RAM authorization - CDN - Alibaba Cloud ドキュメントセンター

Resource Access Management (RAM) is a service provided by Alibaba Cloud to manage user identities and resource access permissions. Using RAM helps you avoid sharing your Alibaba Cloud account keys with other users and allows you to grant users the least privilege access. RAM uses permission policies to define authorizations. This topic describes the general structure of a RAM policy, and the policy statement elements (Action, Resource, and Condition) defined by CDN for RAM permission policies. The RAM code (RamCode) for CDN is cdn , and the supported authorization granularity is RESOURCE .

General structure of a policy

Permission policies support JSON format with the following general structure:

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}

The following list describes the fields in the policy:

Version: Specifies the policy version number. It is fixed at 1.
Statement:
- Effect: Specifies the authorization result. Valid values: Allow and Deny.
- Action: Specifies one or more operations that are allowed or denied.
- Resource: Specifies the specific objects affected by the operations. You can use Alibaba Cloud Resource Names (ARNs) to describe specific resources.
- Condition: Specifies the conditions for the authorization to take effect. This field is optional.
  - Condition operator: Specifies the conditional operators. Different types of conditions support different conditional operators.
  - Condition_key: Specifies the condition keys.
  - Condition_value: Specifies the condition values.

Action

The following table lists the actions defined by CDN. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that support authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding ARN in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys that are applicable across all RAM-integrated services. For more information, see Common condition keys.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action	API	Access level	Resource type	Condition key	Dependent action
cdn:DescribeDomainQpsDataByLayer	DescribeDomainQpsDataByLayer	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:ModifyCdnDomainSchdmByProperty	ModifyCdnDomainSchdmByProperty	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnDomainDetail	DescribeCdnDomainDetail	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnCertificateList	DescribeCdnCertificateList	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnUserBillPrediction	DescribeCdnUserBillPrediction	none	All Resource ``	None	None
cdn:DescribeTagResources	DescribeTagResources	get	All Resource ``	None	None
cdn:DescribeDomainCcActivityLog	DescribeDomainCcActivityLog	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:SetWaitingRoomConfig	SetWaitingRoomConfig	update	All Resource ``	None	None
cdn:CreateUserUsageDataExportTask	CreateUserUsageDataExportTask	none	All Resource ``	None	None
cdn:PublishStagingConfigToProduction	PublishStagingConfigToProduction	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeRealtimeDeliveryAcc	DescribeRealtimeDeliveryAcc	get	All Resource ``	None	None
cdn:RefreshObjectCaches	RefreshObjectCaches	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:CreateCdnCertificateSigningRequest	CreateCdnCertificateSigningRequest	create	All Resource ``	None	None
cdn:DescribeDomainHttpCodeDataByLayer	DescribeDomainHttpCodeDataByLayer	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnFullDomainsBlockIPConfig	DescribeCdnFullDomainsBlockIPConfig	none	All Resource ``	None	None
cdn:DeleteCdnSubTask	DeleteCdnSubTask	delete	All Resource ``	None	None
cdn:DescribeCdnWafDomain	DescribeCdnWafDomain	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainMultiUsageData	DescribeDomainMultiUsageData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainRealTimeTrafficData	DescribeDomainRealTimeTrafficData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnFullDomainsBlockIPHistory	DescribeCdnFullDomainsBlockIPHistory	none	All Resource ``	None	None
cdn:DescribeCdnReport	DescribeCdnReport	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainAverageResponseTime	DescribeDomainAverageResponseTime	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}` Domain `acs:cdn:*:{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainSrcHttpCodeData	DescribeDomainSrcHttpCodeData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:TagResources	TagResources	update	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainRealTimeSrcBpsData	DescribeDomainRealTimeSrcBpsData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnDeliverList	DescribeCdnDeliverList	get	All Resource ``	None	None
cdn:ListDomainsByLogConfigId	ListDomainsByLogConfigId	list	All Resource ``	None	None
cdn:DescribeDomainsUsageByDay	DescribeDomainsUsageByDay	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DeleteSpecificStagingConfig	DeleteSpecificStagingConfig	delete	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:RefreshObjectCacheByCacheTag	RefreshObjectCacheByCacheTag	none	All Resource ``	None	None
cdn:BatchUpdateCdnDomain	BatchUpdateCdnDomain	update	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnUserResourcePackage	DescribeCdnUserResourcePackage	get	All Resource ``	None	None
cdn:DescribeEsExecuteData	DescribeEsExecuteData	none	All Resource ``	None	None
cdn:StopCdnDomain	StopCdnDomain	update	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeL2VipsByDomain	DescribeL2VipsByDomain	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainQpsData	DescribeDomainQpsData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:UpdateCdnSubTask	UpdateCdnSubTask	update	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainVerifyData	DescribeDomainVerifyData	get	All Resource ``	None	None
cdn:SetCdnFullDomainsBlockIP	SetCdnFullDomainsBlockIP	update	All Resource ``	None	None
cdn:DescribeDomainRealTimeReqHitRateData	DescribeDomainRealTimeReqHitRateData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:BatchStartCdnDomain	BatchStartCdnDomain	update	Domain `acs:cdn::{#accountId}:domain/{#DomainNames}`	None	None
cdn:DescribeDomainMax95BpsData	DescribeDomainMax95BpsData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DeleteUserUsageDataExportTask	DeleteUserUsageDataExportTask	none	All Resource ``	None	None
cdn:DescribeCdnUserDomainsByFunc	DescribeCdnUserDomainsByFunc	get	All Resource ``	None	None
cdn:DescribeUserTags	DescribeUserTags	get	All Resource ``	None	None
cdn:DescribeDomainRealTimeSrcHttpCodeData	DescribeDomainRealTimeSrcHttpCodeData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:AddFCTrigger	AddFCTrigger	create	All Resource ``	None	None
cdn:SetCdnDomainSMCertificate	SetCdnDomainSMCertificate	none	All Resource ``	None	None
cdn:DescribeDomainUsageData	DescribeDomainUsageData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeUserUsageDetailDataExportTask	DescribeUserUsageDetailDataExportTask	get	All Resource ``	None	None
cdn:DescribeDomainCname	DescribeDomainCname	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:ModifyCdnService	ModifyCdnService	none	All Resource ``	None	None
cdn:DescribeRefreshQuota	DescribeRefreshQuota	get	All Resource ``	None	None
cdn:DeleteFCTrigger	DeleteFCTrigger	delete	All Resource ``	None	None
cdn:DescribePreloadDetailById	DescribePreloadDetailById	get	All Resource ``	None	None
cdn:UntagResources	UntagResources	update	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:VerifyDomainOwner	VerifyDomainOwner	get	All Resource ``	None	None
cdn:DescribeCdnDomainConfigs	DescribeCdnDomainConfigs	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnReportList	DescribeCdnReportList	get	All Resource ``	None	None
cdn:DisableRealtimeLogDelivery	DisableRealtimeLogDelivery	update	All Resource ``	None	None
cdn:DescribeDomainTopUrlVisit	DescribeDomainTopUrlVisit	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnDeletedDomains	DescribeCdnDeletedDomains	get	All Resource ``	None	None
cdn:DeleteSpecificConfig	DeleteSpecificConfig	delete	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnService	DescribeCdnService	get	All Resource ``	None	None
cdn:DescribeDomainRealTimeQpsData	DescribeDomainRealTimeQpsData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainPathData	DescribeDomainPathData	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainRealtimeLogDelivery	DescribeDomainRealtimeLogDelivery	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:ListFCTrigger	ListFCTrigger	get	All Resource ``	None	None
cdn:DescribeCdnRegionAndIsp	DescribeCdnRegionAndIsp	none	All Resource ``	None	None
cdn:DescribeCdnConditionIPBInfo	DescribeCdnConditionIPBInfo	none	All Resource ``	None	None
cdn:DescribeCdnCertificateDetailById	DescribeCdnCertificateDetailById	get	All Resource ``	None	None
cdn:DeleteRealTimeLogLogstore	DeleteRealTimeLogLogstore	get	All Resource ``	None	None
cdn:DescribeUserUsageDataExportTask	DescribeUserUsageDataExportTask	get	All Resource ``	None	None
cdn:DescribeIpStatus	DescribeIpStatus	none	All Resource ``	None	None
cdn:OpenCdnService	OpenCdnService	none	All Resource ``	None	None
cdn:EnableRealtimeLogDelivery	EnableRealtimeLogDelivery	update	All Resource ``	None	None
cdn:DescribeCdnCertificateDetail	DescribeCdnCertificateDetail	none	All Resource ``	None	None
cdn:ListRealtimeLogDeliveryDomains	ListRealtimeLogDeliveryDomains	update	All Resource ``	None	None
cdn:DescribeDomainRealTimeBpsData	DescribeDomainRealTimeBpsData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DeleteRealtimeLogDelivery	DeleteRealtimeLogDelivery	update	Domain `acs:cdn::{#accountId}:domain/{#Domain}`	None	None
cdn:StartCdnDomain	StartCdnDomain	update	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainUvData	DescribeDomainUvData	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainTopClientIpVisit	DescribeDomainTopClientIpVisit	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeEsExceptionData	DescribeEsExceptionData	get	All Resource ``	None	None
cdn:DescribeCdnOrderCommodityCode	DescribeCdnOrderCommodityCode	none	All Resource ``	None	None
cdn:DescribeUserVipsByDomain	DescribeUserVipsByDomain	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeVerifyContent	DescribeVerifyContent	get	All Resource ``	None	None
cdn:DescribeUserCertificateExpireCount	DescribeUserCertificateExpireCount	get	All Resource ``	None	None
cdn:DescribeRefreshTaskById	DescribeRefreshTaskById	get	All Resource ``	None	None
cdn:DescribeCustomLogConfig	DescribeCustomLogConfig	get	All Resource ``	None	None
cdn:BatchDescribeCdnIpInfo	BatchDescribeCdnIpInfo	get	All Resource ``	None	None
cdn:DescribeDomainTrafficData	DescribeDomainTrafficData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainISPData	DescribeDomainISPData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainRealTimeSrcTrafficData	DescribeDomainRealTimeSrcTrafficData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainSrcBpsData	DescribeDomainSrcBpsData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainCustomLogConfig	DescribeDomainCustomLogConfig	get	Domain `acs:cdn::{#accountId}:domain/{#domainId}`	None	None
cdn:CreateCdnDeliverTask	CreateCdnDeliverTask	create	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:CreateUsageDetailDataExportTask	CreateUsageDetailDataExportTask	none	Domain `acs:cdn::{#accountId}:domain/{#DomainNames}`	None	None
cdn:DescribeDomainTopReferVisit	DescribeDomainTopReferVisit	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainBpsDataByLayer	DescribeDomainBpsDataByLayer	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainDetailDataByLayer	DescribeDomainDetailDataByLayer	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:CreateRealTimeLogDelivery	CreateRealTimeLogDelivery	create	Domain `acs:cdn::{#accountId}:domain/{#Domain}`	None	None
cdn:DescribeDomainRealTimeHttpCodeData	DescribeDomainRealTimeHttpCodeData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DeleteUsageDetailDataExportTask	DeleteUsageDetailDataExportTask	none	All Resource ``	None	None
cdn:BatchDeleteCdnDomainConfig	BatchDeleteCdnDomainConfig	delete	Domain `acs:cdn::{#accountId}:domain/{#DomainNames}`	None	None
cdn:SetCdnDomainStagingConfig	SetCdnDomainStagingConfig	update	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeTopDomainsByFlow	DescribeTopDomainsByFlow	none	All Resource ``	None	None
cdn:DescribeDomainHitRateData	DescribeDomainHitRateData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainRealTimeDetailData	DescribeDomainRealTimeDetailData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:ModifyRealtimeLogDelivery	ModifyRealtimeLogDelivery	update	All Resource ``	None	None
cdn:BatchStopCdnDomain	BatchStopCdnDomain	update	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnSMCertificateDetail	DescribeCdnSMCertificateDetail	none	All Resource ``	None	None
cdn:CheckCdnDomainExist	CheckCdnDomainExist	none	Domain `acs:cdn::{#AccountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnSubList	DescribeCdnSubList	get	All Resource ``	None	None
cdn:DescribeDomainsBySource	DescribeDomainsBySource	none	All Resource ``	None	None
cdn:DescribeCdnUserBillType	DescribeCdnUserBillType	none	All Resource ``	None	None
cdn:DescribeDomainRegionData	DescribeDomainRegionData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeUserConfigs	DescribeUserConfigs	get	All Resource ``	None	None
cdn:DeleteCdnDomain	DeleteCdnDomain	delete	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:ListUserCustomLogConfig	ListUserCustomLogConfig	list	All Resource ``	None	None
cdn:DescribeCdnSSLCertificateList	DescribeCdnSSLCertificateList	get	Domain `acs:cdn:*:{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainCertificateInfo	DescribeDomainCertificateInfo	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:ListTagResources	ListTagResources	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainPvData	DescribeDomainPvData	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainSrcTopUrlVisit	DescribeDomainSrcTopUrlVisit	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnUserConfigs	DescribeCdnUserConfigs	get	All Resource ``	None	None
cdn:DescribeUserDomains	DescribeUserDomains	get	Domain `acs:cdn::{#accountId}:domain/*`	None	None
cdn:DescribeCdnUserQuota	DescribeCdnUserQuota	get	All Resource ``	None	None
cdn:DescribeBlockedRegions	DescribeBlockedRegions	get	All Resource ``	None	None
cdn:SetCdnDomainCSRCertificate	SetCdnDomainCSRCertificate	update	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:BatchSetCdnDomainConfig	BatchSetCdnDomainConfig	update	Domain `acs:cdn::{#accountId}:domain/{#DomainNames}`	None	ram:CreateServiceLinkedRole
cdn:ListRealtimeLogDelivery	ListRealtimeLogDelivery	get	All Resource ``	None	None
cdn:SetCdnDomainSSLCertificate	SetCdnDomainSSLCertificate	update	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnSMCertificateList	DescribeCdnSMCertificateList	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnHttpsDomainList	DescribeCdnHttpsDomainList	get	All Resource ``	None	None
cdn:DescribeDomainReqHitRateData	DescribeDomainReqHitRateData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:CreateCdnSubTask	CreateCdnSubTask	create	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainBpsDataByTimeStamp	DescribeDomainBpsDataByTimeStamp	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnSecFuncInfo	DescribeCdnSecFuncInfo	get	All Resource ``	None	None
cdn:BatchAddCdnDomain	BatchAddCdnDomain	create	Domain `acs:cdn::{#accountId}:domain/*`	None	None
cdn:ModifyCdnDomainOwner	ModifyCdnDomainOwner	update	All Resource ``	None	None
cdn:DescribeCdnTypes	DescribeCdnTypes	none	All Resource ``	None	None
cdn:DescribeDomainBpsData	DescribeDomainBpsData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnDomainByCertificate	DescribeCdnDomainByCertificate	get	All Resource ``	None	None
cdn:UpdateFCTrigger	UpdateFCTrigger	update	All Resource ``	None	None
cdn:DescribeFCTrigger	DescribeFCTrigger	get	All Resource ``	None	None
cdn:DescribeStagingIp	DescribeStagingIp	get	All Resource ``	None	None
cdn:DescribeRefreshTasks	DescribeRefreshTasks	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:UpdateCdnDeliverTask	UpdateCdnDeliverTask	update	DeliverTask `acs:cdn::{#accountId}:delivertask/{#DeliverId}`	None	None
cdn:ListRealtimeLogDeliveryInfos	ListRealtimeLogDeliveryInfos	get	All Resource ``	None	None
cdn:DescribeIpInfo	DescribeIpInfo	get	All Resource ``	None	None
cdn:DescribeRangeDataByLocateAndIspService	DescribeRangeDataByLocateAndIspService	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainHttpCodeData	DescribeDomainHttpCodeData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:SetReqHeaderConfig	SetReqHeaderConfig	update	All Resource ``	None	None
cdn:DescribeDomainRealTimeByteHitRateData	DescribeDomainRealTimeByteHitRateData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainSrcQpsData	DescribeDomainSrcQpsData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCertificateInfoByID	DescribeCertificateInfoByID	get	All Resource ``	None	None
cdn:ModifyCdnDomain	ModifyCdnDomain	update	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:CheckCdnDomainICP	CheckCdnDomainICP	none	All Resource ``	None	None
cdn:AddCdnDomain	AddCdnDomain	create	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeUserCdnStatus	DescribeUserCdnStatus	none	All Resource ``	None	None
cdn:DeleteCdnDeliverTask	DeleteCdnDeliverTask	delete	All Resource ``	None	None
cdn:PushObjectCache	PushObjectCache	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnDomainStagingConfig	DescribeCdnDomainStagingConfig	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnDomainLogs	DescribeCdnDomainLogs	get	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeDomainSrcTrafficData	DescribeDomainSrcTrafficData	none	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:RollbackStagingConfig	RollbackStagingConfig	delete	Domain `acs:cdn::{#accountId}:domain/{#DomainName}`	None	None
cdn:DescribeCdnUserBillHistory	DescribeCdnUserBillHistory	none	All Resource ``	None	None

Resource

The following table lists the resources defined by CDN. Specify them in the Resource element of RAM policy statements to grant permissions for specific operations. They are uniquely identified by ARNs. Format: acs:{#ramcode}:{#regionId}:{#accountId}:{#resourceType}:

acs: The initialism of Alibaba Cloud service, which indicates the public cloud of Alibaba Cloud.
{#ramcode}: The code used in RAM to indicate an Alibaba Cloud service.
{#regionId}: The region ID. If the resource covers all regions, set it to an asterisk (*).
{#accountId}: The ID of the Alibaba Cloud account. If the resource covers all Alibaba Cloud accounts, set it to an asterisk (*).
{#resourceType}: The service-defined resource identifier. It supports a hierarchical structure, which is similar to a file path. If the statement covers global resources, set it to an asterisk (*).

Resource type	ARN
Domain	acs:cdn::{#accountId}:domain/{#DomainName} acs:cdn::{#accountId}:domain/* acs:cdn::{#accountId}:domain/{#DomainNames} acs:cdn::{#accountId}:* acs:cdn::{#accountId}:domain/{#Domain} acs:cdn::{#accountId}:domain/{#domainId} acs:cdn::{#AccountId}:domain/{#DomainName}
RealTimeLogDelivery	acs:cdn::{#accountId}:realtimelogdelivery/{#Domain} acs:cdn::{#accountId}:realtimelogdelivery/
DeliverTask	acs:cdn:*:{#accountId}:delivertask/{#DeliverId}

Condition

CDN does not define product-level condition keys. However, you can use Alibaba Cloud common condition keys for access control. For more information, see Common condition keys.

How to create custom RAM policies?

You can create custom policies and grant them to RAM users, RAM user groups, or RAM roles. For instructions, see: