RAM authorization - Virtual Private Cloud - Alibaba Cloud Documentation Center

Resource Access Management (RAM) is a service provided by Alibaba Cloud to manage user identities and resource access permissions. You can use RAM to prevent RAM users from sharing the AccessKey pairs of your Alibaba Cloud account. You can also use RAM to grant minimum permissions to RAM users. RAM uses policies to define permissions.

This topic describes the elements, such as Action, Resource, and Condition, which are defined by VPC. You can use the elements to create policies in RAM. The code (RamCode) in RAM that is used to indicate VPC is vpc. You can grant permissions on VPC at the RESOURCE.

General structure of a policy

Policies can be stored as JSON files. The following code provides an example on the general structure of a policy:

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}

The following list describes the fields in the policy:

Effect: specifies the authorization effect. Valid values: Allow, Deny.
Action: specifies one or more API operations that are allowed or denied. For more information, see the Action section of this topic.
Resource: specifies one or more resources to which the policy applies. You can use an Alibaba Cloud Resource Name (ARN) to specify a resource. For more information, see the Resource section of this topic.
Condition: specifies one or more conditions that are required for the policy to take effect. This is an optional field. For more information, see the Condition section of this topic.
- Condition_operator: specifies the conditional operators. Different types of conditions support different conditional operators. For more information, see Policy elements.
- Condition_key: specifies the condition keys.
- Condition_value: specifies the condition values.

Action

VPC defines the values that you can use in the Action element of a policy statement. The following table describes the values.

Operation: the value that you can use in the Action element to specify the operation on a resource.
API operation: the API operation that you can call to perform the operation.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- For mandatory resource types, indicate with a prefix of * .
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition key: the condition keys that are defined by the Alibaba Cloud service. The Condition key column does not list the common condition keys that are defined by Alibaba Cloud. For more information about the common condition keys, see Generic Condition Keyword.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Actions	API operation	Access level	Resource type	Condition key	Associated operation
vpc:ActivateRouterInterface	ActivateRouterInterface	update	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	None	None
vpc:ActiveFlowLog	ActiveFlowLog	update	*FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}`	None	None
vpc:AddSourcesToTrafficMirrorSession	AddSourcesToTrafficMirrorSession	update	*TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}`	None	None
vpc:AllocateIpv6Address	AllocateIpv6Address	create	Ipv6Address `acs:vpc:{#regionId}:{#accountId}:ipv6address/`	None	None
vpc:AllocateIpv6InternetBandwidth	AllocateIpv6InternetBandwidth	create	Ipv6InternetBandwidth `acs:vpc:{#regionId}:{#accountId}:ipv6bandwidth/`	None	None
vpc:AllocateVpcIpv6Cidr	AllocateVpcIpv6Cidr	none	All Resources ``	None	None
vpc:AssociateHaVip	AssociateHaVip	create	Instance `acs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId}` HaVip `acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}`	None	None
vpc:AssociateNetworkAcl	AssociateNetworkAcl	update	NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	None	None
vpc:AssociateRouteTable	AssociateRouteTable	update	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId}`	None	None
vpc:AssociateRouteTableWithGateway	AssociateRouteTableWithGateway	create	Ipv4Gateway `acs:vpc:{#regionId}:{#accountId}:ipv4gateway/{#ipv4gatewayId}` RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#routetableId}`	None	None
vpc:AssociateRouteTablesWithVpcGatewayEndpoint	AssociateRouteTablesWithVpcGatewayEndpoint	create	*GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	None	None
vpc:AssociateVpcCidrBlock	AssociateVpcCidrBlock	create	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:AttachDhcpOptionsSetToVpc	AttachDhcpOptionsSetToVpc	update	DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:AttachVbrToVpconn	AttachVbrToVpconn	update	*VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#virtualborderrouterId}`	None	None
vpc:CancelPhysicalConnection	CancelPhysicalConnection	update	*PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}`	None	None
vpc:ChangeResourceGroup	ChangeResourceGroup	update	All Resources ``	None	None
vpc:CheckCanAllocateVpcPrivateIpAddress	CheckCanAllocateVpcPrivateIpAddress	none	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	None	None
vpc:CompletePhysicalConnectionLOA	CompletePhysicalConnectionLOA	update	*PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}`	None	None
vpc:ConnectRouterInterface	ConnectRouterInterface	update	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	None	None
vpc:CopyNetworkAclEntries	CopyNetworkAclEntries	update	*NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}`	None	None
vpc:CreateDefaultVSwitch	CreateDefaultVSwitch	Write	VSwitch `acs:vpc:{#regionid}:{#accountId}:vswitch/`	None	None
vpc:CreateDefaultVpc	CreateDefaultVpc	Write	VPC `acs:vpc:{#regionId}:{#accountId}:vpc/`	None	None
vpc:CreateDhcpOptionsSet	CreateDhcpOptionsSet	create	DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/`	None	None
vpc:CreateFlowLog	CreateFlowLog	create	VSwitch `acs:vpc:{#regionid}:{#accountId}:vswitch/{#VSwitchId}` FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:CreateHaVip	CreateHaVip	create	HaVip `acs:vpc:{#regionId}:{#accountId}:havip/` *VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	None	None
vpc:CreateHighReliablePhysicalConnection	CreateHighReliablePhysicalConnection	create	All Resources ``	None	None
vpc:CreateIpv4Gateway	CreateIpv4Gateway	create	Ipv4Gateway `acs:vpc:{#regionId}:{#accountId}:ipv4gateway/`	None	None
vpc:CreateIpv6EgressOnlyRule	CreateIpv6EgressOnlyRule	create	*Ipv6EgressRule `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	None	None
vpc:CreateIpv6Gateway	CreateIpv6Gateway	create	Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/`	None	None
vpc:CreateNetworkAcl	CreateNetworkAcl	create	NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/` *VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:CreatePhysicalConnectionOccupancyOrder	CreatePhysicalConnectionOccupancyOrder	create	*PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}`	None	None
vpc:CreateRouteEntries	CreateRouteEntries	create	*RouteEntry `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:CreateRouteEntry	CreateRouteEntry	create	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:CreateRouteTable	CreateRouteTable	create	RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/`	None	None
vpc:CreateRouterInterface	CreateRouterInterface	create	VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}` RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/*`	vpc:TargetAccountRDId	None
vpc:CreateSslVpnServer	CreateSslVpnServer	create	SslVpnServer `acs:vpc:{#regionId}:{#accountId}:sslvpnserver/` *VpnGateway `acs:vpc:{#regionId}:{#accountId}:vpngateway/{#VpnGatewayId}`	None	None
vpc:CreateTrafficMirrorFilter	CreateTrafficMirrorFilter	create	TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/`	None	None
vpc:CreateTrafficMirrorFilterRules	CreateTrafficMirrorFilterRules	create	*TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	None	None
vpc:CreateTrafficMirrorSession	CreateTrafficMirrorSession	create	TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/` *TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	None	None
vpc:CreateVSwitch	CreateVSwitch	create	VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/*`	vpc:tag	None
vpc:CreateVSwitchCidrReservation	CreateVSwitchCidrReservation	create	VSwitchCidrReservation `acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/`	None	None
vpc:CreateVbrHa	CreateVbrHa	create	*VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}`	None	None
vpc:CreateVirtualPhysicalConnection	CreateVirtualPhysicalConnection	create	*PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#physicalconnectionId}`	None	None
vpc:CreateVpc	CreateVpc	create	VPC `acs:vpc:{#regionId}:{#accountId}:vpc/`	None	None
vpc:CreateVpcGatewayEndpoint	CreateVpcGatewayEndpoint	create	GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/`	None	None
vpc:CreateVpcPrefixList	CreateVpcPrefixList	create	PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/`	None	None
vpc:CreateVpconnFromVbr	CreateVpconnFromVbr	create	*VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#virtualborderrouterId}`	None	None
vpc:DeactivateRouterInterface	DeactivateRouterInterface	update	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	None	None
vpc:DeactiveFlowLog	DeactiveFlowLog	update	*FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}`	None	None
vpc:DeleteDhcpOptionsSet	DeleteDhcpOptionsSet	delete	*DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}`	None	None
vpc:DeleteExpressConnectTrafficQosQueue	DeleteExpressConnectTrafficQosQueue	delete	All Resources ``	None	None
vpc:DeleteFlowLog	DeleteFlowLog	delete	*FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}`	None	None
vpc:DeleteHaVip	DeleteHaVip	delete	*HaVip `acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}`	None	None
vpc:DeleteIpv4Gateway	DeleteIpv4Gateway	delete	*Ipv4Gateway `acs:vpc:{#regionId}:{#accountId}:ipv4gateway/{#ipv4gatewayId}`	None	None
vpc:DeleteIpv6EgressOnlyRule	DeleteIpv6EgressOnlyRule	delete	*Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	None	None
vpc:DeleteIpv6Gateway	DeleteIpv6Gateway	delete	*Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	None	None
vpc:DeleteIpv6InternetBandwidth	DeleteIpv6InternetBandwidth	delete	*Ipv6InternetBandwidth `acs:vpc:{#regionId}:{#accountId}:ipv6bandwidth/{#Ipv6InternetBandwidthId}`	None	None
vpc:DeleteNetworkAcl	DeleteNetworkAcl	delete	*NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}`	None	None
vpc:DeleteRouteEntries	DeleteRouteEntries	delete	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#routetableId}`	None	None
vpc:DeleteRouteEntry	DeleteRouteEntry	delete	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:DeleteRouteTable	DeleteRouteTable	delete	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:DeleteRouterInterface	DeleteRouterInterface	delete	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	None	None
vpc:DeleteTrafficMirrorFilter	DeleteTrafficMirrorFilter	delete	*TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	None	None
vpc:DeleteTrafficMirrorFilterRules	DeleteTrafficMirrorFilterRules	delete	*TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	None	None
vpc:DeleteTrafficMirrorSession	DeleteTrafficMirrorSession	delete	*TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}`	None	None
vpc:DeleteVSwitch	DeleteVSwitch	delete	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	None	None
vpc:DeleteVSwitchCidrReservation	DeleteVSwitchCidrReservation	delete	*VSwitchCidrReservation `acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/{#VSwitchCidrReservationId}`	None	None
vpc:DeleteVbrHa	DeleteVbrHa	delete	*VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}`	None	None
vpc:DeleteVpc	DeleteVpc	delete	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	vpc:tag	None
vpc:DeleteVpcGatewayEndpoint	DeleteVpcGatewayEndpoint	delete	*GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	None	None
vpc:DeleteVpcPrefixList	DeleteVpcPrefixList	delete	*PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}`	None	None
vpc:DeletionProtection	DeletionProtection	delete	*Address `acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}`	None	None
vpc:DescribeEcGrantRelation	DescribeEcGrantRelation	list	*VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}`	None	None
vpc:DescribeExpressConnectTrafficQos	DescribeExpressConnectTrafficQos	list	TrafficQos `acs:vpc:{#regionId}:{#accountId}:TrafficQos/`	None	None
vpc:DescribeExpressConnectTrafficQosQueue	DescribeExpressConnectTrafficQosQueue	list	All Resources ``	None	None
vpc:DescribeFlowLogs	DescribeFlowLogs	get	FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/`	None	None
vpc:DescribeGrantRulesToCen	DescribeGrantRulesToCen	get	VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#InstanceId}` GrantRuleToCen `acs:vpc:{#regionId}:{#accountId}:vpc/{#InstanceId}`	None	None
vpc:DescribeHaVips	DescribeHaVips	get	HaVip `acs:vpc:{#regionId}:{#accountId}:havip/`	None	None
vpc:DescribeIpv6Addresses	DescribeIpv6Addresses	list	Ipv6InternetBandwidth `acs:vpc:{#regionId}:{#accountId}:vpc/`	None	None
vpc:DescribeIpv6EgressOnlyRules	DescribeIpv6EgressOnlyRules	get	*Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	None	None
vpc:DescribeIpv6GatewayAttribute	DescribeIpv6GatewayAttribute	get	*Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	None	None
vpc:DescribeIpv6Gateways	DescribeIpv6Gateways	get	Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/*` Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	None	None
vpc:DescribeNetworkAclAttributes	DescribeNetworkAclAttributes	get	*NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}`	None	None
vpc:DescribeNetworkAcls	DescribeNetworkAcls	list	NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/`	None	None
vpc:DescribePhysicalConnectionLOA	DescribePhysicalConnectionLOA	get	*PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}`	None	None
vpc:DescribePhysicalConnections	DescribePhysicalConnections	list	PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/`	None	None
vpc:DescribeRouteEntryList	DescribeRouteEntryList	get	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:DescribeRouteTableList	DescribeRouteTableList	list	RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/`	vpc:VRouter vpc:VBR	None
vpc:DescribeRouteTables	DescribeRouteTables	list	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	vpc:VBR vpc:VRouter	None
vpc:DescribeRouterInterfaceAttribute	DescribeRouterInterfaceAttribute	get	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	None	None
vpc:DescribeRouterInterfaces	DescribeRouterInterfaces	list	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	None	None
vpc:DescribeTagKeys	DescribeTagKeys	get	All Resources ``	None	None
vpc:DescribeTagKeysForExpressConnect	DescribeTagKeysForExpressConnect	list	All Resources ``	None	None
vpc:DescribeTags	DescribeTags	get	All Resources ``	vpc:tag	None
vpc:DescribeVRouters	DescribeVRouters	list	VRouter `acs:vpc:{#regionId}:{#accountId}:vrouter/`	vpc:VPC	None
vpc:DescribeVSwitchAttributes	DescribeVSwitchAttributes	get	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	None	None
vpc:DescribeVSwitches	DescribeVSwitches	list	VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/`	vpc:VPC	None
vpc:DescribeVbrHa	DescribeVbrHa	get	*VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}`	None	None
vpc:DescribeVpcAttribute	DescribeVpcAttribute	get	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	vpc:tag	None
vpc:DescribeVpcs	DescribeVpcs	list	VPC `acs:vpc:{#regionId}:{#accountId}:vpc/*` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VPCId}`	vpc:tag	None
vpc:DescribeVpnGatewayAvailableZones	DescribeVpnGatewayAvailableZones	list	All Resources ``	None	None
vpc:DetachDhcpOptionsSetFromVpc	DetachDhcpOptionsSetFromVpc	update	DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:DisableVpcClassicLink	DisableVpcClassicLink	update	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:DissociateRouteTableFromGateway	DissociateRouteTableFromGateway	get	Ipv4Gateway `acs:vpc:{#regionId}:{#accountId}:ipv4gateway/{#ipv4gatewayId}` RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#routetableId}`	None	None
vpc:DissociateRouteTablesFromVpcGatewayEndpoint	DissociateRouteTablesFromVpcGatewayEndpoint	delete	*GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	None	None
vpc:EnablePhysicalConnection	EnablePhysicalConnection	update	*PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}`	None	None
vpc:EnableVpcClassicLink	EnableVpcClassicLink	update	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:EnableVpcIpv4Gateway	EnableVpcIpv4Gateway	update	*Ipv4Gateway `acs:vpc:{#regionId}:{#accountId}:ipv4gateway/{#ipv4gatewayId}`	None	None
vpc:GetDhcpOptionsSet	GetDhcpOptionsSet	get	*DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}`	None	None
vpc:GetFlowLogServiceStatus	GetFlowLogServiceStatus	get	FlowLogService `acs:vpc:{#regionId}:{#accountId}:flowlog/`	None	None
vpc:GetIpv4GatewayAttribute	GetIpv4GatewayAttribute	get	*Ipv4Gateway `acs:vpc:{#regionId}:{#accountId}:ipv4gateway/{#Ipv4GatewayId}`	None	None
vpc:GetPhysicalConnectionServiceStatus	GetPhysicalConnectionServiceStatus	get	All Resources ``	None	None
vpc:GetTrafficMirrorServiceStatus	GetTrafficMirrorServiceStatus	get	All Resources ``	None	None
vpc:GetVSwitchCidrReservationUsage	GetVSwitchCidrReservationUsage	get	*VSwitchCidrReservation `acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/{#VSwitchCidrReservationId}`	None	None
vpc:GetVpcGatewayEndpointAttribute	GetVpcGatewayEndpointAttribute	get	*GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	None	None
vpc:GetVpcPrefixListAssociations	GetVpcPrefixListAssociations	get	*PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}`	None	None
vpc:GetVpcPrefixListEntries	GetVpcPrefixListEntries	get	*PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}`	None	None
vpc:GetVpcRouteEntrySummary	GetVpcRouteEntrySummary	list	RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#routetableId}` *VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId}`	None	None
vpc:GrantInstanceToCen	GrantInstanceToCen	update	VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:GrantInstanceToVbr	GrantInstanceToVbr	update	*VPC `acs:vpc:{#regionId}:{#AccountId}:vpc/{#VpcId}`	None	None
vpc:ListBusinessAccessPoints	ListBusinessAccessPoints	list	All Resources ``	None	None
vpc:ListDhcpOptionsSets	ListDhcpOptionsSets	get	DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/*` DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}`	None	None
vpc:ListGatewayRouteTableEntries	ListGatewayRouteTableEntries	list	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#routetableId}`	None	None
vpc:ListGeographicSubRegions	ListGeographicSubRegions	list	All Resources ``	None	None
vpc:ListIpv4Gateways	ListIpv4Gateways	list	Ipv4Gateway `acs:vpc:{#regionId}:{#accountId}:ipv4gateway/*`	None	None
vpc:ListPrefixLists	ListPrefixLists	list	PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/*`	None	None
vpc:ListTagResources	ListTagResources	get	BandwidthPackage `acs:vpc:{#regionId}:{#accountId}:combandwidthpackage/{#BandwidthPackageId}` Address `acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}` NatGateway `acs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId}` RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTable}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}` VpnGateway `acs:vpc:{#regionId}:{#accountId}:vpngateway/{#VpnGatewayId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	vpc:tag	None
vpc:ListTagResourcesForExpressConnect	ListTagResourcesForExpressConnect	list	All Resources ``	None	None
vpc:ListTrafficMirrorFilters	ListTrafficMirrorFilters	list	TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/`	None	None
vpc:ListTrafficMirrorSessions	ListTrafficMirrorSessions	list	TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/`	None	None
vpc:ListVSwitchCidrReservations	ListVSwitchCidrReservations	list	VSwitchCidrReservation `acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/`	None	None
vpc:ListVirtualPhysicalConnections	ListVirtualPhysicalConnections	list	*PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}`	None	None
vpc:ListVpcEndpointServicesByEndUser	ListVpcEndpointServicesByEndUser	list	All Resources ``	None	None
vpc:ListVpcGatewayEndpoints	ListVpcGatewayEndpoints	list	GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/*` GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	None	None
vpc:ModifyEipForwardMode	ModifyEipForwardMode	update	*Address `acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}`	None	None
vpc:ModifyFlowLogAttribute	ModifyFlowLogAttribute	update	*FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}`	None	None
vpc:ModifyHaVipAttribute	ModifyHaVipAttribute	update	*HaVip `acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}`	None	None
vpc:ModifyIpv6AddressAttribute	ModifyIpv6AddressAttribute	update	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:ModifyIpv6GatewayAttribute	ModifyIpv6GatewayAttribute	update	*Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	None	None
vpc:ModifyIpv6InternetBandwidth	ModifyIpv6InternetBandwidth	update	*Ipv6InternetBandwidth `acs:vpc:{#regionId}:{#accountId}:ipv6bandwidth/{#Ipv6InternetBandwidthId}`	None	None
vpc:ModifyNetworkAclAttributes	ModifyNetworkAclAttributes	update	*NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}`	None	None
vpc:ModifyPhysicalConnectionAttribute	ModifyPhysicalConnectionAttribute	update	*PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}`	None	None
vpc:ModifyRouteEntry	ModifyRouteEntry	update	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:ModifyRouteTableAttributes	ModifyRouteTableAttributes	update	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	vpc:VRouter	None
vpc:ModifyRouterInterfaceAttribute	ModifyRouterInterfaceAttribute	update	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	vpc:TargetAccountRDId	None
vpc:ModifyRouterInterfaceSpec	ModifyRouterInterfaceSpec	update	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	None	None
vpc:ModifyVRouterAttribute	ModifyVRouterAttribute	update	*VRouter `acs:vpc:{#regionId}:{#accountId}:vrouter/{#VRouterId}`	None	None
vpc:ModifyVSwitchAttribute	ModifyVSwitchAttribute	update	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	None	None
vpc:ModifyVSwitchCidrReservationAttribute	ModifyVSwitchCidrReservationAttribute	update	*VSwitchCidrReservation `acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/{#VSwitchCidrReservationId}`	None	None
vpc:ModifyVpcAttribute	ModifyVpcAttribute	update	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	vpc:tag	None
vpc:ModifyVpcPrefixList	ModifyVpcPrefixList	update	*PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}`	None	None
vpc:MoveResourceGroup	MoveResourceGroup	update	BandwidthPackage `acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}` Eip `acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}` PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}` GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}` DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}` FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}` HaVip `acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}` Ipv4Gateway `acs:vpc:{#regionId}:{#accountId}:ipv4gateway/{#Ipv4GatewayId}` Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}` PublicIpAddressPool `acs:vpc:{#regionId}:{#accountId}:publicipaddresspool/{#PublicIpAddressPoolId}` TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}` TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}`	None	None
vpc:OpenFlowLogService	OpenFlowLogService	create	FlowLogService `acs:vpc:{#regionId}:{#accountId}:flowlog/`	None	None
vpc:OpenPhysicalConnectionService	OpenPhysicalConnectionService	create	All Resources ``	None	None
vpc:OpenTrafficMirrorService	OpenTrafficMirrorService	create	All Resources ``	None	None
vpc:RecoverPhysicalConnection	RecoverPhysicalConnection	update	*PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#physicalconnectionId}`	None	None
vpc:ReleaseIpv6Address	ReleaseIpv6Address	delete	*Ipv6Address `acs:vpc:{#regionId}:{#accountId}:ipv6address/{#Ipv6AddressId}`	None	None
vpc:RemoveSourcesFromTrafficMirrorSession	RemoveSourcesFromTrafficMirrorSession	update	*TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}`	None	None
vpc:ReplaceVpcDhcpOptionsSet	ReplaceVpcDhcpOptionsSet	update	DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:RetryVpcPrefixListAssociation	RetryVpcPrefixListAssociation	update	*PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}`	None	None
vpc:RevokeInstanceFromCen	RevokeInstanceFromCen	update	*VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}`	None	None
vpc:RevokeInstanceFromVbr	RevokeInstanceFromVbr	update	*VPC `acs:vpc:{#regionId}:{#AccountId}:vpc/{#VpcId}`	None	None
vpc:SecondApplyPhysicalConnectionLOA	SecondApplyPhysicalConnectionLOA	none	*PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}`	None	None
vpc:StopFailoverTestJob	StopFailoverTestJob	update	VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}` PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}`	None	None
vpc:TagResources	TagResources	update	BandwidthPackage `acs:vpc:{#regionId}:{#accountId}:combandwidthpackage/{#BandwidthPackageId}` Address `acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}` NatGateway `acs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId}` RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}` VpnGateway `acs:vpc:{#regionId}:{#accountId}:vpngateway/{#VpnGatewayId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	vpc:tag	None
vpc:TagResourcesForExpressConnect	TagResourcesForExpressConnect	update	All Resources ``	None	None
vpc:TerminatePhysicalConnection	TerminatePhysicalConnection	update	*PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}`	None	None
vpc:TransformEipSegmentToPublicIpAddressPool	TransformEipSegmentToPublicIpAddressPool	create	All Resources ``	None	None
vpc:UnTagResources	UnTagResources	update	Address `acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}` NatGateway `acs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId}` RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	vpc:tag	None
vpc:UnassociateHaVip	UnassociateHaVip	delete	Instance `acs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId}` HaVip `acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}`	None	None
vpc:UnassociateNetworkAcl	UnassociateNetworkAcl	update	NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	None	None
vpc:UnassociateRouteTable	UnassociateRouteTable	update	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	None	None
vpc:UnassociateVpcCidrBlock	UnassociateVpcCidrBlock	delete	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:UntagResourcesForExpressConnect	UntagResourcesForExpressConnect	update	All Resources ``	None	None
vpc:UpdateDhcpOptionsSetAttribute	UpdateDhcpOptionsSetAttribute	update	*DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}`	None	None
vpc:UpdateFailoverTestJob	UpdateFailoverTestJob	update	PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}` VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}`	None	None
vpc:UpdateGatewayRouteTableEntryAttribute	UpdateGatewayRouteTableEntryAttribute	update	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:UpdateIpv4GatewayAttribute	UpdateIpv4GatewayAttribute	update	*Ipv4Gateway `acs:vpc:{#regionId}:{#accountId}:ipv4gateway/{#ipv4gatewayId}`	None	None
vpc:UpdateNetworkAclEntries	UpdateNetworkAclEntries	update	*NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}`	None	None
vpc:UpdateTrafficMirrorFilterAttribute	UpdateTrafficMirrorFilterAttribute	update	*TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	None	None
vpc:UpdateTrafficMirrorFilterRuleAttribute	UpdateTrafficMirrorFilterRuleAttribute	update	*TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	None	None
vpc:UpdateTrafficMirrorSessionAttribute	UpdateTrafficMirrorSessionAttribute	update	*TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}` TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	None	None
vpc:UpdateVirtualPhysicalConnection	UpdateVirtualPhysicalConnection	update	*PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#physicalconnectionId}`	None	None
vpc:UpdateVpcGatewayEndpointAttribute	UpdateVpcGatewayEndpointAttribute	update	*GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	None	None

Resource

VPC defines the values that you can use in the Resource. You can attach the policy to a RAM user or a RAM role so that the RAM user or the RAM role can perform a specific operation on a specific resource. The ARN is the unique identifier of the resource on Alibaba Cloud. Take note of the following items:

{#}indicates a variable. {#} must be replaced with an actual value. For example, {#ramcode} must be replaced with the actual code of an Alibaba Cloud service in RAM.
An asterisk (*) is used as a wildcard. Examples:
- {#resourceType} is set to *, all resources are specified.
- {#regionId} is set to *, all regions are specified.
- {#accountId} is set to *, all Alibaba Cloud accounts are specified.

Resource type	ARN
Address	acs:vpc:{#regionId}:{#accountId}:eip/* acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}
Association	acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}
BandwidthPackage	acs:vpc:{#regionId}:{#accountId}:combandwidthpackage/{#BandwidthPackageId} acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId} acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/* acs:vpc:{#regionId}:{#accountId}:combandwidthpackage/*
CommonBandwidthPackage	acs:vpc:{#regionId}:{#accountId}:combandwidthpackage/* acs:vpc:{#regionId}:{#accountId}:combandwidthpackage/{#CommonBandwidthPackageId}
CustomerGateway	acs:vpc:{#regionId}:{#accountId}:customergateway/{#CustomerGatewayId} acs:vpc:{#regionId}:{#accountId}:customergateway/* acs:vpc:{#Region}:{#AccountId}:customergateway/{#CustomerGatewayId}
DhcpOptionsSet	acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/* acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}
Eip	acs:vpc:{#regionId}:{#accountId}:eip/{#EipId} acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}
FlowLog	acs:vpc:{#regionId}:{#accountId}:flowlog/* acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}
FlowLogService	acs:vpc:{#regionId}:{#accountId}:flowlog/*
ForwardTable	acs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId}
FullNat	acs:vpc:{#regionId}:{#accountId}:vpcfullnattable/{#FullNatTableId}
GatewayEndpoint	acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId} acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/*
GatewayInfo	acs:vpc:{#regionId}:{#accountId}:eip/*
GlobalAccelerationInstance	acs:vpc:{#regionId}:{#accountId}:globalaccelerationinstance/{#GlobalAccelerationInstanceId} acs:vpc:{#regionId}:{#accountId}:GlobalAccelerationInstance/* acs:vpc:{#regionId}:{#accountId}:globalaccelerationinstance/*
GrantRuleToCen	acs:vpc:{#regionId}:{#accountId}:vpc/{#InstanceId}
HaVip	acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId} acs:vpc:{#regionId}:{#accountId}:havip/*
IPv6Translator	acs:vpc:{#regionId}:{#accountId}:ipv6trans/* acs:vpc:{#regionId}:{#accountId}:ipv6trans/{#IPv6TranslatorId}
Instance	acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId} acs:ecs:{#regionId}:{#accountId}:instance/* acs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId} acs:ecs:{#regionId}:{#accountId}:instance/{#BackendServerId}
IpsecServer	acs:vpc:{#Region}:{#AccountId}: vpnipsecserver/{#IpsecServerId} acs:vpc:{#regionId}:{#accountId}:ipsecserver/* acs:vpc:{#regionId}:{#accountId}:vpnipsecserver/{#IpsecServerId}
Ipv4Gateway	acs:vpc:{#regionId}:{#accountId}:ipv4gateway/{#ipv4gatewayId} acs:vpc:{#regionId}:{#accountId}:ipv4gateway/*
Ipv6Address	acs:vpc:{#regionId}:{#accountId}:ipv6address/* acs:vpc:{#regionId}:{#accountId}:ipv6address/{#Ipv6AddressId}
Ipv6EgressRule	acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}
Ipv6Gateway	acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId} acs:vpc:{#regionId}:{#accountId}:ipv6gateway/*
Ipv6InternetBandwidth	acs:vpc:{#regionId}:{#accountId}:vpc/* acs:vpc:{#regionId}:{#accountId}:ipv6bandwidth/{#Ipv6InternetBandwidthId} acs:vpc:{#regionId}:{#accountId}:ipv6bandwidth/*
Ipv6Translator	acs:vpc:{#regionId}:{#accountId}:ipv6trans/{#Ipv6TranslatorId} acs:vpc:{#regionId}:{#accountId}:ipv6trans/*
NatGateway	acs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId} acs:vpc:{#regionId}:{#accountId}:natgateway/*
NatIp	acs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId}
NatIpCidr	acs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId}
NetworkAcl	acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId} acs:vpc:{#regionId}:{#accountId}:networkacl/*
PhysicalConnection	acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#physicalconnectionId} acs:vpc:{#regionId}:{#accountId}:physicalconnection/*
PrefixList	acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId} acs:vpc:{#regionId}:{#accountId}:prefixlist/*
PublicIpAddressPool	acs:vpc:{#regionId}:{#accountId}:publicipaddresspool/* acs:vpc:{#regionId}:{#accountId}:publicipaddresspool/{#PublicIpAddressPoolId}
PublicIpAddressPoolService	acs:vpc:{#regionId}:{#accountId}:publicipaddresspoolservice/*
RouteEntry	acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}
RouteTable	acs:vpc:{#regionId}:{#accountId}:routetable/{#routetableId} acs:vpc:{#regionId}:{#accountId}:routetable/* acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTable}
RouterInterface	acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId} acs:vpc:{#regionId}:{#accountId}:routerinterface/* acs:expressconnect:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}
SegmentAddress	acs:eip:{#regionId}:{#accountId}:eipsegment/{#SegmentInstanceId} acs:vpc:{#regionId}:{#accountId}:eip/* acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}
SnatEntry	acs:vpc:{#regionId}:{#accountId}:snattable/*
SnatTable	acs:vpc:{#regionId}:{#accountId}:snattable/{#SnatTableId}
SslVpnClientCert	acs:vpc:{#regionId}:{#accountId}:sslvpnclientcert/* acs:vpc:{#regionId}:{#accountId}:sslvpnclientcert/{#SslVpnClientCertId}
SslVpnServer	acs:vpc:{#regionId}:{#accountId}:sslvpnserver/* acs:vpc:{#regionId}:{#accountId}:sslvpnserver/{#SslVpnServerId} acs:vpc:{#Region}:{#AccountId}:sslvpnserver/{#SslVpnServerId}
TrafficMirrorFilter	acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId} acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/*
TrafficMirrorService	acs:vpc:{#regionId}:{#accountId}:trafficmirror/*
TrafficMirrorSession	acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/* acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}
TrafficQos	acs:vpc:{#regionId}:{#accountId}:TrafficQos/* acs:vpc:{#regionId}:{#accountId}:trafficqos/{#QosId}
VPC	acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId} acs:vpc:{#regionId}:{#accountId}:vpc/* acs:vpc:{#regionId}:{#accountId}:vpc/{#InstanceId}
VRouter	acs:vpc:{#regionId}:{#accountId}:vrouter/{#VRouterId} acs:vpc:{#regionId}:{#accountId}:vrouter/*
VSwitch	acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId} acs:vpc:{#regionId}:{#accountId}:vswitch/*
VSwitchCidrReservation	acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/* acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/{#VSwitchCidrReservationId}
VirtualBorderRouter	acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId} acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#virtualborderrouterId} acs:expressconnect:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId} acs:vpc:{#regionId}:{#AccountId}:virtualborderrouter/* acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#InstanceId} acs:vpc:*:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}
VpnAttachment	acs:vpc:{#Region}:{#AccountId}:vpnattachment/{#VpnConnectionId}
VpnConnection	acs:vpc:{#regionId}:{#accountId}:vpnconnection/* acs:vpc:{#regionId}:{#accountId}:* acs:vpc:{#regionId}:{#accountId}:vpnconnection/{#VpnConnectionId} acs:vpc:{#Region}:{#AccountId}:vpnconnection/{#VpnConnectionId}
VpnConnections	acs:vpc:{#regionId}:{#accountId}:vpnconnection/{#VpnConnectionId}
VpnGateway	acs:vpc:{#regionId}:{#accountId}:vpngateway/{#VpnGatewayId} acs:vpc:{#regionId}:{#accountId}:vpngateway/{#VpnInstanceId} acs:vpc:{#regionId}:{#accountId}:vpngateway/* acs:vpc:{#regionId}:{#accountId}: acs:vpc:{#Region}:{#AccountId}:vpngateway/{#VpnInstanceId}
physicalconnection	acs:vpc:{#regionId}:{#accountId}:physicalconnection/*

Condition

VPC defines the values that you can use in the Condition element of a policy statement. The following table describes the values. The following table describes the service-specific condition keys. The common condition keys that are defined by Alibaba Cloud also apply to VPC. For more information about the common condition keys, see Generic Condition Keyword.

The data type determines the conditional operators that you can use to compare the value in a request with the value in a policy statement. You must use conditional operators that are supported by the data type. Otherwise, you cannot compare the value in the request with the value in the policy statement. In this case, the authorization is invalid. For more information about the conditional operators that are supported by each data type, see Policy elements.

Condition key	Description	Data type
vpc:PhysicalConnection	Physical Line Information	String
vpc:TargetAccountRDId	peer user resource directory ID information	String
vpc:VBR	Border Router Information	String
vpc:VPC	VPC Information	String
vpc:VRouter	Router Information	String
vpc:tag	Tags of the VPC	String

What to do next

You can create a custom policy and attach the policy to a RAM user, RAM user group, or RAM role. For more information, see the following topics: