Otorisasi RAM - Virtual Private Cloud - Alibaba Cloud Documentation Center

Resource Access Management (RAM) adalah layanan Alibaba Cloud yang dirancang untuk manajemen identitas pengguna dan kontrol izin akses resource. Melalui RAM, Anda dapat menerapkan prinsip least privilege tanpa perlu membagikan kunci akun Alibaba Cloud Anda kepada pengguna lain. RAM menggunakan kebijakan izin untuk menentukan otorisasi. Topik ini menjelaskan struktur umum kebijakan RAM, serta elemen pernyataan kebijakan (Action, Resource, dan Condition) yang didefinisikan oleh 专有网络VPC untuk kebijakan izin RAM. Kode RAM (RamCode) untuk 专有网络VPC adalah vpc , dan granularitas otorisasi yang didukung adalah 资源级 .

Struktur umum kebijakan

Kebijakan izin menggunakan format JSON dengan struktur umum berikut:

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}

Berikut adalah penjelasan untuk setiap field dalam kebijakan

Version: Menentukan nomor versi kebijakan. Nilainya tetap 1.
Statement:
- Effect: Menentukan hasil otorisasi. Nilai yang valid: Allow dan Deny.
- Action: Menentukan satu atau beberapa operasi yang diizinkan atau ditolak.
- Resource: Menentukan objek spesifik yang terpengaruh oleh operasi tersebut. Anda dapat menggunakan Alibaba Cloud Resource Names (ARNs) untuk mengidentifikasi resource tertentu.
- Condition: Menentukan kondisi agar otorisasi berlaku. Field ini bersifat opsional.
  - Condition operator: Menentukan operator kondisional. Setiap jenis kondisi mendukung operator kondisional yang berbeda.
  - Condition_key: Menentukan condition key.
  - Condition_value: Menentukan nilai kondisi.

Action

Tabel berikut mencantumkan action yang didefinisikan oleh 专有网络VPC. Setiap kolom dalam tabel dijelaskan sebagai berikut:

Action: Dapat digunakan dalam elemen Action pada pernyataan kebijakan RAM untuk memberikan izin guna melakukan operasi tersebut.
API: API yang dipanggil untuk melakukan action tersebut.
Access level: Tingkat akses yang telah ditentukan untuk setiap API. Nilai yang valid: create, list, get, update, dan delete.
Resource type: Jenis resource yang mendukung otorisasi untuk melakukan action tersebut. Ini menunjukkan apakah action tersebut mendukung izin tingkat resource. Resource yang ditentukan harus kompatibel dengan action tersebut; jika tidak, kebijakan tidak akan berlaku.
- Untuk API dengan izin tingkat resource, jenis resource yang diperlukan ditandai dengan tanda bintang (*). Tentukan ARN yang sesuai dalam elemen Resource pada kebijakan.
- Untuk API tanpa izin tingkat resource, ini ditampilkan sebagai All Resources. Gunakan tanda bintang (*) dalam elemen Resource kebijakan.
Condition key: Ditentukan oleh layanan. Kunci ini memungkinkan kontrol yang lebih terperinci, yang berlaku baik untuk action saja maupun untuk action yang terkait dengan resource tertentu. Selain condition key spesifik layanan, Alibaba Cloud menyediakan serangkaian condition key umum yang berlaku di seluruh layanan yang terintegrasi dengan RAM. Untuk informasi lebih lanjut, lihat Common condition keys.
Dependent action: Action dependen yang diperlukan untuk menjalankan action tersebut. Agar action dapat dieksekusi dengan sukses, RAM user atau RAM role harus memiliki izin atas semua action dependen tersebut.

Action	API	Level akses	Tipe resource	Condition key	Action dependen
vpc:DescribeFlowLogs	DescribeFlowLogs	get	FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/`	None	None
vpc:OpenFlowLogService	OpenFlowLogService	create	FlowLogService `acs:vpc:{#regionId}:{#accountId}:flowlog/`	None	None
vpc:ChangeResourceGroup	ChangeResourceGroup	update	全部资源 ``	None	None
vpc:AllocateVpcIpv6Cidr	AllocateVpcIpv6Cidr	none	全部资源 ``	None	None
vpc:ModifyIpv6GatewayAttribute	ModifyIpv6GatewayAttribute	update	*Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	None	None
vpc:CreateVpc	CreateVpc	create	VPC `acs:vpc:{#regionId}:{#accountId}:vpc/`	None	None
vpc:DescribeIpv6Gateways	DescribeIpv6Gateways	get	Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/*` Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	None	None
vpc:ModifyNetworkAclAttributes	ModifyNetworkAclAttributes	update	*NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}`	None	None
vpc:DescribeRouterInterfaces	DescribeRouterInterfaces	list	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	None	None
vpc:DescribeVpcAttribute	DescribeVpcAttribute	get	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	vpc:tag	None
vpc:GetFlowLogServiceStatus	GetFlowLogServiceStatus	get	FlowLogService `acs:vpc:{#regionId}:{#accountId}:flowlog/`	None	None
vpc:ListTagResourcesForExpressConnect	ListTagResourcesForExpressConnect	list	全部资源 ``	None	None
vpc:ModifyRouteEntry	ModifyRouteEntry	update	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:UnassociateRouteTable	UnassociateRouteTable	update	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	None	None
vpc:ModifyRouteTableAttributes	ModifyRouteTableAttributes	update	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	vpc:VRouter	None
vpc:DeleteRouterInterface	DeleteRouterInterface	delete	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	None	None
vpc:CreateTrafficMirrorFilter	CreateTrafficMirrorFilter	create	TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/`	None	None
vpc:ActiveFlowLog	ActiveFlowLog	update	*FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}`	None	None
vpc:DescribeIpv6EgressOnlyRules	DescribeIpv6EgressOnlyRules	get	*Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	None	None
vpc:DeactiveFlowLog	DeactiveFlowLog	update	*FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}`	None	None
vpc:CreateDefaultVSwitch	CreateDefaultVSwitch	create	VSwitch `acs:vpc:{#regionid}:{#accountId}:vswitch/`	None	None
vpc:AssociateRouteTablesWithVpcGatewayEndpoint	AssociateRouteTablesWithVpcGatewayEndpoint	create	*GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	None	None
vpc:RevokeInstanceFromCen	RevokeInstanceFromCen	update	*VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}`	None	None
vpc:ListVpcPublishedRouteEntries	ListVpcPublishedRouteEntries	list	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:DissociateRouteTablesFromVpcGatewayEndpoint	DissociateRouteTablesFromVpcGatewayEndpoint	delete	*GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	None	None
vpc:UpdateRouteTargetGroup	UpdateRouteTargetGroup	update	*RouteTargetGroup `acs:vpc:{#regionId}:{#accountId}:routetargetgroup/{#RouteTargetGroupId}`	None	None
vpc:DeletionProtection	DeletionProtection	delete	*Address `acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}`	None	None
vpc:GetVpcPrefixListEntries	GetVpcPrefixListEntries	get	*PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}`	None	None
vpc:ListPrefixLists	ListPrefixLists	list	PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/*`	None	None
vpc:ListVpcEndpointServicesByEndUser	ListVpcEndpointServicesByEndUser	list	全部资源 ``	None	None
vpc:TagResourcesForExpressConnect	TagResourcesForExpressConnect	update	PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}` VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}` RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}` TrafficQos `acs:vpc:{#regionId}:{#accountId}:trafficqos/{#QosId}`	None	None
vpc:AssociateHaVip	AssociateHaVip	create	Instance `acs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId}` HaVip `acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}`	None	None
vpc:CreateVpcGatewayEndpoint	CreateVpcGatewayEndpoint	create	GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/`	None	None
vpc:GetVpcRouteEntrySummary	GetVpcRouteEntrySummary	list	RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#routetableId}` *VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId}`	None	None
vpc:ConnectRouterInterface	ConnectRouterInterface	update	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	None	None
vpc:CreateTrafficMirrorSession	CreateTrafficMirrorSession	create	TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/` *TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	None	None
vpc:DeleteRouteTargetGroup	DeleteRouteTargetGroup	delete	全部资源 ``	None	None
vpc:CopyNetworkAclEntries	CopyNetworkAclEntries	update	*NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}`	None	None
vpc:DeleteTrafficMirrorFilterRules	DeleteTrafficMirrorFilterRules	delete	*TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	None	None
vpc:DeleteVpcGatewayEndpoint	DeleteVpcGatewayEndpoint	delete	*GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	None	None
vpc:CreateTrafficMirrorFilterRules	CreateTrafficMirrorFilterRules	create	*TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	None	None
vpc:DeleteHaVip	DeleteHaVip	delete	*HaVip `acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}`	None	None
vpc:ListVpcGatewayEndpoints	ListVpcGatewayEndpoints	list	GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/*` GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	None	None
vpc:CreateNetworkAcl	CreateNetworkAcl	create	NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/` *VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:ListTagResources	ListTagResources	get	BandwidthPackage `acs:vpc:{#regionId}:{#accountId}:combandwidthpackage/{#BandwidthPackageId}` Address `acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}` NatGateway `acs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId}` RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTable}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}` VpnGateway `acs:vpc:{#regionId}:{#accountId}:vpngateway/{#VpnGatewayId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	vpc:tag	None
vpc:MoveResourceGroup	MoveResourceGroup	update	BandwidthPackage `acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}` Eip `acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}` PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}` GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}` DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}` FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}` HaVip `acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}` Ipv4Gateway `acs:vpc:{#regionId}:{#accountId}:ipv4gateway/{#Ipv4GatewayId}` Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}` PublicIpAddressPool `acs:vpc:{#regionId}:{#accountId}:publicipaddresspool/{#PublicIpAddressPoolId}` TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}` TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}`	None	None
vpc:DeleteRouteEntry	DeleteRouteEntry	delete	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:TagResources	TagResources	update	BandwidthPackage `acs:vpc:{#regionId}:{#accountId}:combandwidthpackage/{#BandwidthPackageId}` Address `acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}` NatGateway `acs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId}` RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}` VpnGateway `acs:vpc:{#regionId}:{#accountId}:vpngateway/{#VpnGatewayId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	vpc:tag	None
vpc:RemoveSourcesFromTrafficMirrorSession	RemoveSourcesFromTrafficMirrorSession	update	*TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}`	None	None
vpc:OpenTrafficMirrorService	OpenTrafficMirrorService	create	全部资源 ``	None	None
vpc:UnassociateVpcCidrBlock	UnassociateVpcCidrBlock	delete	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:ListGatewayRouteTableEntries	ListGatewayRouteTableEntries	list	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#routetableId}`	None	None
vpc:DescribeEcGrantRelation	DescribeEcGrantRelation	list	*VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}`	None	None
vpc:DeleteNetworkAcl	DeleteNetworkAcl	delete	*NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}`	None	None
vpc:ModifyVpcPrefixList	ModifyVpcPrefixList	update	*PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}`	None	None
vpc:UpdateDhcpOptionsSetAttribute	UpdateDhcpOptionsSetAttribute	update	*DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}`	None	None
vpc:DescribeIpv6Addresses	DescribeIpv6Addresses	list	Ipv6InternetBandwidth `acs:vpc:{#regionId}:{#accountId}:vpc/`	None	None
vpc:DeleteIpv6Gateway	DeleteIpv6Gateway	delete	*Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	None	None
vpc:AllocateIpv6Address	AllocateIpv6Address	create	Ipv6Address `acs:vpc:{#regionId}:{#accountId}:ipv6address/`	None	None
vpc:DescribeVSwitchAttributes	DescribeVSwitchAttributes	get	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	None	None
vpc:UntagResourcesForExpressConnect	UntagResourcesForExpressConnect	update	PhysicalConnection `acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}` VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}` RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}` TrafficQos `acs:vpc:{#regionId}:{#accountId}:trafficqos/{#QosId}`	None	None
vpc:DescribeVSwitches	DescribeVSwitches	list	VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/`	vpc:VPC	None
vpc:GetVpcPrefixListAssociations	GetVpcPrefixListAssociations	get	*PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}`	None	None
vpc:GetRouteTargetGroup	GetRouteTargetGroup	get	*RouteTargetGroup `acs:vpc:{#regionId}:{#accountId}:routetargetgroup/{#RouteTargetGroupId}`	None	None
vpc:ListTrafficMirrorFilters	ListTrafficMirrorFilters	list	TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/`	None	None
vpc:CreateDefaultVpc	CreateDefaultVpc	create	VPC `acs:vpc:{#regionId}:{#accountId}:vpc/`	None	None
vpc:UpdateGatewayRouteTableEntryAttribute	UpdateGatewayRouteTableEntryAttribute	update	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:DescribeNetworkAcls	DescribeNetworkAcls	list	NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/`	None	None
vpc:DeactivateRouterInterface	DeactivateRouterInterface	update	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	None	None
vpc:UpdateNetworkAclEntries	UpdateNetworkAclEntries	update	*NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}`	None	None
vpc:UpdateVpcGatewayEndpointAttribute	UpdateVpcGatewayEndpointAttribute	update	*GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	None	None
vpc:ListTrafficMirrorSessions	ListTrafficMirrorSessions	list	TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/`	None	None
vpc:DisableVpcClassicLink	DisableVpcClassicLink	update	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:GrantInstanceToVbr	GrantInstanceToVbr	update	*VPC `acs:vpc:{#regionId}:{#AccountId}:vpc/{#VpcId}`	None	None
vpc:AllocateIpv6InternetBandwidth	AllocateIpv6InternetBandwidth	create	Ipv6InternetBandwidth `acs:vpc:{#regionId}:{#accountId}:ipv6bandwidth/`	None	None
vpc:AssociateVpcCidrBlock	AssociateVpcCidrBlock	create	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:CreateVpcPrefixList	CreateVpcPrefixList	create	PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/`	None	None
vpc:DescribeTagKeysForExpressConnect	DescribeTagKeysForExpressConnect	list	全部资源 ``	None	None
vpc:ModifyIpv6InternetBandwidth	ModifyIpv6InternetBandwidth	update	*Ipv6InternetBandwidth `acs:vpc:{#regionId}:{#accountId}:ipv6bandwidth/{#Ipv6InternetBandwidthId}`	None	None
vpc:DeleteRouteTable	DeleteRouteTable	delete	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:AssociateRouteTableWithGateway	AssociateRouteTableWithGateway	create	Ipv4Gateway `acs:vpc:{#regionId}:{#accountId}:ipv4gateway/{#ipv4gatewayId}` RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#routetableId}`	None	None
vpc:WithdrawVpcPublishedRouteEntries	WithdrawVpcPublishedRouteEntries	update	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:DeleteTrafficMirrorFilter	DeleteTrafficMirrorFilter	delete	*TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	None	None
vpc:DescribeVRouters	DescribeVRouters	list	VRouter `acs:vpc:{#regionId}:{#accountId}:vrouter/`	vpc:VPC	None
vpc:DescribeGrantRulesToCen	DescribeGrantRulesToCen	get	VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#InstanceId}` GrantRuleToCen `acs:vpc:{#regionId}:{#accountId}:vpc/{#InstanceId}`	None	None
vpc:DescribeHaVips	DescribeHaVips	get	HaVip `acs:vpc:{#regionId}:{#accountId}:havip/`	None	None
vpc:DescribeIpv6GatewayAttribute	DescribeIpv6GatewayAttribute	get	*Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	None	None
vpc:AddSourcesToTrafficMirrorSession	AddSourcesToTrafficMirrorSession	update	*TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}`	None	None
vpc:GetDhcpOptionsSet	GetDhcpOptionsSet	get	*DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}`	None	None
vpc:GetTrafficMirrorServiceStatus	GetTrafficMirrorServiceStatus	get	全部资源 ``	None	None
vpc:CreateRouteEntry	CreateRouteEntry	create	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:CreateRouteTargetGroup	CreateRouteTargetGroup	create	RouteTargetGroup `acs:vpc:{#regionId}:{#accountId}:routetargetgroup/`	None	None
vpc:DeleteFlowLog	DeleteFlowLog	delete	*FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}`	None	None
vpc:AssociateNetworkAcl	AssociateNetworkAcl	update	NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	None	None
vpc:ListDhcpOptionsSets	ListDhcpOptionsSets	get	DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/*` DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}`	None	None
vpc:CreateDhcpOptionsSet	CreateDhcpOptionsSet	create	DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/`	None	None
vpc:ListVSwitchCidrReservations	ListVSwitchCidrReservations	list	VSwitchCidrReservation `acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/`	None	None
vpc:CreateFlowLog	CreateFlowLog	create	VSwitch `acs:vpc:{#regionid}:{#accountId}:vswitch/{#VSwitchId}` FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:CreateHaVip	CreateHaVip	create	HaVip `acs:vpc:{#regionId}:{#accountId}:havip/` *VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	None	None
vpc:DeleteTrafficMirrorSession	DeleteTrafficMirrorSession	delete	*TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}`	None	None
vpc:UnassociateNetworkAcl	UnassociateNetworkAcl	update	NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	None	None
vpc:RetryVpcPrefixListAssociation	RetryVpcPrefixListAssociation	update	*PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}`	None	None
vpc:ModifyVSwitchCidrReservationAttribute	ModifyVSwitchCidrReservationAttribute	update	*VSwitchCidrReservation `acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/{#VSwitchCidrReservationId}`	None	None
vpc:CheckCanAllocateVpcPrivateIpAddress	CheckCanAllocateVpcPrivateIpAddress	none	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	None	None
vpc:ModifyFlowLogAttribute	ModifyFlowLogAttribute	update	*FlowLog `acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}`	None	None
vpc:UpdateTrafficMirrorSessionAttribute	UpdateTrafficMirrorSessionAttribute	update	*TrafficMirrorSession `acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}` TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	None	None
vpc:DeleteRouteEntries	DeleteRouteEntries	delete	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#routetableId}`	None	None
vpc:ModifyRouterInterfaceAttribute	ModifyRouterInterfaceAttribute	update	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	vpc:TargetAccountRDId	None
vpc:RevokeInstanceFromVbr	RevokeInstanceFromVbr	update	*VPC `acs:vpc:{#regionId}:{#AccountId}:vpc/{#VpcId}`	None	None
vpc:DetachDhcpOptionsSetFromVpc	DetachDhcpOptionsSetFromVpc	update	DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:DeleteDhcpOptionsSet	DeleteDhcpOptionsSet	delete	*DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}`	None	None
vpc:GrantInstanceToCen	GrantInstanceToCen	update	VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:CreateRouteEntries	CreateRouteEntries	create	*RouteEntry `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:CreateIpv6Gateway	CreateIpv6Gateway	create	Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/`	None	None
vpc:DeleteVpcPrefixList	DeleteVpcPrefixList	delete	*PrefixList `acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}`	None	None
vpc:ModifyHaVipAttribute	ModifyHaVipAttribute	update	*HaVip `acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}`	None	None
vpc:CreateIpv6EgressOnlyRule	CreateIpv6EgressOnlyRule	create	*Ipv6EgressRule `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	None	None
vpc:DeleteVSwitch	DeleteVSwitch	delete	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	None	None
vpc:DissociateRouteTableFromGateway	DissociateRouteTableFromGateway	get	Ipv4Gateway `acs:vpc:{#regionId}:{#accountId}:ipv4gateway/{#ipv4gatewayId}` RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#routetableId}`	None	None
vpc:DescribeRouteEntryList	DescribeRouteEntryList	get	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:DescribeTags	DescribeTags	get	全部资源 ``	vpc:tag	None
vpc:DeleteVpc	DeleteVpc	delete	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	vpc:tag	None
vpc:UpdateTrafficMirrorFilterRuleAttribute	UpdateTrafficMirrorFilterRuleAttribute	update	*TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	None	None
vpc:PublishVpcRouteEntries	PublishVpcRouteEntries	update	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	None	None
vpc:ModifyVpcAttribute	ModifyVpcAttribute	update	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	vpc:tag	None
vpc:CreateRouterInterface	CreateRouterInterface	create	VirtualBorderRouter `acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}` RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/*`	vpc:TargetAccountRDId	None
vpc:UpdateTrafficMirrorFilterAttribute	UpdateTrafficMirrorFilterAttribute	update	*TrafficMirrorFilter `acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}`	None	None
vpc:ModifyRouterInterfaceSpec	ModifyRouterInterfaceSpec	update	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	None	None
vpc:DeleteIpv6EgressOnlyRule	DeleteIpv6EgressOnlyRule	delete	*Ipv6Gateway `acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}`	None	None
vpc:CreateVSwitchCidrReservation	CreateVSwitchCidrReservation	create	VSwitchCidrReservation `acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/`	None	None
vpc:DescribeRouteTables	DescribeRouteTables	list	*RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}`	vpc:VBR vpc:VRouter	None
vpc:DeleteVSwitchCidrReservation	DeleteVSwitchCidrReservation	delete	*VSwitchCidrReservation `acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/{#VSwitchCidrReservationId}`	None	None
vpc:SwitchActiveRouteTarget	SwitchActiveRouteTarget	update	*RouteTargetGroup `acs:vpc:{#regionId}:{#accountId}:routetargetgroup/{#RouteTargetGroupId}`	None	None
vpc:DescribeNetworkAclAttributes	DescribeNetworkAclAttributes	get	*NetworkAcl `acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId}`	None	None
vpc:DescribeVpcs	DescribeVpcs	list	VPC `acs:vpc:{#regionId}:{#accountId}:vpc/*` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VPCId}`	vpc:tag	None
vpc:AttachDhcpOptionsSetToVpc	AttachDhcpOptionsSetToVpc	update	DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:ActivateRouterInterface	ActivateRouterInterface	update	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	None	None
vpc:UnTagResources	UnTagResources	update	Address `acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}` NatGateway `acs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId}` RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	vpc:tag	None
vpc:DeleteIpv6InternetBandwidth	DeleteIpv6InternetBandwidth	delete	*Ipv6InternetBandwidth `acs:vpc:{#regionId}:{#accountId}:ipv6bandwidth/{#Ipv6InternetBandwidthId}`	None	None
vpc:ModifyVSwitchAttribute	ModifyVSwitchAttribute	update	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}`	None	None
vpc:DescribeTagKeys	DescribeTagKeys	get	全部资源 ``	None	None
vpc:DescribeRouterInterfaceAttribute	DescribeRouterInterfaceAttribute	get	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	None	None
vpc:UnassociateHaVip	UnassociateHaVip	delete	Instance `acs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId}` HaVip `acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}`	None	None
vpc:AssociateRouteTable	AssociateRouteTable	update	*VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId}`	None	None
vpc:CreateRouteTable	CreateRouteTable	create	RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/`	None	None
vpc:ReplaceVpcDhcpOptionsSet	ReplaceVpcDhcpOptionsSet	update	DhcpOptionsSet `acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId}` VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:CreateVSwitch	CreateVSwitch	create	VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}` VSwitch `acs:vpc:{#regionId}:{#accountId}:vswitch/*`	vpc:tag	None
vpc:DeleteRouterInterface	DeleteExpressConnect	delete	*RouterInterface `acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}`	None	None
vpc:DescribeRouteTableList	DescribeRouteTableList	list	RouteTable `acs:vpc:{#regionId}:{#accountId}:routetable/`	vpc:VRouter vpc:VBR	None
vpc:ModifyIpv6AddressAttribute	ModifyIpv6AddressAttribute	update	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:GetVpcGatewayEndpointAttribute	GetVpcGatewayEndpointAttribute	get	*GatewayEndpoint `acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId}`	None	None
vpc:GetVSwitchCidrReservationUsage	GetVSwitchCidrReservationUsage	get	*VSwitchCidrReservation `acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/{#VSwitchCidrReservationId}`	None	None
vpc:ListRouteTargetGroups	ListRouteTargetGroups	list	RouteTargetGroup `acs:vpc:{#regionId}:{#accountId}:routetargetgroup/`	None	None
vpc:ModifyVRouterAttribute	ModifyVRouterAttribute	update	*VRouter `acs:vpc:{#regionId}:{#accountId}:vrouter/{#VRouterId}`	None	None
vpc:EnableVpcClassicLink	EnableVpcClassicLink	update	*VPC `acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}`	None	None
vpc:ReleaseIpv6Address	ReleaseIpv6Address	delete	*Ipv6Address `acs:vpc:{#regionId}:{#accountId}:ipv6address/{#Ipv6AddressId}`	None	None

Resource

Tabel berikut mencantumkan resource yang ditentukan oleh 专有网络VPC. Tentukan resource tersebut dalam elemen Resource pada pernyataan kebijakan RAM untuk memberikan izin terhadap operasi tertentu. Resource tersebut diidentifikasi secara unik menggunakan ARN dengan format: acs:{#ramcode}:{#regionId}:{#accountId}:{#resourceType}:

acs: Singkatan dari Alibaba Cloud service, yang menunjukkan cloud publik Alibaba Cloud.
{#ramcode}: Kode yang digunakan dalam RAM untuk menunjukkan layanan Alibaba Cloud.
{#regionId}: region ID. Jika resource mencakup semua wilayah, atur nilainya menjadi tanda bintang (*).
{#accountId}: ID akun Alibaba Cloud. Jika resource mencakup semua akun Alibaba Cloud, atur nilainya menjadi tanda bintang (*).
{#resourceType}: Identifier resource yang ditentukan oleh layanan. Mendukung struktur hierarkis, mirip dengan path file. Jika pernyataan mencakup resource global, atur nilainya menjadi tanda bintang (*).

Tipe resource	ARN
FlowLog	acs:vpc:{#regionId}:{#accountId}:flowlog/* acs:vpc:{#regionId}:{#accountId}:flowlog/{#FlowLogId}
VpnConnection	acs:vpc:{#regionId}:{#accountId}:vpnconnection/{#VpnConnectionId} acs:vpc:{#regionId}:{#accountId}:vpnconnection/* acs:vpc:{#regionId}:{#accountId}:* acs:vpc:{#Region}:{#AccountId}:vpnconnection/{#VpnConnectionId}
VirtualBorderRouter	acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId} acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId} acs:vpc::{#accountId}:virtualborderrouter/{#VirtualBorderRouterId} acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#InstanceId} acs:vpc:{#regionId}:{#AccountId}:virtualborderrouter/
FlowLogService	acs:vpc:{#regionId}:{#accountId}:flowlog/*
NatGateway	acs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId} acs:vpc:{#regionId}:{#accountId}:natgateway/* acs:natgateway:{#regionId}:{#accountId}:natgateway/{#NatGatewayId}
BandwidthPackage	acs:vpc:{#regionId}:{#accountId}:combandwidthpackage/{#BandwidthPackageId} acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}
PhysicalConnection	acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId} acs:vpc:{#regionId}:{#accountId}:physicalconnection/*
RouterInterface	acs:vpc:{#regionId}:{#AccountId}:routerinterface/{#RouterInterfaceId} acs:vpc:{#regionId}:{#accountId}:routerinterface/*
TrafficQos	acs:vpc:{#regionId}:{#accountId}:trafficqos/{#QosId} acs:vpc:{#regionId}:{#accountId}:TrafficQos/*
SnatTable	acs:vpc:{#regionId}:{#accountId}:snattable/{#SnatTableId}
Ipv6Translator	acs:vpc:{#regionId}:{#accountId}:ipv6trans/{#Ipv6TranslatorId} acs:vpc:{#regionId}:{#accountId}:ipv6trans/*
VPC	acs:vpc:{#regionId}:{#accountId}:vpc/* acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId} acs:vpc:{#regionId}:{#accountId}:vpc/{#InstanceId}
Ipv6Gateway	acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId} acs:vpc:{#regionId}:{#accountId}:ipv6gateway/*
VpnGateway	acs:vpc:{#regionId}:{#accountId}:vpngateway/* acs:vpc:{#regionId}:{#accountId}:vpngateway/{#VpnGatewayId} acs:vpc:{#regionId}:{#accountId}:vpngateway/{#VpnInstanceId} acs:vpc:{#Region}:{#AccountId}:vpngateway/{#VpnInstanceId} acs:vpc:{#regionId}:{#accountId}:
PublicIpAddressPool	acs:vpc:{#regionId}:{#accountId}:publicipaddresspool/* acs:vpc:{#regionId}:{#accountId}:publicipaddresspool/{#PublicIpAddressPoolId}
FullNat	acs:vpc:{#regionId}:{#accountId}:vpcfullnattable/{#FullNatTableId}
Ipv4Gateway	acs:vpc:{#regionId}:{#accountId}:ipv4gateway/{#ipv4gatewayId} acs:vpc:{#regionId}:{#accountId}:ipv4gateway/*
NetworkAcl	acs:vpc:{#regionId}:{#accountId}:networkacl/{#NetworkAclId} acs:vpc:{#regionId}:{#accountId}:networkacl/*
Address	acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId} acs:vpc:{#regionId}:{#accountId}:eip/*
ForwardTable	acs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId}
RouteTable	acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId} acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTable} acs:vpc:{#regionId}:{#accountId}:routetable/*
IpsecServer	acs:vpc:{#regionId}:{#accountId}:vpnipsecserver/{#IpsecServerId} acs:vpc:{#Region}:{#AccountId}: vpnipsecserver/{#IpsecServerId} acs:vpc:{#regionId}:{#accountId}:ipsecserver/* acs:vpc:{#regionId}:{#accountId}: vpnipsecserver/{#IpsecServerId}
VSwitch	acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId} acs:vpc:{#regionid}:{#accountId}:vswitch/*
SegmentAddress	acs:eip:{#regionId}:{#accountId}:eipsegment/{#SegmentInstanceId} acs:vpc:{#regionId}:{#accountId}:eip/* acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}
TrafficMirrorFilter	acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/* acs:vpc:{#regionId}:{#accountId}:trafficmirrorfilter/{#TrafficMirrorFilterId}
Instance	acs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId} acs:ecs:{#regionId}:{#accountId}:instance/{#Instanceid} acs:ecs:{#regionId}:{#accountId}:instance/*
Association	acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}
GatewayEndpoint	acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/{#GatewayEndpointId} acs:vpc:{#regionId}:{#accountId}:gatewayendpoint/*
CustomerGateway	acs:vpc:{#regionId}:{#accountId}:customergateway/* acs:vpc:{#regionId}:{#accountId}:customergateway/{#CustomerGatewayId} acs:vpc:{#Region}:{#AccountId}:customergateway/{#CustomerGatewayId}
CommonBandwidthPackage	acs:vpc:{#regionId}:{#accountId}:combandwidthpackage/{#CommonBandwidthPackageId} acs:vpc:{#regionId}:{#accountId}:combandwidthpackage/*
RouteTargetGroup	acs:vpc:{#regionId}:{#accountId}:routetargetgroup/{#RouteTargetGroupId} acs:vpc:{#regionId}:{#accountId}:routetargetgroup/*
PrefixList	acs:vpc:{#regionId}:{#accountId}:prefixlist/{#PrefixListId} acs:vpc:{#regionId}:{#accountId}:prefixlist/*
VpnConnections	acs:vpc:{#regionId}:{#accountId}:vpnconnection/{#VpnConnectionId}
GlobalAccelerationInstance	acs:vpc:{#regionId}:{#accountId}:globalaccelerationinstance/{#GlobalAccelerationInstanceId} acs:vpc:{#regionId}:{#accountId}:globalaccelerationinstance/* acs:vpc:{#regionId}:{#accountId}:GlobalAccelerationInstance/*
HaVip	acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId} acs:vpc:{#regionId}:{#accountId}:havip/*
SslVpnServer	acs:vpc:{#regionId}:{#accountId}:sslvpnserver/* acs:vpc:{#regionId}:{#accountId}:sslvpnserver/{#SslVpnServerId} acs:vpc:{#Region}:{#AccountId}:sslvpnserver/{#SslVpnServerId}
TrafficMirrorSession	acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/* acs:vpc:{#regionId}:{#accountId}:trafficmirrorsession/{#TrafficMirrorSessionId}
Eip	acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId} acs:vpc:{#regionId}:{#accountId}:eip/{#EipId}
DhcpOptionsSet	acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/{#DhcpOptionsSetId} acs:vpc:{#regionId}:{#accountId}:dhcpoptionsset/*
SslVpnClientCert	acs:vpc:{#regionId}:{#accountId}:sslvpnclientcert/* acs:vpc:{#regionId}:{#accountId}:sslvpnclientcert/{#SslVpnClientCertId}
TrafficMirrorService	acs:vpc:{#regionId}:{#accountId}:trafficmirror/*
Ipv6InternetBandwidth	acs:vpc:{#regionId}:{#accountId}:vpc/* acs:vpc:{#regionId}:{#accountId}:ipv6bandwidth/* acs:vpc:{#regionId}:{#accountId}:ipv6bandwidth/{#Ipv6InternetBandwidthId}
Ipv6Address	acs:vpc:{#regionId}:{#accountId}:ipv6address/* acs:vpc:{#regionId}:{#accountId}:ipv6address/{#Ipv6AddressId}
VpnCertificateAttachment	acs:vpc:{#regionId}:{#accountId}:vpncertificateattachment/{#VpnGatewayId}/{#CertificateType}/{#CertificateId}
IPv6Translator	acs:vpc:{#regionId}:{#accountId}:ipv6trans/* acs:vpc:{#regionId}:{#accountId}:ipv6trans/{#IPv6TranslatorId}
VRouter	acs:vpc:{#regionId}:{#accountId}:vrouter/* acs:vpc:{#regionId}:{#accountId}:vrouter/{#VRouterId}
GrantRuleToCen	acs:vpc:{#regionId}:{#accountId}:vpc/{#InstanceId}
VSwitchCidrReservation	acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/* acs:vpc:{#regionId}:{#accountId}:vswitchcidrreservation/{#VSwitchCidrReservationId}
GatewayInfo	acs:vpc:{#regionId}:{#accountId}:eip/*
SnatEntry	acs:vpc:{#regionId}:{#accountId}:snattable/*
VpnAttachment	acs:vpc:{#Region}:{#AccountId}:vpnattachment/{#VpnConnectionId}
PublicIpAddressPoolService	acs:vpc:{#regionId}:{#accountId}:publicipaddresspoolservice/*
RouteEntry	acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}
Ipv6EgressRule	acs:vpc:{#regionId}:{#accountId}:ipv6gateway/{#Ipv6GatewayId}
physicalconnection	acs:vpc:{#regionId}:{#accountId}:physicalconnection/*

Condition

Tabel berikut mencantumkan condition key tingkat produk yang didefinisikan oleh 专有网络VPC. Anda juga dapat menggunakan Common condition keys dari Alibaba Cloud. Tentukan kunci-kunci ini dalam elemen Condition pada pernyataan kebijakan RAM untuk menetapkan aturan otorisasi yang lebih terperinci. Dalam condition key, tentukan nilai kondisi dalam elemen Condition_value pada kebijakan.

Setiap condition key memiliki tipe data tertentu, seperti string, number, Boolean, atau alamat IP. Tipe data tersebut menentukan operator kondisional mana yang dapat digunakan untuk membandingkan nilai permintaan dengan nilai kebijakan. Anda harus menentukan operator kondisional yang kompatibel dengan tipe data condition key tersebut. Operator yang tidak sesuai akan membuat kebijakan tidak berlaku. Lihat Condition operator untuk kombinasi yang valid.

Condition key	Deskripsi	Tipe data
vpc:VRouter	Informasi router	String
vpc:VPC	Informasi VPC	String
vpc:tag	Tag dari VPC	String
vpc:TargetAccountRDId	Informasi ID direktori sumber daya pengguna peer	String
vpc:PhysicalConnection	Informasi saluran sewa fisik (Express Connect)	String
vpc:VBR	Informasi Virtual Border Router (VBR)	String

Cara membuat kebijakan RAM kustom?

Anda dapat membuat kebijakan kustom dan memberikannya kepada RAM user, RAM user group, atau RAM role. Untuk caranya, lihat: