在使用RAM帳號調用VPC API前,需要主帳號通過建立授權策略對RAM帳號進行授權。在授權策略中,使用資源描述符(Alibaba Cloud Resource Name, ARN)指定授權資源。
可授權的專有網路資源類型
下表列舉了VPC中可授權的資源及其描述方式:
| 資源類型 | 授權策略中的資源描述方法 |
| 專有網路(VPC) | acs:vpc:$regionid:$accountid:vpc/$vpcid |
acs:vpc:$regionid:$accountid:vpc/* |
|
acs:vpc:*:$accountid:vpc/* |
|
acs:slb:*:*:loadbalancer/* |
|
| 路由器(VRouter) | acs:vpc:$regionid:$accountid:vrouter/$vrouterid |
acs:vpc:$regionid:$accountid:vrouter/* |
|
acs:vpc:*:$accountid:vrouter/* |
|
| 交換器(VSwitch) | acs:vpc:$regionid:$accountid:vswitch/$vswitchid |
acs:vpc:$regionid:$accountid:vswitch/* |
|
acs:vpc:*:$accountid:vswitch/* |
|
| 路由表(Route Table) | acs:vpc:$regionid:$accountid:routetable/$routetableid |
acs:vpc:$regionid:$accountid:routetable/* |
|
acs:vpc:*:$accountid:routetable/* |
|
| 高可用IP (HaVip) | acs:vpc:$regionid:$accountid:havip/$havipid |
acs:vpc:$regionid:$accountid:havip/* |
|
acs:vpc:*:$accountid:havip/* |
|
| Elastic IP Address(EIP) | acs:vpc:$regionid:$accountid:eip/$allocationid |
acs:vpc:$regionid:$accountid:eip/* |
|
acs:vpc:*:$accountid:eip/* |
|
| NAT Gateway(NAT Gateway) | acs:vpc:$regionid:$accountid:natgateway/$natgatewayid |
acs:vpc:$regionid:$accountid:natgateway/* |
|
acs:vpc*:$accountid:vpc/* |
|
| NAT Gateway頻寬包(NAT Gateway Bandwidth Package) | acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid |
acs:vpc:$regionid:$accountid:bandwidthpackage/* |
|
aacs:vpc:*:$accountid:vpc/* |
|
| 通信埠轉寄表(Forward Table) | acs:vpc:$regionid:$accountid:forwardtable/$forwardtableid |
acs:vpc:$regionid:$accountid:forwardtable/* |
|
acs:vpc:*:$accountid:vpc/* |
|
| SNAT表(SNAT Table) | acs:vpc:$regionid:$accountid:snattable/$snattableid |
acs:vpc:$regionid:$accountid:snattable/* |
|
acs:vpc:*:$accountid:vpc/* |
|
| 使用者網關(Customer Gateway) | acs:vpc:$regionid:$accountid:customergateway/$customergatewayid |
acs:vpc:$regionid:$accountid:customergateway/* |
|
acs:vpc:*:$accountid:customergateway/* |
|
| IPsec串連(IPsec Connection) | acs:vpc:$regionid:$accountid:vpnconnection/$vpnconnectionid |
acs:vpc:$regionid:$accountid:vpnconnection/* |
|
acs:vpc:*:$accountid:vpnconnection/* |
|
| VPN網關(VPN Gateway) | acs:vpc:$regionid:$accountid:vpngateway/$vpngatewayid |
acs:vpc:$regionid:$accountid:vpngateway/* |
|
acs:vpc:*:$accountid:vpngateway/* |
|
| Global Acceleration執行個體(Global Acceleration Instance) | acs:vpc:$regionid:$accountid: globalaccelerationinstance /$ globalaccelerationinstanceid |
acs:vpc:$regionid:$accountid: globalaccelerationinstance /* |
|
acs:vpc::$accountid: globalaccelerationinstance /* |
|
| 通用資源 | acs:vpc:$regionid:$accountid:* |
acs:vpc:*:$accountid:* |
其中$regionid/accoutid/vrouterid... 為具體的資源ID,*代表對應的所有資源。
可授權的VPC介面
下表列舉了VPC中可授權的API及其描述方式:
其中$regionid/accoutid/vrouterid... 為具體的資源ID,*代表對應的所有資源。
| API | 資源描述 |
| CreateVpc | acs:vpc:$regionid:$accountid:vpc/* |
| DeleteVpc | acs:vpc:$regionid:$accountid:vpc/$vpcid |
| DescribeVpcs | vpc:$regionid:$accountid:vpc/* |
| ModifyVpcAttribute | acs:vpc:$regionid:$accountid:vpc/$vpcid |
| DescribeVRouters | acs:vpc:$regionid:$accountid:vrouter/* |
指定要查詢的VRouterId:"vpc:Vpc":"acs:vpc:$regionid:$accountid:vpc/$vpcid" |
|
未定要查詢的VRouterId:"vpc:Vpc":"acs:vpc:$regionid:$accountid:vpc/*" |
|
| ModifyVRouterAttribute | acs:slb:*:$accountid:* |
| CreateVSwitch | acs:vpc:$regionid:$accountid:vswitch/* |
acs:vpc:$regionid:$accountid:vpc/$vpcid |
|
| DeleteVSwitch | acs:vpc:$regionid:$accountid:vswitch/$vswitchid |
| DescribeVSwitches | acs:vpc:$regionid:$accountid:vswitch/* |
"vpc:Vpc":"acs:vpc:$regionid:$accountid:vpc/$vpcid" |
|
| ModifyVSwitchAttribute | acs:vpc:$regionid:$accountid:vswitch/$vswitchid |
| CreateRouteEntry | acs:vpc:$regionid:$accountid:routetable/$routetableid |
| DeleteRouteEntry | acs:vpc:$regionid:$accountid:routetable/$routetableid |
| DescribeRouteTables | acs:vpc:$regionid:$accountid:routetable/* |
"vpc:VRouter":"acs:vpc$regionid:$accountid:vrouter/$vrouterid" |
|
| CreateHaVip | acs:vpc:$regionid:$accountid:havip/* |
acs:vpc:$regionid:$accountid:vswitch/$vswitchid |
|
| DeleteHaVip | acs:vpc:$regionid:$accountid:havip/$havipid |
| AssociateHaVip | acs:vpc:$regionid:$accountid:havip/$havipid |
acs:slb:%s:%s:certificate/% |
|
acs:ecs:$regionid:$accountid:instance/$instanceid |
|
| UnassociateHaVip | acs:vpc:$regionid:$accountid:havip/$havipid |
acs:ecs:$regionid:$accountid:instance/$instanceid |
|
| DescribeHaVips | acs:vpc:$regionid:$accountid:havip/* |
| AllocateEipAddress | acs:vpc:$regionid:$accountid:eip/* |
| AssociateEipAddres | acs:vpc:$regionid:$accountid:eip/* |
| 綁定ECS執行個體
|
|
| 綁定HAVIP
|
|
| DescribeEipAddresses | acs:vpc:$regionid:$accountid:eip/* |
| UnassociateEipAddress | 綁定ECS執行個體
|
| 綁定HAVIP
|
|
| ReleaseEipAddress | acs:vpc:$regionid:$accountid:eip/$allocationid |
| DescribeEipMonitorData | acs:vpc:$regionid:$accountid:eip/$allocationid |
acs:ecs:$regionid:$accountid:instance/$instanceid |
|
| CreateNatGateway | acs:vpc:$regionid:$accountid:natgateway/* |
| DescribeNatGateways | acs:vpc:$regionid:$accountid:natgateway/$natgatewayid |
acs:vpc:$regionid:$accountid:natgateway/* |
|
| ModifyNatGatewaySpec | acs:vpc:$regionid:$accountid:natgateway/$natgatewayid |
| ModifyNatGatewayAttribute | acs:vpc:$regionid:$accountid:natgateway/$natgatewayid |
acs:ecs:$regionid:$accountid:instance/$instanceid |
|
| DeleteNatGateway | acs:vpc:$regionid:$accountid:natgateway/$natgatewayid |
acs:ecs:$regionid:$accountid:instance/$instanceid |
|
| CreateBandwidthPackage | acs:vpc:$regionid:$accountid:bandwidthpackage/* |
| DescribeBandwidthPackages | acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid |
acs:vpc:$regionid:$accountid:bandwidthpackage/* |
|
| ModifyBandwidthPackageSpec | acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid |
| ModifyBandwidthPackageAttribute | acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid |
| AddBandwidthPackageIps | acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid |
| RemoveBandwidthPackageIps | acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid |
| DeleteBandwidthPackage | acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid |
| CreateForwardEntry | acs:vpc:$regionid:$accountid:forwardtable/$forwardtableid |
| DeleteForwardEntry | acs:vpc:$regionid:$accountid:forwardtable/$forwardtableid |
| ModifyForwardEntry | acs:vpc:$regionid:$accountid:forwardtable/$forwardtableid |
| DescribeForwardTableEntries | acs:vpc:$regionid:$accountid:forwardtable/$forwardtableid |
| CreateSnatEntry | acs:vpc:$regionid:$accountid:snattable/* |
| ModifySnatEntry | acs:vpc:$regionid:$accountid:snattable/$snattableid |
| DescribeSnatTableEntries | acs:vpc:$regionid:$accountid:snattable/$snattableid |
| DeleteSnatEntry | acs:vpc:$regionid:$accountid:snattable/$snattableid |
| CreateCustomerGateway | acs:vpc:$regionid:$accountid:customergateway/* |
| DeleteCustomerGateway | acs:vpc:$regionid:$accountid:customergateway/$customergatewayid |
| DescribeCustomerGateway | acs:vpc:$regionid:$accountid:customergateway/$customergatewayid |
| DescribeCustomerGateways | acs:vpc:$regionid:$accountid:customergateway/* |
| ModifyCustomerGatewayAttribute | acs:vpc:$regionid:$accountid:customergateway/$customergatewayid |
| CreateVpnConnection | acs:vpc:$regionid:$accountid:vpnconnection/* |
| DeleteVpnConnection | acs:vpc:$regionid:$accountid:vpnconnection/$vpnconnectionid |
| DescribeVpnConnection | acs:vpc:$regionid:$accountid:vpnconnection/$vpnconnectionid |
| DescribeVpnConnections | acs:vpc:$regionid:$accountid:vpnconnection/* |
| ModifyVpnConnectionAttribute | acs:vpc:$regionid:$accountid:vpnconnection/$vpnconnectionid |
| DownloadVpnConnectionConfig | acs:vpc:$regionid:$accountid:vpnconnection/$vpnconnectionid |
| DeleteVpnGateway | acs:vpc:$regionid:$accountid:vpngateway/$vpngatewayid |
| DescribeVpnGateway | acs:vpc:$regionid:$accountid:vpngateway/$vpngatewayid |
| DescribeVpnGateways | acs:vpc:$regionid:$accountid:vpngateway/* |
| ModifyVpnGatewayAttribute | acs:vpc:$regionid:$accountid:vpngateway/$vpngatewayid |
| CreateGlobalAccelerationInstance | acs:vpc:$regionid:$accountid:globalaccelerationinstance/* |
| AssociateGlobalAccelerationInstance | acs:vpc:$regionid:$accountid:globalaccelerationinstance/$globalaccelerationinstanceid |
acs:ecs:$regionid:$accountid:instance/$instanceid |
|
| UnassociateGlobalAccelerationInstance | acs:ecs:$regionid:$accountid:instance/$instanceid |
| ModifyGlobalAccerlationInstanceSpec | acs:ecs:$regionid:$accountid:instance/$instanceid |
| ModifyGlobalAccerlationInstanceAttributes | acs:ecs:$regionid:$accountid:instance/$instanceid |
| DeleteGlobalAccelerationInstance | acs:ecs:$regionid:$accountid:instance/$instanceid |
| DescribeGlobalAccelerationInstances | acs:vpc:$regionid:$accountid:globalaccelerationinstance/* |
| AddGlobalAccelerationInstanceIp |
|
| RemoveGlobalAccelerationInstanceIp |
|
| DescribeServerRelatedGlobalAccelerationInstances | acs:vpc:$regionid:$accountid:globalaccelerationinstance/* |
acs:ecs:$regionid:$accountid:instance/$instanceid |