访问控制(RAM)是阿里云提供的管理用户身份与资源访问权限的服务。使用RAM可以让您避免与其他用户共享阿里云账号密钥,并可按需为用户授予最小权限。RAM中使用权限策略描述授权的具体内容。
本文为您介绍ECS为RAM权限策略定义的操作(Action)、资源(Resource)和条件(Condition)。ECS的RAM代码(RamCode)为 ecs,vpc,支持的授权粒度为ECS RESOURCE。
权限策略通用结构
权限策略支持JSON格式,其通用结构如下:
{
"Version": "1",
"Statement": [
{
"Effect": "<Effect>",
"Action": "<Action>",
"Resource": "<Resource>",
"Condition": {
"<Condition_operator>": {
"<Condition_key>": [
"<Condition_value>"
]
}
}
}
]
}- Effect:权限策略效果。取值:Allow(允许)、Deny(拒绝)。
- Action:授予允许或拒绝权限的具体操作。具体信息,请参见操作(Action)。
- Resource:受操作影响的具体对象,您可以使用资源ARN来描述指定资源。具体信息,请参见资源(Resource)。
- Condition:指授权生效的条件。可选字段。具体信息,请参见条件(Condition)。
- Condition_operator:条件运算符,不同类型的条件对应不同的条件运算符。具体信息,请参见权限策略基本元素。
- Condition_key:条件关键字。
- Condition_value:条件关键字对应的值。
操作(Action)
下表是ECS定义的操作,这些操作可以在RAM权限策略语句的Action元素中使用,用来授予执行该操作的权限。下面对表中的具体项提供说明:- 操作:是指具体的权限点。
- API:是指操作对应的API接口。
- 访问级别:是指每个操作的访问级别,取值为写入(Write)、读取(Read)或列出(List)。
- 资源类型:是指操作中支持授权的资源类型。具体说明如下:
- 对于必选的资源类型,用前面加 * 表示。
- 对于不支持资源级授权的操作,用
全部资源表示。
- 条件关键字:是指云产品自身定义的条件关键字。该列不体现适用于任何操作的通用条件关键字。
- 关联操作:是指成功执行操作所需要的其他权限。操作者必须同时具备关联操作的权限,操作才能成功。
| 操作 | API | 访问级别 | 资源类型 | 条件关键字 | 关联操作 |
|---|---|---|---|---|---|
| ecs:AcceptInquiredSystemEvent | AcceptInquiredSystemEvent | update | *全部资源 * | 无 | 无 |
| ecs:AddTags | AddTags | create | *全部资源 * | 无 | 无 |
| ecs:AllocateDedicatedHosts | AllocateDedicatedHosts | create | *DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/* | 无 | 无 |
| ecs:AllocatePublicIpAddress | AllocatePublicIpAddress | create | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ApplyAutoSnapshotPolicy | ApplyAutoSnapshotPolicy | update | *Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}*AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId} | 无 | 无 |
| ecs:AssignIpv6Addresses | AssignIpv6Addresses | create | *NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | 无 | 无 |
| ecs:AssignPrivateIpAddresses | AssignPrivateIpAddresses | create | *NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | 无 | 无 |
| ecs:AttachClassicLinkVpc | AttachClassicLinkVpc | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}*VPC acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId} | vpc:tag | 无 |
| ecs:AttachDisk | AttachDisk | update | *Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}*Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:LoginAsNonRoot ecs:PasswordCustomized | 无 |
| ecs:AttachInstanceRamRole | AttachInstanceRamRole | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}*Role acs:ram:{#regionId}:{#accountId}:role/{#roleName} | 无 | 无 |
| ecs:AttachKeyPair | AttachKeyPair | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}*KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairName} | 无 | 无 |
| ecs:AttachNetworkInterface | AttachNetworkInterface | update | *NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}*Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:AuthorizeSecurityGroup | AuthorizeSecurityGroup | create | *全部资源 * | ecs:SecurityGroupIpProtocols ecs:SecurityGroupSourceCidrIps | 无 |
| ecs:AuthorizeSecurityGroupEgress | AuthorizeSecurityGroupEgress | create | *全部资源 * | ecs:SecurityGroupIpProtocols ecs:SecurityGroupSourceCidrIps | 无 |
| ecs:CancelAutoSnapshotPolicy | CancelAutoSnapshotPolicy | update | *Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId} | 无 | 无 |
| ecs:CancelCopyImage | CancelCopyImage | update | *Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | 无 | 无 |
| ecs:CancelImagePipelineExecution | CancelImagePipelineExecution | update | *ImagePipeline acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId} | 无 | 无 |
| ecs:CancelSimulatedSystemEvents | CancelSimulatedSystemEvents | update | *全部资源 * | 无 | 无 |
| ecs:CancelTask | CancelTask | update | *全部资源 * | 无 | 无 |
| ecs:ConvertNatPublicIpToEip | ConvertNatPublicIpToEip | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:CopyImage | CopyImage | update | *Image acs:ecs:{#regionId}:{#accountId}:image/* | 无 | 无 |
| ecs:CopySnapshot | CopySnapshot | create | *Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | 无 | 无 |
| ecs:CreateActivation | CreateActivation | create | *Activation acs:ecs:{#regionId}:{#accountId}:activation/* | 无 | 无 |
| ecs:CreateAutoProvisioningGroup | CreateAutoProvisioningGroup | create | *全部资源 * | 无 | 无 |
| ecs:CreateAutoSnapshotPolicy | CreateAutoSnapshotPolicy | create | *AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/* | 无 | 无 |
| ecs:CreateCapacityReservation | CreateCapacityReservation | create | *CapacityReservation acs:ecs:{#regionId}:{#accountId}:capacityreservation/* | 无 | 无 |
| ecs:CreateCommand | CreateCommand | create | *Command acs:ecs:{#regionId}:{#accountId}:command/* | 无 | 无 |
| ecs:CreateDedicatedHostCluster | CreateDedicatedHostCluster | create | *全部资源 * | 无 | 无 |
| ecs:CreateDeploymentSet | CreateDeploymentSet | create | *全部资源 * | 无 | 无 |
| ecs:CreateDiagnosticMetricSet | CreateDiagnosticMetricSet | create | *全部资源 * | 无 | 无 |
| ecs:CreateDiagnosticReport | CreateDiagnosticReport | create | *全部资源 * | 无 | 无 |
| ecs:CreateDisk | CreateDisk | create | Disk acs:ecs:{#regionId}:{#accountId}:disk/*Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | ecs:IsDiskEncrypted ecs:IsDiskByokEncrypted | 无 |
| ecs:CreateElasticityAssurance | CreateElasticityAssurance | create | *ElasticityAssurance acs:ecs:{#regionId}:{#accountId}:elasticityassurance/* | 无 | 无 |
| ecs:CreateHpcCluster | CreateHpcCluster | create | *HpcCluster acs:ecs:{#regionId}:{#accountId}:hpc/* | 无 | 无 |
| ecs:CreateImage | CreateImage | create | *Image acs:ecs:{#regionId}:{#accountId}:image/*Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | 无 | 无 |
| ecs:CreateImageComponent | CreateImageComponent | create | *ImageComponent acs:ecs:{#regionId}:{#accountId}:imagecomponent/* | 无 | 无 |
| ecs:CreateImagePipeline | CreateImagePipeline | create | *ImagePipeline acs:ecs:{#regionId}:{#accountId}:imagepipeline/* | 无 | 无 |
| ecs:CreateInstance | CreateInstance | create | *全部资源 * | vpc:VPC vpc:IsDefaultVSwitch vpc:IsDefaultVpc ecs:IsDiskEncrypted ecs:InstanceType ecs:InstanceTypeFamily ecs:ImageOwnerId ecs:ImageSource ecs:NotSpecifySecurityGroupId ecs:LoginAsNonRoot ecs:IsSystemDiskByokEncrypted ecs:IsDiskByokEncrypted ecs:PasswordInherit ecs:PasswordCustomized ecs:IsSystemDiskEncrypted ecs:ImagePlatform ecs:LoginAsNonRoot ecs:IsSystemDiskByokEncrypted ecs:IsDiskByokEncrypted ecs:PasswordInherit ecs:PasswordCustomized ecs:IsSystemDiskEncrypted ecs:ImagePlatform ecs:SecurityHardeningMode vpc:CreateDefaultVpc ecs:SecurityEnhancementStrategy ecs:AssociatePublicIpAddress | 无 |
| ecs:CreateKeyPair | CreateKeyPair | create | *KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/* | 无 | 无 |
| ecs:CreateLaunchTemplate | CreateLaunchTemplate | create | *LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/* | 无 | 无 |
| ecs:CreateLaunchTemplateVersion | CreateLaunchTemplateVersion | create | *LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId} | 无 | 无 |
| ecs:CreateNetworkInterface | CreateNetworkInterface | create | *NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/**SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}*VSwitch acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId} | vpc:IsDefaultVSwitch vpc:IsDefaultVpc vpc:VPC vpc:tag vpc:tag vpc:tag | 无 |
| ecs:CreateNetworkInterfacePermission | CreateNetworkInterfacePermission | create | *NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | 无 | 无 |
| ecs:CreatePortRangeList | CreatePortRangeList | create | *PortRangeList acs:ecs:{#regionId}:{#accountId}:portrangelist/* | 无 | 无 |
| ecs:CreatePrefixList | CreatePrefixList | create | *全部资源 * | 无 | 无 |
| ecs:CreateSecurityGroup | CreateSecurityGroup | create | *SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/**VPC acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId} | 无 | 无 |
| ecs:CreateSimulatedSystemEvents | CreateSimulatedSystemEvents | create | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:CreateSnapshot | CreateSnapshot | create | *Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}*Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/* | 无 | 无 |
| ecs:CreateSnapshotGroup | CreateSnapshotGroup | create | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}Disk acs:ecs:{#regionId}:{#accountId}:disk/{#DiskId} | 无 | 无 |
| ecs:DeleteActivation | DeleteActivation | delete | *activation acs:ecs:{#regionId}:{#accountId}:activation/{#activationId} | 无 | 无 |
| ecs:DeleteAutoProvisioningGroup | DeleteAutoProvisioningGroup | delete | *AutoProvisioningGroup acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId} | 无 | 无 |
| ecs:DeleteAutoSnapshotPolicy | DeleteAutoSnapshotPolicy | delete | *AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#SnapshotPolicyId} | 无 | 无 |
| ecs:DeleteCommand | DeleteCommand | delete | *Command acs:ecs:{#regionId}:{#accountId}:command/{#commandId} | 无 | 无 |
| ecs:DeleteDedicatedHostCluster | DeleteDedicatedHostCluster | delete | *DedicatedHostCluster acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId} | 无 | 无 |
| ecs:DeleteDeploymentSet | DeleteDeploymentSet | delete | *DeploymentSet acs:ecs:{#regionid}:{#accountId}:deploymentset/{#deploymentSetId} | 无 | 无 |
| ecs:DeleteDiagnosticMetricSets | DeleteDiagnosticMetricSets | delete | *全部资源 * | 无 | 无 |
| ecs:DeleteDiagnosticReports | DeleteDiagnosticReports | delete | *全部资源 * | 无 | 无 |
| ecs:DeleteDisk | DeleteDisk | delete | *Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | 无 | 无 |
| ecs:DeleteHpcCluster | DeleteHpcCluster | delete | *全部资源 * | 无 | 无 |
| ecs:DeleteImage | DeleteImage | delete | *Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | 无 | 无 |
| ecs:DeleteImageComponent | DeleteImageComponent | delete | *ImageComponent acs:ecs:{#regionId}:{#accountId}:imagecomponent/{#imagecomponentId} | 无 | 无 |
| ecs:DeleteImagePipeline | DeleteImagePipeline | delete | *ImagePipeline acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId} | 无 | 无 |
| ecs:DeleteInstance | DeleteInstance | delete | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DeleteInstances | DeleteInstances | delete | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DeleteKeyPairs | DeleteKeyPairs | delete | *KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairName} | 无 | 无 |
| ecs:DeleteLaunchTemplate | DeleteLaunchTemplate | delete | LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId} | 无 | 无 |
| ecs:DeleteLaunchTemplateVersion | DeleteLaunchTemplateVersion | delete | *LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId} | 无 | 无 |
| ecs:DeleteNetworkInterface | DeleteNetworkInterface | delete | *NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | 无 | 无 |
| ecs:DeleteNetworkInterfacePermission | DeleteNetworkInterfacePermission | delete | *NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | 无 | 无 |
| ecs:DeletePortRangeList | DeletePortRangeList | delete | *PortRangeList acs:ecs:{#regionId}:{#accountId}:portrangelist/{#portRangeListId} | 无 | 无 |
| ecs:DeletePrefixList | DeletePrefixList | delete | *PrefixList acs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId} | 无 | 无 |
| ecs:DeleteSecurityGroup | DeleteSecurityGroup | delete | *SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | 无 | 无 |
| ecs:DeleteSnapshot | DeleteSnapshot | delete | *Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | 无 | 无 |
| ecs:DeleteSnapshotGroup | DeleteSnapshotGroup | delete | *SnapshotGroup acs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#snapshotgroupId} | 无 | 无 |
| ecs:DeregisterManagedInstance | DeregisterManagedInstance | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DescribeAccountAttributes | DescribeAccountAttributes | get | *全部资源 * | 无 | 无 |
| ecs:DescribeActivations | DescribeActivations | get | Activation acs:ecs:{#regionId}:{#accountId}:activation/*Activation acs:ecs:{#regionId}:{#accountId}:activation/{#activationId} | 无 | 无 |
| ecs:DescribeAutoProvisioningGroupHistory | DescribeAutoProvisioningGroupHistory | get | *全部资源 * | 无 | 无 |
| ecs:DescribeAutoProvisioningGroupInstances | DescribeAutoProvisioningGroupInstances | get | *AutoProvisioningGroup acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId} | 无 | 无 |
| ecs:DescribeAutoProvisioningGroups | DescribeAutoProvisioningGroups | get | *全部资源 * | 无 | 无 |
| ecs:DescribeAutoSnapshotPolicyAssociations | DescribeAutoSnapshotPolicyAssociations | get | *全部资源 * | 无 | 无 |
| ecs:DescribeAutoSnapshotPolicyEx | DescribeAutoSnapshotPolicyEx | get | AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/*AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId} | 无 | 无 |
| ecs:DescribeBandwidthLimitation | DescribeBandwidthLimitation | get | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DescribeCapacityReservationInstances | DescribeCapacityReservationInstances | get | *CapacityReservation acs:ecs:{#regionId}:{#accountId}:capacityreservation/{#CapacityReservationId} | 无 | 无 |
| ecs:DescribeCapacityReservations | DescribeCapacityReservations | get | *CapacityReservation acs:ecs:{#regionId}:{#accountId}:capacityreservation/* | 无 | 无 |
| ecs:DescribeClassicLinkInstances | DescribeClassicLinkInstances | get | *全部资源 * | 无 | 无 |
| ecs:DescribeCloudAssistantSettings | DescribeCloudAssistantSettings | list | *ServiceSettings acs:ecs:{#regionId}:{#accountId}:servicesettings/{#servicesettingId} | 无 | 无 |
| ecs:DescribeCloudAssistantStatus | DescribeCloudAssistantStatus | get | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DescribeCommands | DescribeCommands | get | Command acs:ecs:{#regionId}:{#accountId}:command/*Command acs:ecs:{#regionId}:{#accountId}:command/{#commandId} | 无 | 无 |
| ecs:DescribeDedicatedHostAutoRenew | DescribeDedicatedHostAutoRenew | get | *DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} | 无 | 无 |
| ecs:DescribeDedicatedHostClusters | DescribeDedicatedHostClusters | get | DedicatedHostCluster acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}DedicatedHostCluster acs:ecs:{#regionId}:{#accountId}:ddhcluster/* | 无 | 无 |
| ecs:DescribeDedicatedHosts | DescribeDedicatedHosts | get | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/*DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} | 无 | 无 |
| ecs:DescribeDeploymentSets | DescribeDeploymentSets | get | *DeploymentSet acs:ecs:{#regionId}:{#accountId}:deploymentset/* | 无 | 无 |
| ecs:DescribeDiagnosticMetricSets | DescribeDiagnosticMetricSets | get | *全部资源 * | 无 | 无 |
| ecs:DescribeDiagnosticMetrics | DescribeDiagnosticMetrics | get | *全部资源 * | 无 | 无 |
| ecs:DescribeDiagnosticReportAttributes | DescribeDiagnosticReportAttributes | get | *全部资源 * | 无 | 无 |
| ecs:DescribeDiagnosticReports | DescribeDiagnosticReports | get | *全部资源 * | 无 | 无 |
| ecs:DescribeDiskDefaultKMSKeyId | DescribeDiskDefaultKMSKeyId | get | *DiskEncryptionDefaultConfig acs:ecs:{#regionId}:{#accountId}:diskencryptiondefaultconfig/* | 无 | 无 |
| ecs:DescribeDiskEncryptionByDefaultStatus | DescribeDiskEncryptionByDefaultStatus | none | *DiskEncryptionDefaultConfig acs:ecs:{#regionId}:{#accountId}:diskencryptiondefaultconfig/* | 无 | 无 |
| ecs:DescribeDiskMonitorData | DescribeDiskMonitorData | get | *Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | 无 | 无 |
| ecs:DescribeDisks | DescribeDisks | list | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}Disk acs:ecs:{#regionId}:{#accountId}:disk/* | 无 | 无 |
| ecs:DescribeDisksFullStatus | DescribeDisksFullStatus | list | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}Disk acs:ecs:{#regionId}:{#accountId}:disk/* | 无 | 无 |
| ecs:DescribeElasticityAssuranceAutoRenewAttribute | DescribeElasticityAssuranceAutoRenewAttribute | get | *ElasticityAssurance acs:ecs:{#regionId}:{#accountId}:elasticityassurance/{#ElasticityAssuranceId} | 无 | 无 |
| ecs:DescribeElasticityAssuranceInstances | DescribeElasticityAssuranceInstances | get | *全部资源 * | 无 | 无 |
| ecs:DescribeElasticityAssurances | DescribeElasticityAssurances | get | *ElasticityAssurance acs:ecs:{#regionId}:{#accountId}:elasticityassurance/* | 无 | 无 |
| ecs:DescribeEniMonitorData | DescribeEniMonitorData | get | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}*Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DescribeHpcClusters | DescribeHpcClusters | get | *HpcCluster acs:ecs:{#regionId}:{#accountId}:hpc/* | 无 | 无 |
| ecs:DescribeImageComponents | DescribeImageComponents | get | *ImageComponent acs:ecs:{#regionId}:{#accountId}:imagecomponent/**ImageComponent acs:ecs:{#regionId}:{#accountId}:imagecomponent/{#imagecomponentId} | 无 | 无 |
| ecs:DescribeImageFromFamily | DescribeImageFromFamily | get | *全部资源 * | 无 | 无 |
| ecs:DescribeImagePipelineExecutions | DescribeImagePipelineExecutions | get | *ImagePipelineExecution acs:ecs:{#regionId}:{#accountId}:imagepipelineexecution/**ImagePipelineExecution acs:ecs:{#regionId}:{#accountId}:imagepipelineexecution/{#ImagePipelineExecutionId}*ImagePipeline acs:ecs:{#regionId}:{#accountId}:imagepipeline/**ImagePipeline acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#ImagePipelineId} | 无 | 无 |
| ecs:DescribeImagePipelines | DescribeImagePipelines | get | *ImagePipeline acs:ecs:{#regionId}:{#accountId}:imagepipeline/**ImagePipeline acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId} | 无 | 无 |
| ecs:DescribeImageSharePermission | DescribeImageSharePermission | get | *Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | 无 | 无 |
| ecs:DescribeImageSupportInstanceTypes | DescribeImageSupportInstanceTypes | get | *Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | 无 | 无 |
| ecs:DescribeImages | DescribeImages | get | Image acs:ecs:{#regionId}:{#accountId}:image/*Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | 无 | 无 |
| ecs:DescribeInstanceAttachmentAttributes | DescribeInstanceAttachmentAttributes | get | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DescribeInstanceAttribute | DescribeInstanceAttribute | get | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DescribeInstanceAutoRenewAttribute | DescribeInstanceAutoRenewAttribute | list | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}Instance acs:ecs:{#regionId}:{#accountId}:instance/* | 无 | 无 |
| ecs:DescribeInstanceHistoryEvents | DescribeInstanceHistoryEvents | get | *全部资源 * | 无 | 无 |
| ecs:DescribeInstanceMaintenanceAttributes | DescribeInstanceMaintenanceAttributes | get | *全部资源 * | 无 | 无 |
| ecs:DescribeInstanceModificationPrice | DescribeInstanceModificationPrice | get | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| ecs:DescribeInstanceMonitorData | DescribeInstanceMonitorData | get | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DescribeInstanceRamRole | DescribeInstanceRamRole | get | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}Role acs:ram:{#regionId}:{#accountId}:role/{#roleName} | 无 | 无 |
| ecs:DescribeInstanceStatus | DescribeInstanceStatus | list | *全部资源 * | 无 | 无 |
| ecs:DescribeInstanceVncUrl | DescribeInstanceVncUrl | get | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DescribeInstances | DescribeInstances | list | Instance acs:ecs:{#regionId}:{#accountId}:instance/*Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ResourceOwner | 无 |
| ecs:DescribeInstancesFullStatus | DescribeInstancesFullStatus | list | *全部资源 * | 无 | 无 |
| ecs:DescribeInvocationResults | DescribeInvocationResults | get | Command acs:ecs:{#regionId}:{#accountId}:command/{#commandId}Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DescribeInvocations | DescribeInvocations | get | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}Command acs:ecs:{#regionId}:{#accountId}:command/{#commandId} | 无 | 无 |
| ecs:DescribeKeyPairs | DescribeKeyPairs | get | KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairName}KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/* | 无 | 无 |
| ecs:DescribeLaunchTemplateVersions | DescribeLaunchTemplateVersions | list | LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/*LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId} | 无 | 无 |
| ecs:DescribeLaunchTemplates | DescribeLaunchTemplates | get | LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/*LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId} | 无 | 无 |
| ecs:DescribeLimitation | DescribeLimitation | get | *全部资源 * | 无 | 无 |
| ecs:DescribeManagedInstances | DescribeManagedInstances | get | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DescribeNetworkInterfaceAttribute | DescribeNetworkInterfaceAttribute | get | *NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | 无 | 无 |
| ecs:DescribeNetworkInterfacePermissions | DescribeNetworkInterfacePermissions | get | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | 无 | 无 |
| ecs:DescribeNetworkInterfaces | DescribeNetworkInterfaces | get | NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | 无 | 无 |
| ecs:DescribePortRangeListAssociations | DescribePortRangeListAssociations | list | *PortRangeList acs:ecs:{#regionId}:{#accountId}:portrangelist/{#portRangeListId} | 无 | 无 |
| ecs:DescribePortRangeListEntries | DescribePortRangeListEntries | list | *PortRangeList acs:ecs:{#regionId}:{#accountId}:portrangelist/{#portRangeListId} | 无 | 无 |
| ecs:DescribePortRangeLists | DescribePortRangeLists | list | *PortRangeList acs:ecs:{#regionId}:{#accountId}:portrangelist/*PortRangeList acs:ecs:{#regionId}:{#accountId}:portrangelist/{#portRangeListId} | 无 | 无 |
| ecs:DescribePrefixListAssociations | DescribePrefixListAssociations | get | *PrefixList acs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId} | 无 | 无 |
| ecs:DescribePrefixListAttributes | DescribePrefixListAttributes | get | *PrefixList acs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId} | 无 | 无 |
| ecs:DescribePrefixLists | DescribePrefixLists | get | *PrefixList acs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId} | 无 | 无 |
| ecs:DescribePrice | DescribePrice | get | *全部资源 * | 无 | 无 |
| ecs:DescribeRenewalPrice | DescribeRenewalPrice | get | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DescribeReservedInstanceAutoRenewAttribute | DescribeReservedInstanceAutoRenewAttribute | get | *ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#ReservedInstanceId} | 无 | 无 |
| ecs:DescribeReservedInstances | DescribeReservedInstances | get | ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/*ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId} | 无 | 无 |
| ecs:DescribeResourceByTags | DescribeResourceByTags | get | *全部资源 * | 无 | 无 |
| ecs:DescribeResourcesModification | DescribeResourcesModification | get | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DescribeSecurityGroupAttribute | DescribeSecurityGroupAttribute | get | *SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag | 无 |
| ecs:DescribeSecurityGroupReferences | DescribeSecurityGroupReferences | get | *SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | 无 | 无 |
| ecs:DescribeSecurityGroups | DescribeSecurityGroups | get | SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/*SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag ecs:tag ecs:tag ecs:tag | 无 |
| ecs:DescribeSendFileResults | DescribeSendFileResults | get | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DescribeSnapshotGroups | DescribeSnapshotGroups | get | SnapshotGroup acs:ecs:{#regionId}:{#accountId}:snapshotgroup/*SnapshotGroup acs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#snapshotgroupId} | 无 | 无 |
| ecs:DescribeSnapshotLinks | DescribeSnapshotLinks | get | *全部资源 * | 无 | 无 |
| ecs:DescribeSnapshotMonitorData | DescribeSnapshotMonitorData | get | *全部资源 * | 无 | 无 |
| ecs:DescribeSnapshotPackage | DescribeSnapshotPackage | get | *全部资源 * | 无 | 无 |
| ecs:DescribeSnapshots | DescribeSnapshots | get | Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/*Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | 无 | 无 |
| ecs:DescribeSnapshotsUsage | DescribeSnapshotsUsage | get | *全部资源 * | 无 | 无 |
| ecs:DescribeStorageCapacityUnits | DescribeStorageCapacityUnits | get | StorageCapacityUnit acs:ecs:{#regionId}:{#accountId}:scu/*StorageCapacityUnit acs:ecs:{#regionId}:{#accountId}:scu/{#scuId} | 无 | 无 |
| ecs:DescribeTags | DescribeTags | get | *全部资源 * | 无 | 无 |
| ecs:DescribeTaskAttribute | DescribeTaskAttribute | get | *全部资源 * | 无 | 无 |
| ecs:DescribeTasks | DescribeTasks | get | *全部资源 * | 无 | 无 |
| ecs:DescribeTerminalSessions | DescribeTerminalSessions | list | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| ecs:DescribeUserBusinessBehavior | DescribeUserBusinessBehavior | get | *全部资源 * | 无 | 无 |
| ecs:DescribeUserData | DescribeUserData | get | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DetachClassicLinkVpc | DetachClassicLinkVpc | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}*VPC acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId} | 无 | 无 |
| ecs:DetachDisk | DetachDisk | update | *Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}*Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DetachInstanceRamRole | DetachInstanceRamRole | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}*Role acs:ram:{#regionId}:{#accountId}:role/{#roleName} | 无 | 无 |
| ecs:DetachKeyPair | DetachKeyPair | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}*KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairName} | 无 | 无 |
| ecs:DetachNetworkInterface | DetachNetworkInterface | update | *NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}*Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:DisableActivation | DisableActivation | update | *Activation acs:ecs:{#regionId}:{#accountId}:activation/{#ActivationId} | 无 | 无 |
| ecs:DisableDiskEncryptionByDefault | DisableDiskEncryptionByDefault | none | *全部资源 * | 无 | 无 |
| ecs:DisableNetworkInterfaceQoS | DisableNetworkInterfaceQoS | update | *NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | 无 | 无 |
| ecs:EnableDiskEncryptionByDefault | EnableDiskEncryptionByDefault | none | *全部资源 * | 无 | 无 |
| ecs:EnableNetworkInterfaceQoS | EnableNetworkInterfaceQoS | update | *NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | 无 | 无 |
| ecs:EndTerminalSession | EndTerminalSession | update | *全部资源 * | 无 | 无 |
| ecs:ExportImage | ExportImage | update | *Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | 无 | 无 |
| ecs:ExportSnapshot | ExportSnapshot | create | *Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | 无 | 无 |
| ecs:GetInstanceConsoleOutput | GetInstanceConsoleOutput | get | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:GetInstanceScreenshot | GetInstanceScreenshot | get | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ImportImage | ImportImage | update | *Image acs:ecs:{#regionId}:{#accountId}:image/* | 无 | 无 |
| ecs:ImportKeyPair | ImportKeyPair | create | *KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/* | 无 | 无 |
| ecs:InstallCloudAssistant | InstallCloudAssistant | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:InvokeCommand | InvokeCommand | update | *Command acs:ecs:{#regionId}:{#accountId}:command/{#commandId}*Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:CommandRunAs | 无 |
| ecs:JoinResourceGroup | JoinResourceGroup | update | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId}Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#SnapshotId} | 无 | 无 |
| ecs:JoinSecurityGroup | JoinSecurityGroup | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}*SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | 无 | 无 |
| ecs:LeaveSecurityGroup | LeaveSecurityGroup | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}*SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | 无 | 无 |
| ecs:ListPluginStatus | ListPluginStatus | get | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| ecs:ListTagResources | ListTagResources | get | *全部资源 * | 无 | 无 |
| ecs:ModifyAutoProvisioningGroup | ModifyAutoProvisioningGroup | update | *autoprovisioninggroup acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId} | 无 | 无 |
| ecs:ModifyAutoSnapshotPolicyEx | ModifyAutoSnapshotPolicyEx | update | *Snapshot acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#autoSnapshotPolicyId} | 无 | 无 |
| ecs:ModifyCapacityReservation | ModifyCapacityReservation | update | *CapacityReservation acs:ecs:{#regionId}:{#accountId}:capacityreservation/{#CapacityReservationId} | 无 | 无 |
| ecs:ModifyCloudAssistantSettings | ModifyCloudAssistantSettings | update | *ServiceSettings acs:ecs:{#regionId}:{#accountId}:servicesettings/{#servicesettingId} | 无 | 无 |
| ecs:ModifyCommand | ModifyCommand | update | *Command acs:ecs:{#regionId}:{#accountId}:command/{#commandId} | 无 | 无 |
| ecs:ModifyDedicatedHostAttribute | ModifyDedicatedHostAttribute | update | *DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}DedicatedHostCluster acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId} | 无 | 无 |
| ecs:ModifyDedicatedHostAutoReleaseTime | ModifyDedicatedHostAutoReleaseTime | update | *DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} | 无 | 无 |
| ecs:ModifyDedicatedHostAutoRenewAttribute | ModifyDedicatedHostAutoRenewAttribute | update | *DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} | 无 | 无 |
| ecs:ModifyDedicatedHostClusterAttribute | ModifyDedicatedHostClusterAttribute | update | *ddhcluster acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId} | 无 | 无 |
| ecs:ModifyDedicatedHostsChargeType | ModifyDedicatedHostsChargeType | update | *全部资源 * | 无 | 无 |
| ecs:ModifyDeploymentSetAttribute | ModifyDeploymentSetAttribute | update | *DeploymentSet acs:ecs:{#regionId}:{#accountId}:deploymentset/{#DeploymentSetId} | 无 | 无 |
| ecs:ModifyDiagnosticMetricSet | ModifyDiagnosticMetricSet | update | *全部资源 * | 无 | 无 |
| ecs:ModifyDiskAttribute | ModifyDiskAttribute | update | *Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | 无 | 无 |
| ecs:ModifyDiskChargeType | ModifyDiskChargeType | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ModifyDiskDefaultKMSKeyId | ModifyDiskDefaultKMSKeyId | update | *全部资源 * | 无 | 无 |
| ecs:ModifyDiskDeployment | ModifyDiskDeployment | update | *Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | 无 | 无 |
| ecs:ModifyDiskSpec | ModifyDiskSpec | update | *Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | 无 | 无 |
| ecs:ModifyElasticityAssurance | ModifyElasticityAssurance | update | *ElasticityAssurance acs:ecs:{#regionId}:{#accountId}:elasticityassurance/{#ElasticityAssuranceId} | 无 | 无 |
| ecs:ModifyElasticityAssuranceAutoRenewAttribute | ModifyElasticityAssuranceAutoRenewAttribute | update | *ElasticityAssurance acs:ecs:{#regionId}:{#accountId}:elasticityassurance/{#ElasticityAssuranceId} | 无 | 无 |
| ecs:ModifyHpcClusterAttribute | ModifyHpcClusterAttribute | update | *全部资源 * | 无 | 无 |
| ecs:ModifyImageAttribute | ModifyImageAttribute | update | *Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | 无 | 无 |
| ecs:ModifyImageShareGroupPermission | ModifyImageShareGroupPermission | update | *Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | 无 | 无 |
| ecs:ModifyImageSharePermission | ModifyImageSharePermission | update | *Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId} | 无 | 无 |
| ecs:ModifyInstanceAttachmentAttributes | ModifyInstanceAttachmentAttributes | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ModifyInstanceAttribute | ModifyInstanceAttribute | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#SecurityGroupId} | ecs:tag ecs:PasswordCustomized | 无 |
| ecs:ModifyInstanceAutoReleaseTime | ModifyInstanceAutoReleaseTime | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ModifyInstanceAutoRenewAttribute | ModifyInstanceAutoRenewAttribute | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ModifyInstanceChargeType | ModifyInstanceChargeType | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ModifyInstanceClockOptions | ModifyInstanceClockOptions | update | *全部资源 * | 无 | 无 |
| ecs:ModifyInstanceDeployment | ModifyInstanceDeployment | update | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}*Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ModifyInstanceMaintenanceAttributes | ModifyInstanceMaintenanceAttributes | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ModifyInstanceMetadataOptions | ModifyInstanceMetadataOptions | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ModifyInstanceNetworkOptions | ModifyInstanceNetworkOptions | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId} | 无 | 无 |
| ecs:ModifyInstanceNetworkSpec | ModifyInstanceNetworkSpec | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:AssociatePublicIpAddress | 无 |
| ecs:ModifyInstanceSpec | ModifyInstanceSpec | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:AssociatePublicIpAddress | 无 |
| ecs:ModifyInstanceVncPasswd | ModifyInstanceVncPasswd | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ModifyInstanceVpcAttribute | ModifyInstanceVpcAttribute | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}*VSwitch acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId} | vpc:tag vpc:VPC | 无 |
| ecs:ModifyInvocationAttribute | ModifyInvocationAttribute | update | *Invocation acs:ecs:{#regionId}:{#accountId}:invocation/{#invocationId}Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ModifyLaunchTemplateDefaultVersion | ModifyLaunchTemplateDefaultVersion | update | LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId} | 无 | 无 |
| ecs:ModifyManagedInstance | ModifyManagedInstance | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ModifyNetworkInterfaceAttribute | ModifyNetworkInterfaceAttribute | update | *NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}*SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | 无 | 无 |
| ecs:ModifyPortRangeList | ModifyPortRangeList | update | *PortRangeList acs:ecs:{#regionId}:{#accountId}:portrangelist/{#portRangeListId} | 无 | 无 |
| ecs:ModifyPrefixList | ModifyPrefixList | update | *PrefixList acs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId} | 无 | 无 |
| ecs:ModifyPrepayInstanceSpec | ModifyPrepayInstanceSpec | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ModifyReservedInstanceAttribute | ModifyReservedInstanceAttribute | update | *ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId} | 无 | 无 |
| ecs:ModifyReservedInstanceAutoRenewAttribute | ModifyReservedInstanceAutoRenewAttribute | update | *ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#ReservedInstanceId} | 无 | 无 |
| ecs:ModifyReservedInstances | ModifyReservedInstances | update | *ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId} | 无 | 无 |
| ecs:ModifySecurityGroupAttribute | ModifySecurityGroupAttribute | update | *SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | 无 | 无 |
| ecs:ModifySecurityGroupEgressRule | ModifySecurityGroupEgressRule | update | *全部资源 * | ecs:tag ecs:tag ecs:SecurityGroupIpProtocols ecs:SecurityGroupSourceCidrIps | 无 |
| ecs:ModifySecurityGroupPolicy | ModifySecurityGroupPolicy | update | *SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | 无 | 无 |
| ecs:ModifySecurityGroupRule | ModifySecurityGroupRule | update | *全部资源 * | ecs:SecurityGroupIpProtocols ecs:SecurityGroupSourceCidrIps | 无 |
| ecs:ModifySnapshotAttribute | ModifySnapshotAttribute | update | *Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | 无 | 无 |
| ecs:ModifySnapshotCategory | ModifySnapshotCategory | update | *Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | ecs:tag | 无 |
| ecs:ModifySnapshotGroup | ModifySnapshotGroup | update | *SnapshotGroup acs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#SnapshotGroupId} | 无 | 无 |
| ecs:ModifyStorageCapacityUnitAttribute | ModifyStorageCapacityUnitAttribute | update | *StorageCapacityUnit acs:ecs:{#regionId}:{#accountId}:scu/{#scuId} | 无 | 无 |
| ecs:ModifyUserBusinessBehavior | ModifyUserBusinessBehavior | update | *全部资源 * | 无 | 无 |
| ecs:OpenSnapshotService | OpenSnapshotService | create | *全部资源 * | 无 | 无 |
| ecs:PurchaseElasticityAssurance | PurchaseElasticityAssurance | update | *ElasticityAssurance acs:ecs:{#regionId}:{#accountId}:elasticityassurance/{#ElasticityAssuranceId} | 无 | 无 |
| ecs:PurchaseReservedInstancesOffering | PurchaseReservedInstancesOffering | create | *ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/* | 无 | 无 |
| ecs:PurchaseStorageCapacityUnit | PurchaseStorageCapacityUnit | create | *StorageCapacityUnit acs:ecs:{#regionId}:{#accountId}:scu/* | 无 | 无 |
| ecs:ReActivateInstances | ReActivateInstances | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ReInitDisk | ReInitDisk | update | *Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | ecs:PasswordCustomized | 无 |
| ecs:RebootInstance | RebootInstance | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:RebootInstances | RebootInstances | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:RedeployDedicatedHost | RedeployDedicatedHost | update | *DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} | 无 | 无 |
| ecs:RedeployInstance | RedeployInstance | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ReleaseCapacityReservation | ReleaseCapacityReservation | delete | *CapacityReservation acs:ecs:{#regionId}:{#accountId}:capacityreservation/{#CapacityReservationId} | 无 | 无 |
| ecs:ReleaseDedicatedHost | ReleaseDedicatedHost | delete | *DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} | 无 | 无 |
| ecs:ReleasePublicIpAddress | ReleasePublicIpAddress | delete | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:RemoveTags | RemoveTags | delete | *全部资源 * | 无 | 无 |
| ecs:RenewDedicatedHosts | RenewDedicatedHosts | update | *DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId} | 无 | 无 |
| ecs:RenewElasticityAssurances | RenewElasticityAssurances | create | *ElasticityAssurance acs:ecs:{#regionId}:{#accountId}:elasticityassurance/{#ElasticityAssuranceId} | 无 | 无 |
| ecs:RenewInstance | RenewInstance | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:RenewReservedInstances | RenewReservedInstances | create | *ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#ReservedInstanceId} | 无 | 无 |
| ecs:ReplaceSystemDisk | ReplaceSystemDisk | update | Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId}*Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:IsDiskEncrypted ecs:IsSystemDiskEncrypted ecs:PasswordInherit ecs:PasswordCustomized ecs:IsDiskByokEncrypted ecs:IsSystemDiskByokEncrypted ecs:LoginAsNonRoot ecs:ImagePlatform | 无 |
| ecs:ReportInstancesStatus | ReportInstancesStatus | get | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:ResetDisk | ResetDisk | update | *Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}*Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | 无 | 无 |
| ecs:ResetDiskDefaultKMSKeyId | ResetDiskDefaultKMSKeyId | none | *全部资源 * | 无 | 无 |
| ecs:ResetDisks | ResetDisks | update | *Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}*Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId} | 无 | 无 |
| ecs:ResizeDisk | ResizeDisk | update | *Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId} | 无 | 无 |
| ecs:RevokeSecurityGroup | RevokeSecurityGroup | delete | *SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag ecs:tag ecs:tag | 无 |
| ecs:RevokeSecurityGroupEgress | RevokeSecurityGroupEgress | delete | *SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId} | ecs:tag ecs:tag ecs:tag | 无 |
| ecs:RunCommand | RunCommand | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | ecs:CommandRunAs | 无 |
| ecs:RunInstances | RunInstances | create | *全部资源 * | vpc:IsDefaultVSwitch vpc:IsDefaultVpc vpc:VPC ecs:IsDiskEncrypted ecs:InstanceTypeFamily ecs:InstanceType ecs:ImageOwnerId ecs:ImageSource ecs:NotSpecifySecurityGroupId ecs:LoginAsNonRoot ecs:IsSystemDiskByokEncrypted ecs:IsDiskByokEncrypted ecs:PasswordInherit ecs:PasswordCustomized ecs:IsSystemDiskEncrypted ecs:ImagePlatform ecs:IsDiskEncrypted ecs:SecurityHardeningMode ecs:AssociatePublicIpAddress vpc:CreateDefaultVpc ecs:SecurityEnhancementStrategy | 无 |
| ecs:SendFile | SendFile | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:StartImagePipelineExecution | StartImagePipelineExecution | update | *ImagePipeline acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId} | 无 | 无 |
| ecs:StartInstance | StartInstance | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:StartInstances | StartInstances | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:StartTerminalSession | StartTerminalSession | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:StopInstance | StopInstance | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:StopInstances | StopInstances | update | *Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:StopInvocation | StopInvocation | update | Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId} | 无 | 无 |
| ecs:TagResources | TagResources | create | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId}Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#SnapshotPolicyId} | 无 | 无 |
| ecs:UnassignIpv6Addresses | UnassignIpv6Addresses | delete | *NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | 无 | 无 |
| ecs:UnassignPrivateIpAddresses | UnassignPrivateIpAddresses | delete | *NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId} | 无 | 无 |
| ecs:UntagResources | UntagResources | delete | DedicatedHost acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}Disk acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}NetworkInterface acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}Image acs:ecs:{#regionId}:{#accountId}:image/{#imageId}Instance acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}KeyPair acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}ReservedInstance acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}SecurityGroup acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}Snapshot acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}LaunchTemplate acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}AutoSnapshotPolicy acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#SnapshotPolicyId} | 无 | 无 |
| vpc:ActivateRouterInterface | ActivateRouterInterface | update | *RouterInterface acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId} | 无 | 无 |
| vpc:AddBandwidthPackageIps | AddBandwidthPackageIps | create | *BandwidthPackage acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId} | 无 | 无 |
| vpc:AllocateEipAddress | AllocateEipAddress | update | *全部资源 * | 无 | 无 |
| vpc:AssociateEipAddress | AssociateEipAddress | update | *全部资源 * | 无 | 无 |
| vpc:AssociateHaVip | AssociateHaVip | update | *Instance acs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId}*HaVip acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId} | 无 | 无 |
| vpc:CancelPhysicalConnection | CancelPhysicalConnection | update | *PhysicalConnection acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId} | 无 | 无 |
| vpc:ConnectRouterInterface | ConnectRouterInterface | update | *RouterInterface acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId} | 无 | 无 |
| vpc:CreateForwardEntry | CreateForwardEntry | create | *ForwardTable acs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId} | 无 | 无 |
| vpc:CreateHaVip | CreateHaVip | create | *全部资源 * | 无 | 无 |
| vpc:CreateNatGateway | CreateNatGateway | create | *全部资源 * | 无 | 无 |
| vpc:CreatePhysicalConnection | CreatePhysicalConnection | create | *全部资源 * | 无 | 无 |
| vpc:CreateRouteEntry | CreateRouteEntry | create | *RouteTable acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId} | 无 | 无 |
| vpc:CreateRouterInterface | CreateRouterInterface | create | *全部资源 * | vpc:TargetAccountRDId | 无 |
| vpc:CreateVSwitch | CreateVSwitch | create | *全部资源 * | vpc:tag | 无 |
| vpc:CreateVirtualBorderRouter | CreateVirtualBorderRouter | create | *全部资源 * | 无 | 无 |
| vpc:CreateVpc | CreateVpc | create | *全部资源 * | 无 | 无 |
| vpc:DeactivateRouterInterface | DeactivateRouterInterface | update | *RouterInterface acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId} | 无 | 无 |
| vpc:DeleteBandwidthPackage | DeleteBandwidthPackage | delete | *BandwidthPackage acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId} | 无 | 无 |
| vpc:DeleteForwardEntry | DeleteForwardEntry | delete | *ForwardTable acs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId} | 无 | 无 |
| vpc:DeleteHaVip | DeleteHaVip | delete | *HaVip acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId} | 无 | 无 |
| vpc:DeleteNatGateway | DeleteNatGateway | delete | *NatGateway acs:vpc:{#regionId}:{#accountId}:natgateway/{#natgatewayid} | 无 | 无 |
| vpc:DeletePhysicalConnection | DeletePhysicalConnection | delete | *PhysicalConnection acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId} | 无 | 无 |
| vpc:DeleteRouteEntry | DeleteRouteEntry | delete | *RouteTable acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId} | 无 | 无 |
| vpc:DeleteRouterInterface | DeleteRouterInterface | delete | *RouterInterface acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId} | 无 | 无 |
| vpc:DeleteVSwitch | DeleteVSwitch | delete | *VSwitch acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId} | 无 | 无 |
| vpc:DeleteVirtualBorderRouter | DeleteVirtualBorderRouter | delete | *VirtualBorderRouter acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId} | 无 | 无 |
| vpc:DeleteVpc | DeleteVpc | delete | *VPC acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId} | vpc:tag | 无 |
| vpc:DescribeAccessPoints | DescribeAccessPoints | get | *全部资源 * | 无 | 无 |
| vpc:DescribeBandwidthPackages | DescribeBandwidthPackages | get | *全部资源 * | 无 | 无 |
| vpc:DescribeEipAddresses | DescribeEipAddresses | get | *Address acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId} | 无 | 无 |
| vpc:DescribeEipMonitorData | DescribeEipMonitorData | get | *Address acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId} | 无 | 无 |
| vpc:DescribeForwardTableEntries | DescribeForwardTableEntries | get | *ForwardTable acs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId} | 无 | 无 |
| vpc:DescribeHaVips | DescribeHaVips | get | *全部资源 * | 无 | 无 |
| vpc:DescribeNatGateways | DescribeNatGateways | get | *全部资源 * | 无 | 无 |
| vpc:DescribeNewProjectEipMonitorData | DescribeNewProjectEipMonitorData | get | *Address acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId} | 无 | 无 |
| vpc:DescribePhysicalConnections | DescribePhysicalConnections | get | *全部资源 * | 无 | 无 |
| vpc:DescribeRouteTables | DescribeRouteTables | get | *RouteTable acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId} | vpc:VBR vpc:VRouter | 无 |
| vpc:DescribeRouterInterfaces | DescribeRouterInterfaces | get | *RouterInterface acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId} | 无 | 无 |
| vpc:DescribeVRouters | DescribeVRouters | get | *全部资源 * | vpc:VPC | 无 |
| vpc:DescribeVSwitches | DescribeVSwitches | get | *全部资源 * | vpc:VPC | 无 |
| vpc:DescribeVirtualBorderRouters | DescribeVirtualBorderRouters | get | *VirtualBorderRouter acs:vpc:{#regionId}:{#AccountId}:virtualborderrouter/{#VbrId} | 无 | 无 |
| vpc:DescribeVirtualBorderRoutersForPhysicalConnection | DescribeVirtualBorderRoutersForPhysicalConnection | get | *PhysicalConnection acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId} | vpc:PhysicalConnection | 无 |
| vpc:DescribeVpcs | DescribeVpcs | get | *全部资源 * | vpc:tag | 无 |
| vpc:EnablePhysicalConnection | EnablePhysicalConnection | update | *PhysicalConnection acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId} | 无 | 无 |
| vpc:ModifyBandwidthPackageSpec | ModifyBandwidthPackageSpec | update | *BandwidthPackage acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId} | 无 | 无 |
| vpc:ModifyEipAddressAttribute | ModifyEipAddressAttribute | update | *Address acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId} | 无 | 无 |
| vpc:ModifyForwardEntry | ModifyForwardEntry | update | *ForwardTable acs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId} | 无 | 无 |
| vpc:ModifyHaVipAttribute | ModifyHaVipAttribute | update | *HaVip acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId} | 无 | 无 |
| vpc:ModifyPhysicalConnectionAttribute | ModifyPhysicalConnectionAttribute | update | *PhysicalConnection acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId} | 无 | 无 |
| vpc:ModifyRouterInterfaceAttribute | ModifyRouterInterfaceAttribute | update | *RouterInterface acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId} | vpc:TargetAccountRDId | 无 |
| vpc:ModifyRouterInterfaceSpec | ModifyRouterInterfaceSpec | update | *RouterInterface acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId} | 无 | 无 |
| vpc:ModifyVRouterAttribute | ModifyVRouterAttribute | update | *VRouter acs:vpc:{#regionId}:{#accountId}:vrouter/{#VRouterId} | 无 | 无 |
| vpc:ModifyVSwitchAttribute | ModifyVSwitchAttribute | update | *VSwitch acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId} | 无 | 无 |
| vpc:ModifyVirtualBorderRouterAttribute | ModifyVirtualBorderRouterAttribute | update | *VirtualBorderRouter acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId} | 无 | 无 |
| vpc:ModifyVpcAttribute | ModifyVpcAttribute | update | *VPC acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId} | vpc:tag | 无 |
| vpc:RecoverVirtualBorderRouter | RecoverVirtualBorderRouter | update | *VirtualBorderRouter acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId} | 无 | 无 |
| vpc:ReleaseEipAddress | ReleaseEipAddress | update | *Address acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId} | vpc:tag | 无 |
| vpc:RemoveBandwidthPackageIps | RemoveBandwidthPackageIps | delete | *BandwidthPackage acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId} | 无 | 无 |
| vpc:TerminatePhysicalConnection | TerminatePhysicalConnection | update | *PhysicalConnection acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId} | 无 | 无 |
| vpc:TerminateVirtualBorderRouter | TerminateVirtualBorderRouter | update | *VirtualBorderRouter acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId} | 无 | 无 |
| vpc:UnassociateEipAddress | UnassociateEipAddress | update | *全部资源 * | 无 | 无 |
| vpc:UnassociateHaVip | UnassociateHaVip | delete | *Instance acs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId}*HaVip acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId} | 无 | 无 |
资源(Resource)
下表是ECS定义的资源,这些资源可以在RAM权限策略语句的Resource元素中使用,用来授予对该资源执行具体操作的权限。 其中,资源ARN是资源在阿里云上的唯一标识。具体说明如下:{#}为变量标识,需要您替换为实际值。例如:{#ramcode}需要您替换为实际的云服务RAM代码。-
*表示全部。例如:{#resourceType}为*时:表示全部资源。{#regionId}为*时:表示全部地域。{#accountId}为*时:表示全部阿里云账号。
| 资源类型 | 资源ARN |
|---|---|
| Activation |
|
| Address |
|
| Association |
|
| AutoProvisioningGroup |
|
| AutoSnapshotPolicy |
|
| BandwidthPackage |
|
| CapacityReservation |
|
| Command |
|
| DedicatedHost |
|
| DedicatedHostCluster |
|
| Demand |
|
| DeploymentSet |
|
| Disk |
|
| DiskEncryptionDefaultConfig |
|
| ElasticityAssurance |
|
| Fleet |
|
| ForwardTable |
|
| HaVip |
|
| HpcCluster |
|
| Image |
|
| ImageComponent |
|
| ImagePipeline |
|
| ImagePipelineExecution |
|
| Instance |
|
| Invocation |
|
| KeyPair |
|
| LaunchTemplate |
|
| NatGateway |
|
| NetworkInterface |
|
| PhysicalConnection |
|
| PortRangeList |
|
| PrefixList |
|
| ReservedInstance |
|
| Role |
|
| RouteTable |
|
| RouterInterface |
|
| SecurityGroup |
|
| ServiceSettings |
|
| Snapshot |
|
| SnapshotGroup |
|
| StorageCapacityUnit |
|
| StorageSet |
|
| VPC |
|
| VRouter |
|
| VSwitch |
|
| VirtualBorderRouter |
|
| Volume |
|
| activation |
|
| autoprovisioninggroup |
|
| ddhcluster |
|
| snapshotpolicy |
|
条件(Condition)
下表是ECS定义的产品级条件关键字,这些条件关键字可以在RAM权限策略语句的
Condition元素中使用,用来描述授予权限的条件。以下仅列举产品级的条件关键字,阿里云定义的ECS也同样适用通用条件关键字。其中,数据类型决定了您可以使用哪些条件运算符将请求中的值与权限策略语句中的值进行比较。您必须使用与数据类型匹配的条件运算符,否则无法匹配策略语句,授权行为无效。数据类型与条件运算符的对应关系,请参见条件操作类型。
| 条件关键字 | 描述 | 类型 |
|---|---|---|
| ecs:AssociatePublicIpAddress | Whether to support the public network IP allocation of resources in the process of creation and change, that is, whether to allow the operation of resources to make the public network bandwidth greater than 0Mbit/s. | Boolean |
| ecs:CommandRunAs | User in the operating system that executes cloud assistant commands | String |
| ecs:ImageOwnerId | Owner UID of the image. | String |
| ecs:ImagePlatform | Operating system type of the image | String |
| ecs:ImageSource | Image Source | String |
| ecs:InstanceType | Instance specifications | String |
| ecs:InstanceTypeFamily | instance specification family | String |
| ecs:IsDiskByokEncrypted | Whether to encrypt the data disk with the primary key. | String |
| ecs:IsDiskEncrypted | Whether it is an encrypted data disk | String |
| ecs:IsSystemDiskByokEncrypted | Whether the master key encrypts the system disk. | String |
| ecs:IsSystemDiskEncrypted | Whether it is an encryption system disk | String |
| ecs:LoginAsNonRoot | Whether to log on to the instance as non-root | Boolean |
| ecs:NotSpecifySecurityGroupId | Whether the security group ID is not specified | Boolean |
| ecs:PasswordCustomized | Whether a custom password is used | Boolean |
| ecs:PasswordInherit | Whether the instance inherits the image password. | Boolean |
| ecs:SecurityEnhancementStrategy | Whether to open security reinforcement. | String |
| ecs:SecurityGroupIpProtocols | Transport layer protocol with security group open | String |
| ecs:SecurityGroupSourceCidrIps | The source IPv4 CIDR segment of the security group that sets access permissions | String |
| ecs:SecurityHardeningMode | Whether to enforce hardened mode (IMDSv2) when accessing instance metadata | Boolean |
| vpc:CreateDefaultVpc | Whether a default VPC can be created | Boolean |
| vpc:IsDefaultVSwitch | Whether it is the default VSwitch and whether the default VSwitch can be used | Boolean |
| vpc:IsDefaultVpc | Whether it is the default VPC | Boolean |
| vpc:VPC | Description: The resource ARN of the VPC. Example values: acs:vpc:cn-shanghai:1234567890:vpc/vpc-abc0123efg4567 *** | String |