在使用RAM帳號調用VPC API前,需要主帳號通過建立授權策略對RAM帳號進行授權。在授權策略中,使用資源描述符(Alibaba Cloud Resource Name, ARN)指定授權資源。
可授權的專有網路資源類型
下表列舉了VPC中可授權的資源及其描述方式:
資源類型 | 授權策略中的資源描述方法 |
專有網路(VPC) | acs:vpc:$regionid:$accountid:vpc/$vpcid |
acs:vpc:$regionid:$accountid:vpc/* |
|
acs:vpc:*:$accountid:vpc/* |
|
acs:slb:*:*:loadbalancer/* |
|
路由器(VRouter) | acs:vpc:$regionid:$accountid:vrouter/$vrouterid |
acs:vpc:$regionid:$accountid:vrouter/* |
|
acs:vpc:*:$accountid:vrouter/* |
|
交換器(VSwitch) | acs:vpc:$regionid:$accountid:vswitch/$vswitchid |
acs:vpc:$regionid:$accountid:vswitch/* |
|
acs:vpc:*:$accountid:vswitch/* |
|
路由表(Route Table) | acs:vpc:$regionid:$accountid:routetable/$routetableid |
acs:vpc:$regionid:$accountid:routetable/* |
|
acs:vpc:*:$accountid:routetable/* |
|
高可用IP (HaVip) | acs:vpc:$regionid:$accountid:havip/$havipid |
acs:vpc:$regionid:$accountid:havip/* |
|
acs:vpc:*:$accountid:havip/* |
|
Elastic IP Address(EIP) | acs:vpc:$regionid:$accountid:eip/$allocationid |
acs:vpc:$regionid:$accountid:eip/* |
|
acs:vpc:*:$accountid:eip/* |
|
NAT Gateway(NAT Gateway) | acs:vpc:$regionid:$accountid:natgateway/$natgatewayid |
acs:vpc:$regionid:$accountid:natgateway/* |
|
acs:vpc*:$accountid:vpc/* |
|
NAT Gateway頻寬包(NAT Gateway Bandwidth Package) | acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid |
acs:vpc:$regionid:$accountid:bandwidthpackage/* |
|
aacs:vpc:*:$accountid:vpc/* |
|
通信埠轉寄表(Forward Table) | acs:vpc:$regionid:$accountid:forwardtable/$forwardtableid |
acs:vpc:$regionid:$accountid:forwardtable/* |
|
acs:vpc:*:$accountid:vpc/* |
|
SNAT表(SNAT Table) | acs:vpc:$regionid:$accountid:snattable/$snattableid |
acs:vpc:$regionid:$accountid:snattable/* |
|
acs:vpc:*:$accountid:vpc/* |
|
使用者網關(Customer Gateway) | acs:vpc:$regionid:$accountid:customergateway/$customergatewayid |
acs:vpc:$regionid:$accountid:customergateway/* |
|
acs:vpc:*:$accountid:customergateway/* |
|
IPsec串連(IPsec Connection) | acs:vpc:$regionid:$accountid:vpnconnection/$vpnconnectionid |
acs:vpc:$regionid:$accountid:vpnconnection/* |
|
acs:vpc:*:$accountid:vpnconnection/* |
|
VPN網關(VPN Gateway) | acs:vpc:$regionid:$accountid:vpngateway/$vpngatewayid |
acs:vpc:$regionid:$accountid:vpngateway/* |
|
acs:vpc:*:$accountid:vpngateway/* |
|
Global Acceleration執行個體(Global Acceleration Instance) | acs:vpc:$regionid:$accountid: globalaccelerationinstance /$ globalaccelerationinstanceid |
acs:vpc:$regionid:$accountid: globalaccelerationinstance /* |
|
acs:vpc::$accountid: globalaccelerationinstance /* |
|
通用資源 | acs:vpc:$regionid:$accountid:* |
acs:vpc:*:$accountid:* |
其中$regionid/accoutid/vrouterid...
為具體的資源ID,*
代表對應的所有資源。
可授權的VPC介面
下表列舉了VPC中可授權的API及其描述方式:
其中$regionid/accoutid/vrouterid...
為具體的資源ID,*
代表對應的所有資源。
API | 資源描述 |
CreateVpc | acs:vpc:$regionid:$accountid:vpc/* |
DeleteVpc | acs:vpc:$regionid:$accountid:vpc/$vpcid |
DescribeVpcs | vpc:$regionid:$accountid:vpc/* |
ModifyVpcAttribute | acs:vpc:$regionid:$accountid:vpc/$vpcid |
DescribeVRouters | acs:vpc:$regionid:$accountid:vrouter/* |
指定要查詢的VRouterId:"vpc:Vpc":"acs:vpc:$regionid:$accountid:vpc/$vpcid" |
|
未定要查詢的VRouterId:"vpc:Vpc":"acs:vpc:$regionid:$accountid:vpc/*" |
|
ModifyVRouterAttribute | acs:slb:*:$accountid:* |
CreateVSwitch | acs:vpc:$regionid:$accountid:vswitch/* |
acs:vpc:$regionid:$accountid:vpc/$vpcid |
|
DeleteVSwitch | acs:vpc:$regionid:$accountid:vswitch/$vswitchid |
DescribeVSwitches | acs:vpc:$regionid:$accountid:vswitch/* |
"vpc:Vpc":"acs:vpc:$regionid:$accountid:vpc/$vpcid" |
|
ModifyVSwitchAttribute | acs:vpc:$regionid:$accountid:vswitch/$vswitchid |
CreateRouteEntry | acs:vpc:$regionid:$accountid:routetable/$routetableid |
DeleteRouteEntry | acs:vpc:$regionid:$accountid:routetable/$routetableid |
DescribeRouteTables | acs:vpc:$regionid:$accountid:routetable/* |
"vpc:VRouter":"acs:vpc$regionid:$accountid:vrouter/$vrouterid" |
|
CreateHaVip | acs:vpc:$regionid:$accountid:havip/* |
acs:vpc:$regionid:$accountid:vswitch/$vswitchid |
|
DeleteHaVip | acs:vpc:$regionid:$accountid:havip/$havipid |
AssociateHaVip | acs:vpc:$regionid:$accountid:havip/$havipid |
acs:slb:%s:%s:certificate/% |
|
acs:ecs:$regionid:$accountid:instance/$instanceid |
|
UnassociateHaVip | acs:vpc:$regionid:$accountid:havip/$havipid |
acs:ecs:$regionid:$accountid:instance/$instanceid |
|
DescribeHaVips | acs:vpc:$regionid:$accountid:havip/* |
AllocateEipAddress | acs:vpc:$regionid:$accountid:eip/* |
AssociateEipAddres | acs:vpc:$regionid:$accountid:eip/* |
綁定ECS執行個體
|
|
綁定HAVIP
|
|
DescribeEipAddresses | acs:vpc:$regionid:$accountid:eip/* |
UnassociateEipAddress | 綁定ECS執行個體
|
綁定HAVIP
|
|
ReleaseEipAddress | acs:vpc:$regionid:$accountid:eip/$allocationid |
DescribeEipMonitorData | acs:vpc:$regionid:$accountid:eip/$allocationid |
acs:ecs:$regionid:$accountid:instance/$instanceid |
|
CreateNatGateway | acs:vpc:$regionid:$accountid:natgateway/* |
DescribeNatGateways | acs:vpc:$regionid:$accountid:natgateway/$natgatewayid |
acs:vpc:$regionid:$accountid:natgateway/* |
|
ModifyNatGatewaySpec | acs:vpc:$regionid:$accountid:natgateway/$natgatewayid |
ModifyNatGatewayAttribute | acs:vpc:$regionid:$accountid:natgateway/$natgatewayid |
acs:ecs:$regionid:$accountid:instance/$instanceid |
|
DeleteNatGateway | acs:vpc:$regionid:$accountid:natgateway/$natgatewayid |
acs:ecs:$regionid:$accountid:instance/$instanceid |
|
CreateBandwidthPackage | acs:vpc:$regionid:$accountid:bandwidthpackage/* |
DescribeBandwidthPackages | acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid |
acs:vpc:$regionid:$accountid:bandwidthpackage/* |
|
ModifyBandwidthPackageSpec | acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid |
ModifyBandwidthPackageAttribute | acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid |
AddBandwidthPackageIps | acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid |
RemoveBandwidthPackageIps | acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid |
DeleteBandwidthPackage | acs:vpc:$regionid:$accountid:bandwidthpackage/$bandwidthpackageid |
CreateForwardEntry | acs:vpc:$regionid:$accountid:forwardtable/$forwardtableid |
DeleteForwardEntry | acs:vpc:$regionid:$accountid:forwardtable/$forwardtableid |
ModifyForwardEntry | acs:vpc:$regionid:$accountid:forwardtable/$forwardtableid |
DescribeForwardTableEntries | acs:vpc:$regionid:$accountid:forwardtable/$forwardtableid |
CreateSnatEntry | acs:vpc:$regionid:$accountid:snattable/* |
ModifySnatEntry | acs:vpc:$regionid:$accountid:snattable/$snattableid |
DescribeSnatTableEntries | acs:vpc:$regionid:$accountid:snattable/$snattableid |
DeleteSnatEntry | acs:vpc:$regionid:$accountid:snattable/$snattableid |
CreateCustomerGateway | acs:vpc:$regionid:$accountid:customergateway/* |
DeleteCustomerGateway | acs:vpc:$regionid:$accountid:customergateway/$customergatewayid |
DescribeCustomerGateway | acs:vpc:$regionid:$accountid:customergateway/$customergatewayid |
DescribeCustomerGateways | acs:vpc:$regionid:$accountid:customergateway/* |
ModifyCustomerGatewayAttribute | acs:vpc:$regionid:$accountid:customergateway/$customergatewayid |
CreateVpnConnection | acs:vpc:$regionid:$accountid:vpnconnection/* |
DeleteVpnConnection | acs:vpc:$regionid:$accountid:vpnconnection/$vpnconnectionid |
DescribeVpnConnection | acs:vpc:$regionid:$accountid:vpnconnection/$vpnconnectionid |
DescribeVpnConnections | acs:vpc:$regionid:$accountid:vpnconnection/* |
ModifyVpnConnectionAttribute | acs:vpc:$regionid:$accountid:vpnconnection/$vpnconnectionid |
DownloadVpnConnectionConfig | acs:vpc:$regionid:$accountid:vpnconnection/$vpnconnectionid |
DeleteVpnGateway | acs:vpc:$regionid:$accountid:vpngateway/$vpngatewayid |
DescribeVpnGateway | acs:vpc:$regionid:$accountid:vpngateway/$vpngatewayid |
DescribeVpnGateways | acs:vpc:$regionid:$accountid:vpngateway/* |
ModifyVpnGatewayAttribute | acs:vpc:$regionid:$accountid:vpngateway/$vpngatewayid |
CreateGlobalAccelerationInstance | acs:vpc:$regionid:$accountid:globalaccelerationinstance/* |
AssociateGlobalAccelerationInstance | acs:vpc:$regionid:$accountid:globalaccelerationinstance/$globalaccelerationinstanceid |
acs:ecs:$regionid:$accountid:instance/$instanceid |
|
UnassociateGlobalAccelerationInstance | acs:ecs:$regionid:$accountid:instance/$instanceid |
ModifyGlobalAccerlationInstanceSpec | acs:ecs:$regionid:$accountid:instance/$instanceid |
ModifyGlobalAccerlationInstanceAttributes | acs:ecs:$regionid:$accountid:instance/$instanceid |
DeleteGlobalAccelerationInstance | acs:ecs:$regionid:$accountid:instance/$instanceid |
DescribeGlobalAccelerationInstances | acs:vpc:$regionid:$accountid:globalaccelerationinstance/* |
AddGlobalAccelerationInstanceIp |
|
RemoveGlobalAccelerationInstanceIp |
|
DescribeServerRelatedGlobalAccelerationInstances | acs:vpc:$regionid:$accountid:globalaccelerationinstance/* |
acs:ecs:$regionid:$accountid:instance/$instanceid |