Before a Resource Access Management (RAM) user can call the Network Load Balancer (NLB) API to access resources that belong to an Alibaba Cloud account, you must use the Alibaba Cloud account to grant the required permissions to the RAM user. You must specify the Alibaba Cloud Resource Name (ARN) of the resource that you want the RAM user to access in a policy.

The following list describes the variables that you can specify in a policy. Replace the variables with actual values.
  • <regionId>: the ID of the region.
  • <accountId>: the ID of the Alibaba Cloud account.
  • <LoadBalancerId>: the ID of the NLB instance.
  • <ListenerId>: the ID of the listener.
  • <ServerGroupId>: the ID of the server group.
  • <SecurityPolicyId>: the ID of the TLS security policy.

Available operations

The following tables list the API operations of NLB that you can specify in the Action parameter and the ARN format that is used in the Resource parameter.

Table 1. Operations related to instances
ActionResource
CreateLoadBalanceracs:nlb:{#regionId}:{#accountId}:loadbalancer/*
DeleteLoadBalanceracs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}
UpdateLoadBalancerAttributeacs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}
UpdateLoadBalancerAddressTypeConfigacs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}
UpdateLoadBalancerZonesacs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}
GetLoadBalancerAttributeacs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}
ListLoadBalancersacs:nlb:{#regionId}:{#accountId}:loadbalancer/*
AttachCommonBandwidthPackageToLoadBalanceracs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}
DetachCommonBandwidthPackageFromLoadBalanceracs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}
EnableLoadBalancerIpv6Internetacs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}
DisableLoadBalancerIpv6Internetacs:nlb:{#regionId}:{#accountId}:loadbalancer/{#LoadBalancerId}
Table 2. Operations related to listeners
ActionResource
CreateListeneracs:nlb:{#regionId}:{#accountId}:listener/*
DeleteListeneracs:nlb:{#regionId}:{#accountId}:listener/{#ListenerId}
ListListenersacs:nlb:{#regionId}:{#accountId}:listener/*
UpdateListenerAttributeacs:nlb:{#regionId}:{#accountId}:listener/{#ListenerId}
StartListeneracs:nlb:{#regionId}:{#accountId}:listener/{#ListenerId}
StopListeneracs:nlb:{#regionId}:{#accountId}:listener/{#ListenerId}
GetListenerAttributeacs:nlb:{#regionId}:{#accountId}:listener/{#ListenerId}
GetListenerHealthStatusacs:nlb:{#regionId}:{#accountId}:listener/{#ListenerId}
Table 3. Operations related to server groups
ActionResource
CreateServerGroupacs:nlb:{#regionId}:{#accountId}:servergroup/*
DeleteServerGroupacs:nlb:{#regionId}:{#accountId}:servergroup/{#ServerGroupId}
UpdateServerGroupAttributeacs:nlb:{#regionId}:{#accountId}:servergroup/{#ServerGroupId}
AddServersToServerGroupacs:nlb:{#regionId}:{#accountId}:servergroup/{#ServerGroupId}
RemoveServersFromServerGroupacs:nlb:{#regionId}:{#accountId}:servergroup/{#ServerGroupId}
UpdateServerGroupServersAttributeacs:nlb:{#regionId}:{#accountId}:servergroup/{#ServerGroupId}
ListServerGroups
  • acs:nlb:{#regionId}:{#accountId}:servergroup/*
  • acs:nlb:{#regionId}:{#accountId}:servergroup/{#ServerGroupId}
ListServerGroupServersacs:nlb:{#regionId}:{#accountId}:servergroup/{#ServerGroupId}
Table 4. Operations related to security policies
ActionResource
CreateSecurityPolicyacs:nlb:{#regionId}:{#accountId}:securitypolicy/*
UpdateSecurityPolicyAttribute
  • acs:nlb:{#regionId}:{#accountId}:securitypolicy/{#SecurityPolicyId}
  • acs:nlb:{#regionId}:{#accountId}:listener/{#ListenerId}
ListSecurityPolicyacs:nlb:{#regionId}:{#accountId}:securitypolicy/*
DeleteTLSCipherPolicyacs:nlb:{#regionId}:{#accountId}:securitypolicy/{#SecurityPolicyId}
DeleteSecurityPolicyacs:nlb:{#regionId}:{#accountId}:securitypolicy/{#SecurityPolicyId}
Table 5. Operations related to asynchronous tasks
ActionResource
GetJobStatusacs:nlb::{#accountId}:*