerator

  • acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}

  • acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Disassociates a bandwidth plan from a GA instance.

BandwidthPackageRemoveAccelerator

ga:ChangeResourceGroup

  • acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

  • acs:ga:{#regionId}:{#accountId}:acl/{#aclId}

  • acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthpackageId}

  • acs:ga:{#regionId}:{#accountId}:ga/{#basicacceleratorId}

  • acs:ga:{#regionId}:{#accountId}:endpointgroup/{#EndpointGroupId}

Changes the resource group to which a GA instance belongs.

ChangeResourceGroup

ga:ConfigEndpointProbe

acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointGroupId}

Detects the latency of an endpoint.

ConfigEndpointProbe

ga:CreateAccelerator

acs:ga:{#regionId}:{#accountId}:ga/*

Creates a GA instance.

CreateAccelerator

ga:CreateAcl

acs:ga:{#regionId}:{#accountId}:acl/*

Creates an ACL.

CreateAcl

ga:CreateApplicationMonitor

  • acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

  • acs:ga:{#regionId}:{#accountId}:sitemonitor/*

Creates an origin probing task.

CreateApplicationMonitor

ga:CreateBandwidthPackage

acs:ga:{#regionId}:{#accountId}:bandwidthpackage/*

Creates a bandwidth plan.

CreateBandwidthPackage

ga:CreateBasicAccelerateIp

  • acs:ga:{#regionId}:{#accountId}:ga/{#gaId}

  • acs:ga:{#regionId}:{#accountId}:ipset/*

Creates an accelerated IP address for a basic GA instance.

CreateBasicAccelerateIp

ga:CreateBasicAccelerateIpEndpointRelation

  • acs:ga:{#regionId}:{#accountId}:ga/{#gaId}

  • acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId}

  • acs:ga:{#regionId}:{#accountId}:basicendpoint/{#basicendpointId}

Associates an accelerated IP address of a basic GA instance with an endpoint.

CreateBasicAccelerateIpEndpointRelation

ga:CreateBasicAccelerateIpEndpointRelations

acs:ga:{#regionId}:{#accountId}:ga/{#gaId}

Creates multiple accelerated IP addresses for a basic GA instance and associates the IP addresses with endpoints.

CreateBasicAccelerateIpEndpointRelations

ga:CreateBasicAccelerator

acs:ga:{#regionId}:{#accountId}:ga/*

Creates a basic GA instance.

CreateBasicAccelerator

ga:CreateBasicEndpoint

acs:ga:{#regionId}:{#accountId}:basicendpoint/*

Creates an endpoint group for a basic GA instance.

CreateBasicEndpoint

ga:CreateBasicEndpointGroup

acs:ga:{#regionId}:{#accountId}:endpointgroup/*

Creates an endpoint group for a basic GA instance.

CreateBasicEndpointGroup

ga:CreateBasicEndpoints

acs:ga:{#regionId}:{#accountId}:basicendpoint/*

Creates multiple endpoints for a basic GA instance at the same time.

CreateBasicEndpoints

ga:CreateBasicIpSet

  • acs:ga:{#regionId}:{#accountId}:ga/{#BasicAcceleratorId}

  • acs:ga:{#regionId}:{#accountId}:ipset/*

Creates an acceleration region for a basic GA instance.

CreateBasicIpSet

ga:CreateCustomRoutingEndpointGroupDestinations

acs:ga:{#regionId}:{#accountId}:customroutingendpointgroupdestination/*

Sets the mapping configurations for an endpoint group that is associated with a custom routing listener.

CreateCustomRoutingEndpointGroupDestinations

ga:CreateCustomRoutingEndpointGroups

acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/*

Creates multiple endpoint groups for a custom routing listener at the same time.

CreateCustomRoutingEndpointGroups

ga:CreateCustomRoutingEndpointTrafficPolicies

acs:ga:{#regionId}:{#accountId}:customroutingendpoint/{#CustomRoutingEndpointId}

Creates traffic policies for an endpoint of a custom routing listener.

CreateCustomRoutingEndpointTrafficPolicies

ga:CreateCustomRoutingEndpoints

acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#customroutingendpointgroupId}

Creates endpoints for a custom routing listener.

CreateCustomRoutingEndpoints

ga:CreateEndpointGroup

  • acs:ga:{#regionId}:{#accountId}:endpointgroup/*

  • acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}

  • acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Creates an endpoint group.

CreateEndpointGroup

ga:CreateEndpointGroups

  • acs:ga:{#regionId}:{#accountId}:endpointgroup/*

  • acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

  • acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}

Creates endpoint groups.

CreateEndpointGroups

ga:CreateForwardingRules

  • acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}

  • acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Creates a forwarding rule.

CreateForwardingRules

ga:CreateIpSets

  • acs:ga:{#regionId}:{#accountId}:ipset/*

  • acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Creates an acceleration region.

CreateIpSets

ga:CreateListener

  • acs:ga:{#regionId}:{#accountId}:listener/*

  • acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Creates a listener.

CreateListener

ga:CreateSpareIps

acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Creates secondary IP addresses for a CNAME. If an acceleration area becomes unavailable, GA redirects traffic to the secondary IP addresses.

CreateSpareIps

ga:DeleteAccelerator

acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Deletes a GA instance.

DeleteAccelerator

ga:DeleteAcl

acs:ga:{#regionId}:{#accountId}:acl/{#aclId}

Deletes an ACL.

DeleteAcl

ga:DeleteApplicationMonitor

acs:ga:{#regionId}:{#accountId}:sitemonitor/{#TaskId}

Deletes an origin probing task.

DeleteApplicationMonitor

ga:DeleteBandwidthPackage

acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}

Deletes a bandwidth plan.

DeleteBandwidthPackage

ga:DeleteBasicAccelerateIp

acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId}

Deletes an accelerated IP address of a basic GA instance.

DeleteBasicAccelerateIp

ga:DeleteBasicAccelerateIpEndpointRelation

  • acs:ga:{#regionId}:{#accountId}:basicendpoint/{#basicendpointId}

  • acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId}

  • acs:ga:{#regionId}:{#accountId}:basicendpoint/{#basicendpointId}

Deletes an endpoint group of a basic GA instance.

DeleteBasicAccelerateIpEndpointRelation

ga:DeleteBasicAccelerator

acs:ga:{#regionId}:{#accountId}:ga/{#BasicAcceleratorId}

Deletes a basic GA instance.

DeleteBasicAccelerator

ga:DeleteBasicEndpoint

acs:ga:{#regionId}:{#accountId}:basicendpoint/{#basicendpointId}

Deletes an endpoint of a basic GA instance.

DeleteBasicEndpoint

ga:DeleteBasicEndpointGroup

acs:ga:{#regionId}:{#accountId}:endpointgroup/{#BasicEndpointGroupId}

Deletes an endpoint group of a basic GA instance.

DeleteBasicEndpointGroup

ga:DeleteBasicIpSet

acs:ga:{#regionId}:{#accountId}:ipset/{#BasicIpSetId}

Deletes an acceleration region of a basic GA instance.

DeleteBasicIpSet

ga:DeleteCustomRoutingEndpointGroupDestinations

acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#EndpointGroupId}

Deletes the mapping configurations of an endpoint group that is associated with a custom routing listener.

DeleteCustomRoutingEndpointGroupDestinations

ga:DeleteCustomRoutingEndpointGroups

  • acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#EndpointGroupId}

  • acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#EndpointGroupId}

Deletes multiple endpoint groups from a custom routing listener at the same time.

DeleteCustomRoutingEndpointGroups

ga:DeleteCustomRoutingEndpointTrafficPolicies

acs:ga:{#regionId}:{#accountId}:customroutingendpointtrafficpolicy/{#CustomRoutingEndpointTrafficPolicyId}

Deletes the traffic policies of endpoints from a custom routing listener.

DeleteCustomRoutingEndpointTrafficPolicies

ga:DeleteCustomRoutingEndpoints

acs:ga:{#regionId}:{#accountId}:customroutingendpoint/{#CustomRoutingEndpointId}

Deletes endpoints from a custom routing listener.

DeleteCustomRoutingEndpoints

ga:DeleteEndpointGroup

acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointGroupId}

Deletes an endpoint group.

DeleteEndpointGroup

ga:DeleteEndpointGroups

acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointgroupId}

Deletes endpoint groups.

DeleteEndpointGroups

ga:DeleteForwardingRules

acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}

Deletes a forwarding rule.

DeleteForwardingRules

ga:DeleteIpSet

acs:ga:{#regionId}:{#accountId}:ipset/{#ipSetId}

Deletes an acceleration region.

DeleteIpSet

ga:DeleteIpSets

acs:ga:{#regionId}:{#accountId}:ipset/{#ipSetId}

Deletes multiple acceleration regions.

DeleteIpSets

ga:DeleteListener

acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}

Deletes a listener.

DeleteListener

ga:DeleteSpareIps

acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Deletes the secondary IP addresses of a CNAME.

DeleteSpareIps

ga:DescribeAccelerator

acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Queries the information about a GA instance.

DescribeAccelerator

ga:DescribeAcceleratorAutoRenewAttribute

acs:ga:{#regionId}:{#accountId}:ga/{#gaId}

Queries the auto-renewal status of a GA instance.

DescribeAcceleratorAutoRenewAttribute

ga:DescribeApplicationMonitor

acs:ga:{#regionId}:{#accountId}:sitemonitor/{#TaskId}

Queries the information about an origin probing task.

DescribeApplicationMonitor

ga:DescribeBandwidthPackage

acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}

Queries the information about a bandwidth plan.

DescribeBandwidthPackage

ga:DescribeBandwidthPackageAutoRenewAttribute

acs:ga:{#regionId}:{#accountId}:ga/{#BandwidthPackageId}

Queries the auto-renewal status of a bandwidth plan.

DescribeBandwidthPackageAutoRenewAttribute

ga:DescribeCustomRoutingEndPointTrafficPolicy

acs:ga:{#regionId}:{#accountId}:trafficpolicy/{#CustomRoutingEndpointTrafficPolicyId}/{#EndpointId}

Queries the traffic policies of a specific endpoint of a custom routing listener.

DescribeCustomRoutingEndPointTrafficPolicy

ga:DescribeCustomRoutingEndpoint

acs:ga:{#regionId}:{#accountId}:customroutingendpoint/{#CustomRoutingEndpointId}

Queries the information about a specific endpoint of a custom routing listener.

DescribeCustomRoutingEndpoint

ga:DescribeCustomRoutingEndpointGroup

acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#customroutingendpointgroupId}

Queries the information about a specific endpoint group that is associated with a custom routing listener.

DescribeCustomRoutingEndpointGroup

ga:DescribeCustomRoutingEndpointGroupDestinations

acs:ga:{#regionId}:{#accountId}:destination/{#DestinationId}

Queries the mapping configurations of an endpoint group.

DescribeCustomRoutingEndpointGroupDestinations

ga:DescribeEndpointGroup

acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointGroupId}

Queries the information about an endpoint group.

DescribeEndpointGroup

ga:DescribeIpSet

acs:ga:{#regionId}:{#accountId}:ipset/{#ipSetId}

Queries the information about an acceleration region.

DescribeIpSet

ga:DescribeListener

acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}

Queries listeners.

DescribeListener

ga:DescribeRegions

acs:ga:{#regionId}:{#accountId}:region/*

Queries the regions where GA instances are deployed.

DescribeRegions

ga:DetachDdosFromAccelerator

acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Disassociates a GA instance from an Anti-DDoS Pro or Anti-DDoS Premium instance.

DetachDdosFromAccelerator

ga:DetachLogStoreFromEndpointGroup

  • acs:ga:{#regionId}:{#accountId}:endpointgroup/*

  • acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Disassociates a Logstore from an endpoint group.

DetachLogStoreFromEndpointGroup

ga:DetectApplicationMonitor

acs:ga:{#regionId}:{#accountId}:sitemonitor/{#TaskId}

Enables the diagnostics feature.

DetectApplicationMonitor

ga:DisableApplicationMonitor

acs:ga:{#regionId}:{#accountId}:sitemonitor/*

Disables the origin probing feature.

DisableApplicationMonitor

ga:DissociateAclsFromListener

acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}

Disassociates a listener from an ACL.

DissociateAclsFromListener

ga:DissociateAdditionalCertificatesFromListener

acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}

Disassociates additional certificates from an HTTPS listener.

DissociateAdditionalCertificatesFromListener

ga:EnableApplicationMonitor

acs:ga:{#regionId}:{#accountId}:sitemonitor/*

Enables the origin probing feature.

EnableApplicationMonitor

ga:GetAcl

acs:ga:{#regionId}:{#accountId}:acl/*

Queries an ACL.

GetAcl

ga:GetBasicAccelerateIp

acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId}

Queries the information about an accelerated IP address of a basic GA instance.

GetBasicAccelerateIp

ga:GetBasicAccelerateIpEndpointRelation

  • acs:ga:{#regionId}:{#accountId}:basicendpoint/{#basicendpointId}

  • acs:ga:{#regionId}:{#accountId}:basicgaip/{#basicgaipId}

Queries the accelerated IP addresses of a basic GA instance that are associated with endpoints.

GetBasicAccelerateIpEndpointRelation

ga:GetBasicAccelerateIpIdleCount

acs:ga:{#regionId}:{#accountId}:ipset/{#ipsetId}

Queries the number of idle accelerated IP addresses of a basic GA instance.

GetBasicAccelerateIpIdleCount

ga:GetBasicAccelerator

acs:ga:{#regionId}:{#accountId}:ga/{#BasicAcceleratorId}

Queries the information about a basic GA instance.

GetBasicAccelerator

ga:GetBasicEndpoint

acs:ga:{#regionId}:{#accountId}:basicendpoint/{#EndPointId}

Queries the information about an endpoint of a basic GA instance.

GetBasicEndpoint

ga:GetBasicEndpointGroup

acs:ga:{#regionId}:{#accountId}:endpointgroup/{#BasicEndpointGroupId}

Queries the information about an endpoint group of a GA instance.

GetBasicEndpointGroup

ga:GetBasicIpSet

acs:ga:{#regionId}:{#accountId}:ipset/{#BasicIpSetId}

Queries the acceleration region of a basic GA instance.

GetBasicIpSet

ga:GetHealthStatus

acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}

Queries the health status of a listener.

GetHealthStatus

ga:GetIpsetsBandwidthLimit

acs:ga:{#regionId}:{#accountId}:accelerator/{#AcceleratorId}

Queries the bandwidth allocation limits of an acceleration area.

GetIpsetsBandwidthLimit

ga:GetSpareIp

acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Queries the status of the secondary IP addresses of a CNAME.

GetSpareIp

ga:ListAccelerateAreas

acs:ga:{#regionId}:{#accountId}:region/*

Queries available acceleration areas and regions.

ListAccelerateAreas

ga:ListAccelerators

acs:ga:{#regionId}:{#accountId}:ga/*

Queries GA instances.

ListAccelerators

ga:ListAcls

acs:ga:{#regionId}:{#accountId}:acl/*

Queries the ACLs in a specific region.

ListAcls

ga:ListApplicationMonitor

acs:ga:{#regionId}:{#accountId}:sitemonitor/*

Queries origin probing tasks.

ListApplicationMonitor

ga:ListApplicationMonitorDetectResult

acs:ga:{#regionId}:{#accountId}:sitemonitor/*

Queries the diagnostic result of an origin probing task.

ListApplicationMonitorDetectResult

ga:ListAvailableAccelerateAreas

acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Queries available acceleration regions.

ListAvailableAccelerateAreas

ga:ListAvailableBusiRegions

acs:ga:{#regionId}:{#accountId}:ga/*

Queries the acceleration regions supported by a GA instance.

ListAvailableBusiRegions

ga:ListBandwidthPackages

acs:ga:{#regionId}:{#accountId}:bandwidthpackage/*

Queries bandwidth plans.

ListBandwidthPackages

ga:ListBandwidthackages

acs:ga:{#regionId}:{#accountId}:bandwidthpackage/*

Queries bandwidth plans.

ListBandwidthackages

ga:ListBasicAccelerateIpEndpointRelations

acs:ga:{#regionId}:{#accountId}:ga/{#gaId}

Queries the accelerated IP addresses of a basic GA instance that are associated with endpoints.

ListBasicAccelerateIpEndpointRelations

ga:ListBasicAccelerateIps

acs:ga:{#regionId}:{#accountId}:ipset/{#IpSetId}

Queries the accelerated IP addresses in an acceleration region of a basic GA instance.

ListBasicAccelerateIps

ga:ListBasicAccelerators

acs:ga:{#regionId}:{#accountId}:ga/*

Queries basic GA instances.

ListBasicAccelerators

ga:ListBasicEndpoints

acs:ga:{#regionId}:{#accountId}:endpointgroup/{#EndpointGroupId}

Queries the endpoints that are associated with a basic GA instance.

ListBasicEndpoints

ga:ListBusiRegions

acs:ga:{#regionId}:{#accountId}:region/*

Queries the regions supported by GA.

ListBusiRegions

ga:ListCommonAreas

acs:ga:{#regionId}:{#accountId}:region/*

Queries the available acceleration areas and regions that are displayed on the Recommendation and Free Trial wizard pages.

ListCommonAreas

ga:ListCustomRoutingEndpointGroupDestinations

acs:ga:{#regionId}:{#accountId}:ga/{#gaId}

Queries the mapping configurations of endpoint groups.

ListCustomRoutingEndpointGroupDestinations

ga:ListCustomRoutingEndpointGroups

acs:ga:*:{#accountId}:ga/{#gaId}

Queries the information about the endpoint groups that are associated with a custom routing listener.

ListCustomRoutingEndpointGroups

ga:ListCustomRoutingEndpointTrafficPolicies

acs:ga:*:{#accountId}:ga/{#gaId}

Queries the traffic policies of endpoints of a custom routing listener.

ListCustomRoutingEndpointTrafficPolicies

ga:ListCustomRoutingEndpoints

acs:ga:*:{#accountId}:ga/{#gaId}

Queries the information about the endpoints of a custom routing listener.

ListCustomRoutingEndpoints

ga:ListCustomRoutingPortMappings

acs:ga:*:{#accountId}:ga/{#gaId}

Queries the port mappings of a custom routing listener.

ListCustomRoutingPortMappings

ga:ListCustomRoutingPortMappingsByDestination

acs:ga:*:{#accountId}:customroutingendpoint/{#customroutingendpointId}

Queries the port mappings of a specific backend instance that is associated with a custom routing listener.

ListCustomRoutingPortMappingsByDestination

ga:ListEndpointGroups

acs:ga:{#regionId}:{#accountId}:endpointgroup/*

Queries endpoint groups.

ListEndpointGroups

ga:ListForwardingRules

acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}

Queries the information about existing forwarding rules.

ListForwardingRules

ga:ListIpSets

acs:ga:{#regionId}:{#accountId}:ipset/*

Queries acceleration regions.

ListIpSets

ga:ListIspTypes

acs:ga:{#regionId}:{#accountId}:region/*

Queries the line types of Elastic IP Address (EIP) that are supported in an acceleration region.

ListIspTypes

ga:ListListenerCertificates

acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}

Queries the certificates that are associated with a listener.

ListListenerCertificates

ga:ListListeners

acs:ga:{#regionId}:{#accountId}:listener/*

Queries listeners.

ListListeners

ga:ListSpareIps

acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Queries the secondary IP addresses of a CNAME.

ListSpareIps

ga:ListSystemSecurityPolicies

acs:ga:{#regionId}:{#accountId}:ga/*

Queries the TLS security policies that are supported by an HTTPS listener.

ListSystemSecurityPolicies

ga:ListTagResources

  • acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

  • acs:ga:{#regionId}:{#accountId}:acl/{#aclId}

  • acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthpackageId}

  • acs:ga:{#regionId}:{#accountId}:ga/{#basicacceleratorId}

  • acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointGroupId}

Queries the tags that are added to a GA instance.

ListTagResources

ga:RemoveEntriesFromAcl

acs:ga:{#regionId}:{#accountId}:acl/{#aclId}

Deletes IP entries from an ACL.

RemoveEntriesFromAcl

ga:ReplaceBandwidthPackage

acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}

Replaces a bandwidth plan.

ReplaceBandwidthPackage

ga:TagResources

  • acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

  • acs:ga:{#regionId}:{#accountId}:acl/{#aclId}

  • acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthpackageId}

  • acs:ga:{#regionId}:{#accountId}:ga/{#basicacceleratorId}

  • acs:ga:{#regionId}:{#accountId}:endpointgroup/{#EndpointGroupId}

Adds tags to a GA instance.

TagResources

ga:UntagResources

  • acs:ga:{#regionId}:{#accountId}:accelerator/{#acceleratorId}

  • acs:ga:{#regionId}:{#accountId}:basicaccelerator/{#basicacceleratorId}

  • acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointgroupId}

  • acs:ga:{#regionId}:{#accountId}:acl/{#AclId}

  • acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}

Deletes tags of a GA instance.

UntagResources

ga:UpdateAccelerator

acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Modifies a GA instance. Modifies a GA instance.

UpdateAccelerator

ga:UpdateAcceleratorAutoRenewAttribute

acs:ga:{#regionId}:{#accountId}:ga/{#gaId}

Modifies the auto-renewal settings of a GA instance.

UpdateAcceleratorAutoRenewAttribute

ga:UpdateAcceleratorConfirm

acs:ga:{#regionId}:{#accountId}:ga/{#acceleratorId}

Confirms the specification of a GA instance that is modified.

UpdateAcceleratorConfirm

ga:UpdateAcceleratorCrossBorderMode

acs:ga:*:{#accountId}:*

Modifies the transmission network type of a GA instance.

UpdateAcceleratorCrossBorderMode

ga:UpdateAclAttribute

acs:ga:{#regionId}:{#accountId}:acl/{#aclId}

Modifies the attributes of an ACL.

UpdateAclAttribute

ga:UpdateAdditionalCertificateWithListener

acs:ga:{#regionId}:{#accountId}:listener/{#ListenerId}

Replaces an additional certificate for an HTTPS listener.

UpdateAdditionalCertificateWithListener

ga:UpdateApplicationMonitor

acs:ga:{#regionId}:{#accountId}:sitemonitor/{#TaskId}

Modifies the configuration of an origin probing task.

UpdateApplicationMonitor

ga:UpdateBandwidthPackagaAutoRenewAttribute

acs:ga:{#regionId}:{#accountId}:ga/{#BandwidthPackageId}

Modifies the auto-renewal status of a bandwidth plan.

UpdateBandwidthPackagaAutoRenewAttribute

ga:UpdateBandwidthPackage

acs:ga:{#regionId}:{#accountId}:bandwidthpackage/{#bandwidthPackageId}

Modifies a bandwidth plan.

UpdateBandwidthPackage

ga:UpdateBasicAccelerator

acs:ga:{#regionId}:{#accountId}:ga/{#BasicAcceleratorId}

Modifies a basic GA instance.

UpdateBasicAccelerator

ga:UpdateBasicEndpoint

acs:ga:{#regionId}:{#accountId}:basicendpoint/{#EndPointId}

Modifies the name of an endpoint that is associated with a basic GA instance.

UpdateBasicEndpoint

ga:UpdateBasicEndpointGroup

acs:ga:{#regionId}:{#accountId}:endpointgroup/{#BasicEndpointGroupId}

Modifies the endpoint group of a basic GA instance.

UpdateBasicEndpointGroup

ga:UpdateBasicIpSet

acs:ga:{#regionId}:{#accountId}:ipset/{#ipsetId}

Modifies the bandwidth of an acceleration region for a basic GA instance.

UpdateBasicIpSet

ga:UpdateCustomRoutingEndpointGroupAttribute

acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#EndpointGroupId}

Modifies the name and description of an endpoint group that is associated with a custom routing listener.

UpdateCustomRoutingEndpointGroupAttribute

ga:UpdateCustomRoutingEndpointGroupDestinations

acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/{#customroutingendpointgroupId}

Modifies the mapping configurations of an endpoint group that is associated with a custom routing listener.

UpdateCustomRoutingEndpointGroupDestinations

ga:UpdateCustomRoutingEndpointTrafficPolicies

acs:ga:{#regionId}:{#accountId}:customroutingendpoint/{#CustomRoutingEndpointTrafficPolicyId}

Modifies the traffic policies for an endpoint of a custom routing listener.

UpdateCustomRoutingEndpointTrafficPolicies

ga:UpdateCustomRoutingEndpoints

acs:ga:{#regionId}:{#accountId}:customroutingendpointgroup/*

Modifies the endpoints of a custom routing listener.

UpdateCustomRoutingEndpoints

ga:UpdateDomain

acs:ga:{#regionId}:{#accountId}:ga/*

Modifies an accelerated domain name of a GA instance.

UpdateDomain

ga:UpdateEndpointGroup

acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointGroupId}

Modifies an endpoint group.

UpdateEndpointGroup

ga:UpdateEndpointGroupAttribute

acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointGroupId}

Modifies the name and description of an endpoint group.

UpdateEndpointGroupAttribute

ga:UpdateEndpointGroups

acs:ga:{#regionId}:{#accountId}:endpointgroup/{#endpointgroupId}

Modifies the endpoint groups of a listener at the same time.

UpdateEndpointGroups

ga:UpdateForwardingRules

acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}

Updates a forwarding rule.

UpdateForwardingRules

ga:UpdateIpSet

acs:ga:{#regionId}:{#accountId}:ipset/{#ipSetId}

Modifies an acceleration region in an acceleration area.

UpdateIpSet

ga:UpdateIpSets

acs:ga:{#regionId}:{#accountId}:ipset/{#ipSetId}

Modifies multiple acceleration regions in an acceleration area.

UpdateIpSets

ga:UpdateListener

acs:ga:{#regionId}:{#accountId}:listener/{#listenerId}

Modifies a listener.

UpdateListener

For more information about the authorization of a GA instance, see RAM authorization.

Grant permissions to a RAM user

By default, a RAM user cannot create GA instances or access or manage GA instances that belong to an Alibaba Cloud account. If you want to access or manage GA resources as a RAM user, you must first grant the permissions to the RAM user.

Before you grant permissions to a RAM user, make sure that you created a RAM user. For more information, see Create a RAM user.

  1. Log on to the RAM console with an Alibaba Cloud account.

  2. In the left-side navigation pane, choose Identities > Users.

  3. On the Users page, find the required RAM user, and click Add Permissions in the Actions column.

  4. In the Add Permissions panel, grant permissions to the RAM user.

    1. Select the authorization scope.

      • Alibaba Cloud Account: The permissions take effect on the current Alibaba Cloud account.

      • Specific Resource Group: The permissions take effect in a specific resource group.

        Note

        If you select Specific Resource Group for Authorized Scope, make sure that the cloud service supports resource groups. For more information, see Services that work with Resource Group.

    2. Specify the principal.

      The principal is the RAM user to which you want to grant permissions.

    3. Select policies.

      RAM supports the following types of policies: system policies and custom policies. You can choose policies based on your business requirements.

      Note

      You can attach a maximum of five policies to a RAM user at a time. If you want to attach more than five policies to a RAM user, perform the operation multiple times.

  5. Click OK.

  6. Click Complete.