RAM authentication -

Before calling Smart Access Gateway APIs using a RAM account, you must grant the RAM account the corresponding permission from the primary account by creating an authentication policy. In the authentication policy, an Alibaba Cloud Resource Name (ARN) is used as the unique identifier of the resource to authorize. The following table lists the resource names of Smart Access Gateway APIs.


VPC resources	Resource description in the authorization rule
CreateSmartAccessGateway	acs:smartag:${region-id}:${resource-owner-id}:smartag/*
UpdateSmartAccessGatewayVersion	acs:smartag:${region-id}:${resource-owner-id}:smartag/${smartag-id}
DescribeSmartAccessGateways	acs:smartag:${region-id}:${resource-owner-id}:smartag/*
ModifySmartAccessGateway	acs:smartag:${region-id}:${resource-owner-id}:smartag/${smartag-id}
GetSmartAccessGatewayUseLimit	acs:smartag:${region-id}:${resource-owner-id}:smartag/*
GetCloudConnectNetworkUseLimit	acs:smartag:${region-id}:${resource-owner-id}:ccn/*
CreateCloudConnectNetwork	acs:smartag:${region-id}:${resource-owner-id}:ccn/*
DeleteCloudConnectNetwork	acs:smartag:${region-id}:${resource-owner-id}:ccn/${ccnid}
ModifyCloudConnectNetwork	acs:smartag:${region-id}:${resource-owner-id}:ccn/${ccnid}
DescribeCloudConnectNetworks	acs:smartag:${region-id}:${resource-owner-id}:ccn/*
BindSmartAccessGateway	acs:smartag:${region-id}:${resource-owner-id}:ccn/${ccnid} acs:smartag:${region-id}:${resource-owner-id}:smartag/${smartag-id}
UnbindSmartAccessGateway	acs:smartag:${region-id}:${resource-owner-id}:ccn/${ccnid} acs:smartag:${region-id}:${resource-owner-id}:smartag/${smartag-id}
ActivateSmartAccessGateway	acs:smartag:${region-id}:${resource-owner-id}:smartag/${smartag-id}