RAM authorization - ENS

Resource Access Management (RAM) is a service provided by Alibaba Cloud to manage user identities and resource access permissions. Using RAM helps you avoid sharing your Alibaba Cloud account keys with other users and allows you to grant users the least privilege access. RAM uses permission policies to define authorizations. This topic describes the general structure of a RAM policy, and the policy statement elements (Action, Resource, and Condition) defined by Edge Node Service for RAM permission policies. The RAM code (RamCode) for Edge Node Service is ens , and the supported authorization granularity is RESOURCE .

General structure of a policy

Permission policies support JSON format with the following general structure:

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}

The following list describes the fields in the policy:

Version: Specifies the policy version number. It is fixed at 1.
Statement:
- Effect: Specifies the authorization result. Valid values: Allow and Deny.
- Action: Specifies one or more operations that are allowed or denied.
- Resource: Specifies the specific objects affected by the operations. You can use Alibaba Cloud Resource Names (ARNs) to describe specific resources.
- Condition: Specifies the conditions for the authorization to take effect. This field is optional.
  - Condition operator: Specifies the conditional operators. Different types of conditions support different conditional operators.
  - Condition_key: Specifies the condition keys.
  - Condition_value: Specifies the condition values.

Action

The following table lists the actions defined by Edge Node Service. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that support authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding ARN in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys that are applicable across all RAM-integrated services. For more information, see Common condition keys.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action	API	Access level	Resource type	Condition key	Dependent action
ens:RebootAICInstance	RebootAICInstance	update	All Resource ``	None	None
ens:GetOssUsageData	GetOssUsageData		All Resource ``	None	None
ens:DescribeBandwitdhByInternetChargeType	DescribeBandwitdhByInternetChargeType	get	All Resource ``	None	None
ens:DescribeInstanceVncUrl	DescribeInstanceVncUrl	get	All Resource ``	None	None
ens:CreateLoadBalancerTCPListener	CreateLoadBalancerTCPListener	create	All Resource ``	None	None
ens:CreateSnapshot	CreateSnapshot	create	All Resource ``	None	None
ens:ModifyInstanceChargeType	ModifyInstanceChargeType	update	Instance `acs:ens::{#accountId}:instance/{#InstanceId}`	None	None
ens:DeleteApplication	DeleteApplication	delete	All Resource ``	None	None
ens:DescribeMountTargets	DescribeMountTargets		All Resource ``	None	None
ens:ModifyEnsRouteEntry	ModifyEnsRouteEntry	update	All Resource ``	None	None
ens:DeleteNetworkAcl	DeleteNetworkAcl	create	All Resource ``	None	None
ens:DescribeDisks	DescribeDisks	get	*Disk `acs:ens::{#accountId}:disk/{#DiskId}`	None	None
ens:ModifyImageSharePermission	ModifyImageSharePermission	update	*Image `acs:ens::{#accountId}:image/{#ImageId}`	None	None
ens:DescribeInstanceAutoRenewAttribute	DescribeInstanceAutoRenewAttribute	get	All Resource ``	None	None
ens:ModifyLoadBalancerAttribute	ModifyLoadBalancerAttribute	update	All Resource ``	None	None
ens:DescribeLoadBalancerAttribute	DescribeLoadBalancerAttribute	get	All Resource ``	None	None
ens:ModifySnapshotAttribute	ModifySnapshotAttribute		All Resource ``	None	None
ens:UnassociateHaVip	UnassociateHaVip	update	All Resource ``	None	None
ens:ModifyVSwitchAttribute	ModifyVSwitchAttribute	update	All Resource ``	None	None
ens:ReleasePostPaidInstance	ReleasePostPaidInstance	delete	Instance `acs:ens::{#accountId}:instance/{#InstanceId}`	None	None
ens:ModifyNetworkAttribute	ModifyNetworkAttribute	update	All Resource ``	None	None
ens:CreateNetwork	CreateNetwork	create	All Resource ``	None	None
ens:CreateStorageGateway	CreateStorageGateway	create	All Resource ``	None	None
ens:AssignPrivateIpAddresses	AssignPrivateIpAddresses	create	All Resource ``	None	None
ens:CopySnapshot	CopySnapshot	create	All Resource ``	None	None
ens:DescribeSnapshots	DescribeSnapshots	list	All Resource ``	None	None
ens:GetOssStorageAndAccByBuckets	GetOssStorageAndAccByBuckets		All Resource ``	None	None
ens:RebootARMServerInstance	RebootARMServerInstance	get	All Resource ``	None	None
ens:ModifyAICInstanceType	ModifyAICInstanceType	update	All Resource ``	None	None
ens:ListAddons	ListAddons	create	All Resource ``	None	None
ens:DeleteNetwork	DeleteNetwork	delete	All Resource ``	None	None
ens:DescribePrice	DescribePrice	get	All Resource ``	None	None
ens:DescribeInstanceSpec	DescribeInstanceSpec	get	All Resource ``	None	None
ens:DescribeInstanceSDGStatus	DescribeInstanceSDGStatus	list	All Resource ``	None	None
ens:InstallClusterAddons	InstallClusterAddons	create	All Resource ``	None	None
ens:DescribeNASAvailableResourceInfo	DescribeNASAvailableResourceInfo	get	All Resource ``	None	None
ens:ModifySnatEntry	ModifySnatEntry	update	*NatGatewaySnatEntry `acs:ens::{#accountId}:natgatewaysnatentry/{#SnatEntryId}`	None	None
ens:DescribeSecurityGroupAttribute	DescribeSecurityGroupAttribute	get	All Resource ``	None	None
ens:DescribeClusterKubeConfig	DescribeClusterKubeConfig	get	All Resource ``	None	None
ens:DescribeHistoryEvents	DescribeHistoryEvents	none	All Resource ``	None	None
ens:DescribeLoadBalancerListeners	DescribeLoadBalancerListeners	list	All Resource ``	None	None
ens:DetachNetworkInterface	DetachNetworkInterface	update	All Resource ``	None	None
ens:AttachInstanceSDG	AttachInstanceSDG	none	All Resource ``	None	None
ens:DeleteForwardEntry	DeleteForwardEntry	delete	All Resource ``	None	None
ens:DescribeVSwitches	DescribeVSwitches	list	All Resource ``	None	None
ens:CreateSDG	CreateSDG	none	All Resource ``	None	None
ens:JoinSecurityGroup	JoinSecurityGroup	update	All Resource ``	None	None
ens:DeleteClusterNodePool	DeleteClusterNodePool	delete	All Resource ``	None	None
ens:DeleteSDG	DeleteSDG	none	All Resource ``	None	None
ens:SetLoadBalancerUDPListenerAttribute	SetLoadBalancerUDPListenerAttribute	update	All Resource ``	None	None
ens:DescribeLoadBalancers	DescribeLoadBalancers	list	All Resource ``	None	None
ens:AccosicateNetworkAcl	AccosicateNetworkAcl	update	All Resource ``	None	None
ens:RescaleDeviceService	RescaleDeviceService	update	All Resource ``	None	None
ens:DescribeSDGs	DescribeSDGs	none	All Resource ``	None	None
ens:DescribeSDGSharedDisks	DescribeSDGSharedDisks	none	All Resource ``	None	None
ens:RemoveSDG	RemoveSDG	update	All Resource ``	None	None
ens:LeaveSecurityGroup	LeaveSecurityGroup	update	All Resource ``	None	None
ens:EventRedeployInstance	EventRedeployInstance	none	All Resource ``	None	None
ens:ModifyForwardEntry	ModifyForwardEntry	update	All Resource ``	None	None
ens:DescribeNetworks	DescribeNetworks	list	All Resource ``	None	None
ens:RunInstances	RunInstances	create	Instance `acs:ens::{#accountId}:instance/*`	None	None
ens:DeleteMountTarget	DeleteMountTarget		All Resource ``	None	None
ens:BatchEventRebootInstance	BatchEventRebootInstance	none	All Resource ``	None	None
ens:RollbackApplication	RollbackApplication	update	All Resource ``	None	None
ens:RemoveInstanceSDG	RemoveInstanceSDG	update	All Resource ``	None	None
ens:JoinVSwitchesToEpnInstance	JoinVSwitchesToEpnInstance	update	All Resource ``	None	None
ens:DescribeNetworkAttribute	DescribeNetworkAttribute	get	All Resource ``	None	None
ens:ModifyInstanceAutoRenewAttribute	ModifyInstanceAutoRenewAttribute	update	All Resource ``	None	None
ens:DeleteLoadBalancerListener	DeleteLoadBalancerListener	delete	All Resource ``	None	None
ens:CreateStorageVolume	CreateStorageVolume	create	All Resource ``	None	None
ens:StopInstance	StopInstance	update	Instance `acs:ens::{#accountId}:instance/{#InstanceId}`	None	None
ens:DescribeRegionIsps	DescribeRegionIsps	list	All Resource ``	None	None
ens:DescribeEnsRegionIdIpv6Info	DescribeEnsRegionIdIpv6Info		All Resource ``	None	None
ens:ReleaseInstance	ReleaseInstance	delete	All Resource ``	None	None
ens:RunServiceSchedule	RunServiceSchedule	update	All Resource ``	None	None
ens:DeleteObject	DeleteObject	delete	All Resource ``	None	None
ens:DescribeInstanceMonitorData	DescribeInstanceMonitorData	get	All Resource ``	None	None
ens:CreateClassicNetwork	CreateClassicNetwork		All Resource ``	None	None
ens:DeleteVSwitch	DeleteVSwitch	delete	All Resource ``	None	None
ens:DescribeServerLoadBalancerMonitor	DescribeServerLoadBalancerMonitor	list	All Resource ``	None	None
ens:RescaleApplication	RescaleApplication	update	All Resource ``	None	None
ens:DeleteFileSystem	DeleteFileSystem		All Resource ``	None	None
ens:ReleaseARMServerInstance	ReleaseARMServerInstance	delete	All Resource ``	None	None
ens:CreateSnatEntry	CreateSnatEntry	create	All Resource ``	None	None
ens:AttachDisk	AttachDisk	update	All Resource ``	None	None
ens:ModifyNetworkInterfaceAttribute	ModifyNetworkInterfaceAttribute	update	All Resource ``	None	None
ens:DistApplicationData	DistApplicationData	update	All Resource ``	None	None
ens:DeleteCluster	DeleteCluster	delete	All Resource ``	None	None
ens:DescribeSelfImages	DescribeSelfImages	list	All Resource ``	None	None
ens:SetBackendServers	SetBackendServers	update	All Resource ``	None	None
ens:ModifyInstanceAttribute	ModifyInstanceAttribute	update	Instance `acs:ens::{#accountId}:instance/{#InstanceId}`	None	None
ens:CreateForwardEntry	CreateForwardEntry	create	All Resource ``	None	None
ens:AssociateEnsEipAddress	AssociateEnsEipAddress	update	All Resource ``	None	None
ens:DescribeHaVips	DescribeHaVips	list	All Resource ``	None	None
ens:DescribeLoadBalancerListenMonitor	DescribeLoadBalancerListenMonitor	none	All Resource ``	None	None
ens:ModifyPrepayInstanceSpec	ModifyPrepayInstanceSpec	update	All Resource ``	None	None
ens:StopLoadBalancerListener	StopLoadBalancerListener	update	All Resource ``	None	None
ens:DescribeLoadBalancerHTTPListenerAttribute	DescribeLoadBalancerHTTPListenerAttribute	get	All Resource ``	None	None
ens:CreateCluster	CreateCluster	create	All Resource ``	None	None
ens:DescribeNetworkAcls	DescribeNetworkAcls	list	All Resource ``	None	None
ens:PutBucket	PutBucket	create	All Resource ``	None	None
ens:DescribeClusterUserKubeconfig	DescribeClusterUserKubeconfig	get	All Resource ``	None	None
ens:ImportKeyPair	ImportKeyPair	create	All Resource ``	None	None
ens:DescribeSnatTableEntries	DescribeSnatTableEntries	list	All Resource ``	None	None
ens:DescribeStorageGateway	DescribeStorageGateway	list	All Resource ``	None	None
ens:AttachNetworkInterface	AttachNetworkInterface	update	All Resource ``	None	None
ens:AuthorizeSecurityGroupEgress	AuthorizeSecurityGroupEgress	update	All Resource ``	None	None
ens:DescribeExportImageInfo	DescribeExportImageInfo	get	All Resource ``	None	None
ens:DescribeAICImages	DescribeAICImages	none	All Resource ``	None	None
ens:DescribeEnsRegions	DescribeEnsRegions	list	All Resource ``	None	None
ens:DeployInstanceSDG	DeployInstanceSDG	none	All Resource ``	None	None
ens:ModifyHaVipAttribute	ModifyHaVipAttribute	update	All Resource ``	None	None
ens:DeleteNetworkAclEntry	DeleteNetworkAclEntry		All Resource ``	None	None
ens:MountInstanceSDG	MountInstanceSDG	none	All Resource ``	None	None
ens:CreateLoadBalancerHTTPListener	CreateLoadBalancerHTTPListener	create	All Resource ``	None	None
ens:DeleteStorageVolume	DeleteStorageVolume	delete	All Resource ``	None	None
ens:StartSnatIpForSnatEntry	StartSnatIpForSnatEntry		All Resource ``	None	None
ens:DescribeEnsNetLevel	DescribeEnsNetLevel		All Resource ``	None	None
ens:ExportMeasurementData	ExportMeasurementData	get	All Resource ``	None	None
ens:ModifySecurityGroupAttribute	ModifySecurityGroupAttribute	update	All Resource ``	None	None
ens:DescribeUserBandWidthData	DescribeUserBandWidthData	get	All Resource ``	None	None
ens:StartLoadBalancerListener	StartLoadBalancerListener	update	All Resource ``	None	None
ens:DescribeDeviceService	DescribeDeviceService	get	All Resource ``	None	None
ens:DescribeCloudDiskTypes	DescribeCloudDiskTypes	list	All Resource ``	None	None
ens:PushApplicationData	PushApplicationData	update	All Resource ``	None	None
ens:TagResources	TagResources	create	All Resource ``	None	None
ens:DescribeServerLoadBalancerListenMonitor	DescribeServerLoadBalancerListenMonitor	list	All Resource ``	None	None
ens:UnassignPrivateIpAddresses	UnassignPrivateIpAddresses	update	All Resource ``	None	None
ens:DescribeEnsNetSaleDistrict	DescribeEnsNetSaleDistrict		All Resource ``	None	None
ens:DescribeClustersV1	DescribeClustersV1	create	All Resource ``	None	None
ens:CreateLoadBalancer	CreateLoadBalancer	create	All Resource ``	None	None
ens:CreateARMServerInstances	CreateARMServerInstances	create	All Resource ``	None	None
ens:ModifyClusterNodePool	ModifyClusterNodePool	update	All Resource ``	None	None
ens:EventRebootInstance	EventRebootInstance	none	All Resource ``	None	None
ens:SetLoadBalancerHTTPSListenerAttribute	SetLoadBalancerHTTPSListenerAttribute	update	All Resource ``	None	None
ens:CreateNetworkInterface	CreateNetworkInterface	create	All Resource ``	None	None
ens:DetachInstanceSDG	DetachInstanceSDG	none	All Resource ``	None	None
ens:GetBucketLifecycle	GetBucketLifecycle	get	All Resource ``	None	None
ens:PreloadRegionSDG	PreloadRegionSDG	none	All Resource ``	None	None
ens:CreateVSwitch	CreateVSwitch	create	All Resource ``	None	None
ens:DescribeStorageVolume	DescribeStorageVolume	list	All Resource ``	None	None
ens:ResizeDisk	ResizeDisk	update	All Resource ``	None	None
ens:DescribeEpnInstanceAttribute	DescribeEpnInstanceAttribute	get	All Resource ``	None	None
ens:DescribeForwardTableEntries	DescribeForwardTableEntries	list	All Resource ``	None	None
ens:DescribeDataDownloadURL	DescribeDataDownloadURL	get	All Resource ``	None	None
ens:DescribeSnatAttribute	DescribeSnatAttribute	get	All Resource ``	None	None
ens:AddNetworkInterfaceToInstance	AddNetworkInterfaceToInstance	create	All Resource ``	None	None
ens:BatchEventRedeployInstance	BatchEventRedeployInstance	none	All Resource ``	None	None
ens:ModifyFileSystem	ModifyFileSystem	create	All Resource ``	None	None
ens:DescribeCluster	DescribeCluster	get	All Resource ``	None	None
ens:CreateNatGateway	CreateNatGateway	create	All Resource ``	None	None
ens:DeleteEip	DeleteEip	delete	All Resource ``	None	None
ens:AddBackendServers	AddBackendServers	create	All Resource ``	None	None
ens:DescribeInstances	DescribeInstances	list	Instance `acs:ens::{#accountId}:instance/{#InstanceId}`	None	None
ens:UnInstallClusterAddons	UnInstallClusterAddons	create	All Resource ``	None	None
ens:CreateEnsService	CreateEnsService	create	All Resource ``	None	None
ens:DescribeImageSharePermission	DescribeImageSharePermission	get	All Resource ``	None	None
ens:DescribeBandWithdChargeType	DescribeBandWithdChargeType	get	All Resource ``	None	None
ens:DescribeNetworkInterfaces	DescribeNetworkInterfaces	list	All Resource ``	None	None
ens:CreateSecurityGroup	CreateSecurityGroup	create	All Resource ``	None	None
ens:DescribeInstanceBootConfiguration	DescribeInstanceBootConfiguration	get	All Resource ``	None	None
ens:SetLoadBalancerTCPListenerAttribute	SetLoadBalancerTCPListenerAttribute	update	All Resource ``	None	None
ens:DescribeDiskIopsList	DescribeDiskIopsList	none	*disk `acs:ens::{#accountId}:disk/{#DiskId}`	None	None
ens:InitializeENSECKServiceRole	InitializeENSECKServiceRole	create	All Resource ``	None	None
ens:CreateImage	CreateImage	create	All Resource ``	None	None
ens:ListClusterAddonInstances	ListClusterAddonInstances	get	All Resource ``	None	None
ens:DescribeCloudDiskAvailableResourceInfo	DescribeCloudDiskAvailableResourceInfo	get	All Resource ``	None	None
ens:DescribeMeasurementData	DescribeMeasurementData	get	All Resource ``	None	None
ens:DescribeLoadBalancerSpec	DescribeLoadBalancerSpec	get	All Resource ``	None	None
ens:SetLoadBalancerHTTPListenerAttribute	SetLoadBalancerHTTPListenerAttribute	update	All Resource ``	None	None
ens:ModifyEnsEipAddressAttribute	ModifyEnsEipAddressAttribute	update	All Resource ``	None	None
ens:DescribeLoadBalancerUDPListenerAttribute	DescribeLoadBalancerUDPListenerAttribute	get	All Resource ``	None	None
ens:ListAICPublicKeys	ListAICPublicKeys	none	All Resource ``	None	None
ens:CreateFileSystem	CreateFileSystem	create	All Resource ``	None	None
ens:DescribeClusterDetail	DescribeClusterDetail	get	All Resource ``	None	None
ens:CreateEipInstance	CreateEipInstance	create	All Resource ``	None	None
ens:DeleteDisk	DeleteDisk	delete	All Resource ``	None	None
ens:GetBucketInfo	GetBucketInfo	get	All Resource ``	None	None
ens:CopySDG	CopySDG	none	All Resource ``	None	None
ens:DeleteSecurityGroupPermissions	DeleteSecurityGroupPermissions	delete	All Resource ``	None	None
ens:DescribeEnsEipAddresses	DescribeEnsEipAddresses	list	All Resource ``	None	None
ens:RemoveBackendServers	RemoveBackendServers	update	All Resource ``	None	None
ens:ReInitDisk	ReInitDisk	create	*Disk `acs:ens::{#accountId}:disk/{#DiskId}`	None	None
ens:DeploySDG	DeploySDG	create	All Resource ``	None	None
ens:DescribeSecondaryPublicIpAddresses	DescribeSecondaryPublicIpAddresses	list	All Resource ``	None	None
ens:PutBucketAcl	PutBucketAcl	none	All Resource ``	None	None
ens:DescribeEnsRouteEntryList	DescribeEnsRouteEntryList	list	All Resource ``	None	None
ens:CreateKeyPair	CreateKeyPair	create	All Resource ``	None	None
ens:DescribeLoadBalancerHTTPSListenerAttribute	DescribeLoadBalancerHTTPSListenerAttribute	get	All Resource ``	None	None
ens:BatchEventMigrateInstance	BatchEventMigrateInstance	none	All Resource ``	None	None
ens:ListBuckets	ListBuckets	list	All Resource ``	None	None
ens:ImportImage	ImportImage	create	All Resource ``	None	None
ens:DescribeEnsRegionIdResource	DescribeEnsRegionIdResource	get	All Resource ``	None	None
ens:DescribePrePaidInstanceStock	DescribePrePaidInstanceStock	get	All Resource ``	None	None
ens:DescribeApplication	DescribeApplication	get	All Resource ``	None	None
ens:UnAssociateEnsEipAddress	UnAssociateEnsEipAddress	update	All Resource ``	None	None
ens:RemovePublicIpsFromEpnInstance	RemovePublicIpsFromEpnInstance	update	All Resource ``	None	None
ens:DeleteClusterNodes	DeleteClusterNodes	delete	All Resource ``	None	None
ens:DeleteEnsRouteEntry	DeleteEnsRouteEntry	delete	All Resource ``	None	None
ens:DescribeEnsResourceUsage	DescribeEnsResourceUsage	get	All Resource ``	None	None
ens:DescribeEpnBandWidthData	DescribeEpnBandWidthData	get	All Resource ``	None	None
ens:ReinitInstance	ReinitInstance	update	Instance `acs:ens::{#accountId}:instance/{#InstanceId}`	None	None
ens:StartEpnInstance	StartEpnInstance	update	All Resource ``	None	None
ens:DescribeEpnBandwitdhByInternetChargeType	DescribeEpnBandwitdhByInternetChargeType	get	All Resource ``	None	None
ens:RenewARMServerInstance	RenewARMServerInstance	update	All Resource ``	None	None
ens:ResetAICInstance	ResetAICInstance	update	All Resource ``	None	None
ens:DescribeElbAvailableResourceInfo	DescribeElbAvailableResourceInfo	get	All Resource ``	None	None
ens:DescribeForwardEntryAttribute	DescribeForwardEntryAttribute	get	*NatGatewayForwardEntry `acs:ens::{#accountId}:natgatewayforwardentry/{#ForwardEntryId}`	None	None
ens:DescribeSDG	DescribeSDG	none	All Resource ``	None	None
ens:ExportImage	ExportImage	get	All Resource ``	None	None
ens:DeleteEpnInstance	DeleteEpnInstance	delete	All Resource ``	None	None
ens:CreateApplication	CreateApplication	create	All Resource ``	None	None
ens:CreateEnsRouteEntry	CreateEnsRouteEntry	create	All Resource ``	None	None
ens:CreateNetworkAclEntry	CreateNetworkAclEntry	create	All Resource ``	None	None
ens:DescribeServcieSchedule	DescribeServcieSchedule		All Resource ``	None	None
ens:ShareAICImage	ShareAICImage	none	All Resource ``	None	None
ens:DeleteSnapshot	DeleteSnapshot	delete	All Resource ``	None	None
ens:DescribeImages	DescribeImages	list	All Resource ``	None	None
ens:StopSnatIpForSnatEntry	StopSnatIpForSnatEntry		All Resource ``	None	None
ens:CreateMountTarget	CreateMountTarget	create	All Resource ``	None	None
ens:DescribeKeyPairs	DescribeKeyPairs	get	All Resource ``	None	None
ens:DescribeEnsNetDistrict	DescribeEnsNetDistrict	get	All Resource ``	None	None
ens:DeleteHaVips	DeleteHaVips	delete	*HaVip `acs:ens::{#accountId}:havip/{#HaVipIds}`	None	None
ens:StopEpnInstance	StopEpnInstance	update	All Resource ``	None	None
ens:DeleteSnatIpForSnatEntry	DeleteSnatIpForSnatEntry	delete	All Resource ``	None	None
ens:JoinPublicIpsToEpnInstance	JoinPublicIpsToEpnInstance	update	All Resource ``	None	None
ens:DeleteNatGateway	DeleteNatGateway	delete	All Resource ``	None	None
ens:CreateLoadBalancerUDPListener	CreateLoadBalancerUDPListener	create	All Resource ``	None	None
ens:ModifyEpnInstance	ModifyEpnInstance	update	All Resource ``	None	None
ens:RebootInstance	RebootInstance	update	Instance `acs:ens::{#accountId}:instance/{#InstanceId}`	None	None
ens:SaveSDG	SaveSDG	none	All Resource ``	None	None
ens:RevokeSecurityGroup	RevokeSecurityGroup	update	All Resource ``	None	None
ens:DeleteNetworkInterfaces	DeleteNetworkInterfaces	none	All Resource ``	None	None
ens:CreateDisk	CreateDisk	create	All Resource ``	None	None
ens:AssociateHaVip	AssociateHaVip	update	*HaVip `acs:ens::{#accountId}:havip/{#HaVipId}`	None	None
ens:UpgradeAICInstanceImage	UpgradeAICInstanceImage	update	All Resource ``	None	None
ens:CreateNetworkAcl	CreateNetworkAcl	create	All Resource ``	None	None
ens:CreateClusterNodePool	CreateClusterNodePool	create	All Resource ``	None	None
ens:GetClusterAddonInstance	GetClusterAddonInstance	create	All Resource ``	None	None
ens:DescribeSecurityGroups	DescribeSecurityGroups	list	All Resource ``	None	None
ens:DeleteBucketLifecycle	DeleteBucketLifecycle	delete	All Resource ``	None	None
ens:GetBucketAcl	GetBucketAcl	get	All Resource ``	None	None
ens:ManageAICLogin	ManageAICLogin	none	All Resource ``	None	None
ens:CreateLoadBalancerHTTPSListener	CreateLoadBalancerHTTPSListener	create	All Resource ``	None	None
ens:DeleteKeyPairs	DeleteKeyPairs	delete	All Resource ``	None	None
ens:DescribeDataDistResult	DescribeDataDistResult	get	All Resource ``	None	None
ens:UnmountInstanceSDG	UnmountInstanceSDG	none	All Resource ``	None	None
ens:ScaleClusterNodePool	ScaleClusterNodePool	update	All Resource ``	None	None
ens:DescribeEnsRouteTables	DescribeEnsRouteTables	list	All Resource ``	None	None
ens:PutBucketLifecycle	PutBucketLifecycle	none	All Resource ``	None	None
ens:DetachDisk	DetachDisk	update	All Resource ``	None	None
ens:DescribeAvailableResourceInfo	DescribeAvailableResourceInfo	get	All Resource ``	None	None
ens:DescribeEpnMeasurementData	DescribeEpnMeasurementData	get	All Resource ``	None	None
ens:ListProductAbilities	ListProductAbilities	list	All Resource ``	None	None
ens:DescribeAddon	DescribeAddon	get	All Resource ``	None	None
ens:RemoveSDGs	RemoveSDGs	none	All Resource ``	None	None
ens:EventMigrateInstance	EventMigrateInstance	none	All Resource ``	None	None
ens:AuthorizeSecurityGroup	AuthorizeSecurityGroup	update	All Resource ``	None	None
ens:DescribeInstanceTypes	DescribeInstanceTypes	get	All Resource ``	None	None
ens:RecoverAICInstance	RecoverAICInstance	update	All Resource ``	None	None
ens:DescribeEpnInstances	DescribeEpnInstances	get	All Resource ``	None	None
ens:StartInstance	StartInstance	update	Instance `acs:ens::{#accountId}:instance/{#InstanceId}`	None	None
ens:CreateHaVips	CreateHaVip	create	All Resource ``	None	None
ens:CreateInstance	CreateInstance	create	Instance `acs:ens::{#accountId}:instance/*`	None	None
ens:DescribeInstanceBandwidthDetail	DescribeInstanceBandwidthDetail	list	All Resource ``	None	None
ens:DescribeExportImageStatus	DescribeExportImageStatus	get	All Resource ``	None	None
ens:DescribeAvailableResource	DescribeAvailableResource	get	All Resource ``	None	None
ens:DescribeNatGateways	DescribeNatGateways	list	All Resource ``	None	None
ens:UpgradeApplication	UpgradeApplication	update	All Resource ``	None	None
ens:UpgradeClusterAddons	UpgradeClusterAddons	create	All Resource ``	None	None
ens:DescribeVSwitchAttributes	DescribeVSwitchAttributes	get	All Resource ``	None	None
ens:DeleteSecurityGroup	DeleteSecurityGroup	delete	All Resource ``	None	None
ens:ReleaseAICInstance	ReleaseAICInstance	delete	All Resource ``	None	None
ens:DescribeImageInfos	DescribeImageInfos	get	All Resource ``	None	None
ens:DescribeClusterNodes	DescribeClusterNodes	list	All Resource ``	None	None
ens:DescribeCreatePrePaidInstanceResult	DescribeCreatePrePaidInstanceResult	get	All Resource ``	None	None
ens:UntagResources	UntagResources	update	All Resource ``	None	None
ens:ListTagResources	ListTagResources	list	All Resource ``	None	None
ens:CreateSecurityGroupPermissions	CreateSecurityGroupPermissions	create	All Resource ``	None	None
ens:RevokeSecurityGroupEgress	RevokeSecurityGroupEgress	update	All Resource ``	None	None
ens:ListAICPublicKeyDeliveries	ListAICPublicKeyDeliveries	none	All Resource ``	None	None
ens:ResetDisk	ResetDisk	update	All Resource ``	None	None
ens:DescribeLoadBalancerTCPListenerAttribute	DescribeLoadBalancerTCPListenerAttribute	get	All Resource ``	None	None
ens:PrepareUpload	PrepareUpload	none	All Resource ``	None	None
ens:ModifyImageAttribute	ModifyImageAttribute	update	All Resource ``	None	None
ens:ModifyInstanceBootConfiguration	ModifyInstanceBootConfiguration	update	All Resource ``	None	None
ens:UnassociateNetworkAcl	UnassociateNetworkAcl	update	All Resource ``	None	None
ens:RenewInstance	RenewInstance	none	All Resource ``	None	None
ens:RemoveVSwitchesFromEpnInstance	RemoveVSwitchesFromEpnInstance	update	All Resource ``	None	None
ens:DeleteBucket	DeleteBucket	delete	All Resource ``	None	None
ens:DescribeFileSystems	DescribeFileSystems	list	All Resource ``	None	None
ens:DescribeClusterNodePools	DescribeClusterNodePools	list	All Resource ``	None	None
ens:DeleteImage	DeleteImage	delete	All Resource ``	None	None
ens:ModifyInstanceNetworkAttribute	ModifyInstanceNetworkAttribute	update	All Resource ``	None	None
ens:DeleteStorageGateway	DeleteStorageGateway	delete	All Resource ``	None	None
ens:AttachEnsInstances	AttachEnsInstances	update	All Resource ``	None	None
ens:ListObjects	ListObjects	list	All Resource ``	None	None
ens:DeleteSnatEntry	DeleteSnatEntry	delete	All Resource ``	None	None
ens:DescribeDataPushResult	DescribeDataPushResult	get	All Resource ``	None	None
ens:DescribeSDGDeploymentStatus	DescribeSDGDeploymentStatus	none	All Resource ``	None	None
ens:ListApplications	ListApplications	get	All Resource ``	None	None
ens:ReleasePrePaidInstance	ReleasePrePaidInstance	delete	Instance `acs:ens::{#accountId}:instance/{#InstanceId}`	None	None
ens:CreateEpnInstance	CreateEpnInstance	create	All Resource ``	None	None
ens:DescribeARMServerInstances	DescribeARMServerInstances	list	All Resource ``	None	None
ens:UnloadRegionSDG	UnloadRegionSDG	none	All Resource ``	None	None
ens:DeleteAICPublicKey	DeleteAICPublicKey	none	All Resource ``	None	None
ens:DescribeReservedResource	DescribeReservedResource	get	All Resource ``	None	None
ens:UploadAICPublicKey	UploadAICPublicKey	create	All Resource ``	None	None
ens:ModifyClusterAddon	ModifyClusterAddon	create	All Resource ``	None	None
ens:AddSnatIpForSnatEntry	AddSnatIpForSnatEntry		All Resource ``	None	None
ens:ExportBillDetailData	ExportBillDetailData	get	All Resource ``	None	None
ens:SetLoadBalancerStatus	SetLoadBalancerStatus	update	All Resource ``	None	None

Resource

The following table lists the resources defined by Edge Node Service. Specify them in the Resource element of RAM policy statements to grant permissions for specific operations. They are uniquely identified by ARNs. Format: acs:{#ramcode}:{#regionId}:{#accountId}:{#resourceType}:

acs: The initialism of Alibaba Cloud service, which indicates the public cloud of Alibaba Cloud.
{#ramcode}: The code used in RAM to indicate an Alibaba Cloud service.
{#regionId}: The region ID. If the resource covers all regions, set it to an asterisk (*).
{#accountId}: The ID of the Alibaba Cloud account. If the resource covers all Alibaba Cloud accounts, set it to an asterisk (*).
{#resourceType}: The service-defined resource identifier. It supports a hierarchical structure, which is similar to a file path. If the statement covers global resources, set it to an asterisk (*).

Resource type	ARN
Instance	acs:ens::{#accountId}:instance/{#InstanceId} acs:ens::{#accountId}:instance/*
Disk	acs:ens::{#accountId}:disk/{#DiskId} acs:ens::{#accountId}:disk/*
Image	acs:ens::{#accountId}:image/{#ImageId}
HaVip	acs:ens::{#accountId}:havip/{#HaVipId} acs:ens::{#accountId}:havip/{#HaVipIds}
NatGatewaySnatEntry	acs:ens::{#accountId}:natgatewaysnatentry/{#SnatEntryId}
disk	acs:ens::{#accountId}:disk/{#DiskId}
NatGatewayForwardEntry	acs:ens::{#accountId}:natgatewayforwardentry/{#ForwardEntryId}

Condition

Edge Node Service does not define product-level condition keys. However, you can use Alibaba Cloud common condition keys for access control. For more information, see Common condition keys.

How to create custom RAM policies?

You can create custom policies and grant them to RAM users, RAM user groups, or RAM roles. For instructions, see: