ACK roles

Role

Description

AliyunCSDefaultRole

ACK assumes this role to access your resources in other cloud services when ACK manages clusters. These cloud services include ECS, Virtual Private Cloud (VPC), SLB, Auto Scaling, and Resource Orchestration Service (ROS).

AliyunCISDefaultRole

Container Intelligent Service (CIS) assumes this role to access your resources in other cloud services such as ECS, VPC, and SLB to perform diagnostics and inspections.

AliyunCSManagedKubernetesRole

An ACK managed cluster assumes this role to access your resources in other cloud services such as ECS, VPC, SLB, and Container Registry.

AliyunCSServerlessKubernetesRole

An ACK Serverless cluster assumes this role to access your resources in other cloud services such as ECS, VPC, SLB, and Alibaba Cloud DNS PrivateZone.

AliyunCSKubernetesAuditRole

The audit feature of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in Simple Log Service.

AliyunCSManagedNetworkRole

The network component of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in other cloud services such as ECS and VPC.

AliyunCSManagedCsiRole

The storage component of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in other cloud services such as ECS and NAS.

AliyunCSManagedCmsRole

The monitoring component of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in other cloud services such as CloudMonitor and Simple Log Service.

AliyunCSManagedLogRole

The logging component of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in Simple Log Service.

AliyunCSManagedVKRole

The virtual node component of an ACK Serverless cluster assumes this role to access your resources in other cloud services such as ECS, VPC, and Elastic Container Instance.

AliyunCSManagedArmsRole

The Application Real-Time Monitoring Service (ARMS) component of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in ARMS.

AliyunCSManagedAcrRole

The password-free image pulling plug-in of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in Container Registry.

AliyunCSManagedNlcRole

The managed node pool controller of an ACK managed cluster assumes this role to access your node pool resources in ECS and ACK.

AliyunCSManagedAutoScalerRole

The auto scaling component of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in Auto Scaling and ECS.

AliyunCSManagedSecurityRole

The disk encryption component of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in Key Management Service (KMS).

AliyunCSManagedCostRole

The cost analysis component of an ACK managed cluster or ACK Serverless cluster assumes this role to access your resources in ECS and Elastic Container Instance and use BSS OpenAPI (BOA).

AliyunCSManagedNimitzRole

The network component of an ACK Lingjun managed cluster assumes this role to access your resources in Lingjun AI Computing Service.

AliyunCSManagedBackupRestoreRole

The backup center component of an ACK managed cluster assumes this role to access your resources in Cloud Backup and OSS.

AliyunCSManagedEdgeRole

The control component of an ACK Edge cluster assumes this role to access your resources in Smart Access Gateway (SAG), VPC, and Cloud Enterprise Network (CEN).

Permission (Action)

Description

ecs:RunInstances

Starts an ECS instance.

ecs:RenewInstance

Renews an ECS instance.

ecs:Create*

Creates ECS resources, such as ECS instances and disks.

ecs:AllocatePublicIpAddress

Assigns a public IP address to an ECS instance.

ecs:AllocateEipAddress

Assigns an elastic IP address (EIP) to an ECS instance.

ecs:Delete*

Deletes an ECS instance.

ecs:StartInstance

Starts ECS resources.

ecs:StopInstance

Stops an ECS instance.

ecs:RebootInstance

Restarts an ECS instance.

ecs:Describe*

Queries ECS resources.

ecs:AuthorizeSecurityGroup

Configures inbound rules for a security group.

ecs:RevokeSecurityGroup

Revokes security group rules.

ecs:AuthorizeSecurityGroupEgress

Configures outbound rules for a security group.

ecs:AttachDisk

Attaches a disk to an ECS instance.

ecs:DetachDisk

Detaches a disk from an ECS instance.

ecs:WaitFor*

Waits for the execution of a task.

ecs:AddTags

Adds tags.

ecs:ReplaceSystemDisk

Replaces the system disk of an ECS instance.

ecs:ModifyInstanceAttribute

Modifies the attributes of an ECS instance.

ecs:JoinSecurityGroup

Adds an ECS instance to a security group.

ecs:LeaveSecurityGroup

Removes an ECS instance from a security group.

ecs:UnassociateEipAddress

Disassociates an EIP from an ECS instance.

ecs:ReleaseEipAddress

Releases an EIP.

ecs:CreateKeyPair

Creates an SSH key pair.

ecs:ImportKeyPair

Imports the public key of a Rivest-Shamir-Adleman (RSA)-encrypted key pair that is generated by a third-party tool.

ecs:AttachKeyPair

Binds an SSH key pair to one or more Linux instances.

ecs:DetachKeyPair

Unbinds an SSH key pair from one or more Linux-based ECS instances.

ecs:DeleteKeyPairs

Deletes one or more SSH key pairs.

ecs:AttachInstanceRamRole

Attaches a Resource Access Management (RAM) role to one or more ECS instances.

ecs:DetachInstanceRamRole

Detaches a RAM role from one or more ECS instances.

ecs:AllocateDedicatedHosts

Creates one or more pay-as-you-go or subscription dedicated hosts.

ecs:CreateOrder

Creates an order to purchase ECS instances.

ecs:DeleteInstance

Releases a pay-as-you-go instance or an expired subscription instance.

ecs:CreateDisk

Creates a pay-as-you-go or subscription data disk.

ecs:Createvpc

Creates a VPC for an ECS instance.

ecs:Deletevpc

Deletes a VPC that is associated with an ECS instance.

ecs:DeleteVSwitch

Deletes a vSwitch that is associated with an ECS instance.

ecs:ResetDisk

Rolls back a disk to a specific state by using a snapshot of the disk.

ecs:DeleteSnapshot

Deletes a snapshot.

ecs:AllocatePublicIpAddress

Assigns a public IP address to an ECS instance.

ecs:CreateVSwitch

Creates a vSwitch for an ECS instance.

ecs:DeleteSecurityGroup

Deletes a security group.

ecs:CreateImage

Creates a custom image.

ecs:RemoveTags

Removes tags from an ECS instance.

ecs:ReleaseDedicatedHost

Releases a pay-as-you-go dedicated host.

ecs:CreateInstance

Creates a subscription or pay-as-you-go ECS instance.

ecs:RevokeSecurityGroupEgress

Deletes an outbound rule of a security group. After the rule is deleted, the access control implemented by the rule is removed.

ecs:DeleteDisk

Deletes a pay-as-you-go data disk.

ecs:StopInstance

Stops an instance.

ecs:CreateSecurityGroup

Creates a security group.

ecs:RevokeSecurityGroup

Deletes an inbound rule of a security group. After the rule is deleted, the access control implemented by the rule is removed.

ecs:DeleteImage

Deletes a custom image.

ecs:ModifyInstanceSpec

Changes the instance type and public bandwidth of a pay-as-you-go ECS instance.

ecs:CreateSnapshot

Creates a snapshot for a cloud disk.

ecs:CreateCommand

Creates a Cloud Assistant command.

ecs:InvokeCommand

Triggers a Cloud Assistant command on one or more ECS instances.

ecs:StopInvocation

Stops the process of a Cloud Assistant command that is running on one or more ECS instances.

ecs:DeleteCommand

Deletes a Cloud Assistant command.

ecs:RunCommand

Creates a Cloud Assistant command of the Shell, PowerShell, or Bat type, and runs the command on one or more ECS instances.

ecs:DescribeInvocationResults

Queries the result of running a Cloud Assistant command on an ECS instance.

ecs:ModifyCommand

Modifies a Cloud Assistant command.

Permission (Action)

Description

vpc:Describe*

Queries VPC resources.

vpc:AllocateEipAddress

Assigns an EIP to a VPC.

vpc:AssociateEipAddress

Binds an EIP to a VPC.

vpc:UnassociateEipAddress

Unbinds an EIP from a VPC.

vpc:ReleaseEipAddress

Releases an EIP.

vpc:CreateRouteEntry

Creates a route entry.

vpc:DeleteRouteEntry

Deletes a route entry.

vpc:CreateVSwitch

Creates a vSwitch.

vpc:DeleteVSwitch

Deletes a vSwitch.

vpc:CreateVpc

Creates a VPC.

vpc:DeleteVpc

Deletes a VPC.

vpc:CreateNatGateway

Creates a NAT gateway.

vpc:DeleteNatGateway

Deletes a NAT gateway.

vpc:CreateSnatEntry

Adds an SNAT entry to an SNAT table.

vpc:DeleteSnatEntry

Deletes an SNAT entry.

vpc:ModifyEipAddressAttribute

Modifies the name, description, and maximum bandwidth of an EIP.

vpc:CreateForwardEntry

Adds a DNAT entry to a DNAT table.

vpc:DeleteBandwidthPackage

Creates a NAT service plan.

vpc:CreateBandwidthPackage

Deletes a NAT service plan.

vpc:DeleteForwardEntry

Deletes a DNAT entry.

vpc:TagResources

Creates and adds tags to the specified resources.

vpc:DeletionProtection

Enables or disables the deletion protection feature for a VPC.

Permission (Action)

Description

slb:Describe*

Queries the information about SLB instances.

slb:CreateLoadBalancer

Creates an SLB instance.

slb:DeleteLoadBalancer

Deletes an SLB instance.

slb:RemoveBackendServers

Removes backend servers from an SLB instance.

slb:StartLoadBalancerListener

Starts a listener.

slb:StopLoadBalancerListener

Stops a listener.

slb:CreateLoadBalancerTCPListener

Creates a TCP listener for an SLB instance.

slb:AddBackendServers

Adds backend servers to an SLB instance.

slb:CreateVServerGroup

Creates a vServer group and adds backend servers to the vServer group.

slb:CreateLoadBalancerHTTPSListener

Creates an HTTPS listener for an SLB instance.

slb:CreateLoadBalancerUDPListener

Creates a User Datagram Protocol (UDP) listener.

slb:ModifyLoadBalancerInternetSpec

Changes the billing method of an Internet-facing SLB instance.

slb:SetBackendServers

Configures backend servers of an SLB instance and sets weights for the backend servers. The backend servers are ECS instances.

slb:AddVServerGroupBackendServers

Adds backend servers to a vServer group.

slb:DeleteVServerGroup

Deletes a vServer group.

slb:ModifyVServerGroupBackendServers

Modifies the backend servers of a vServer group.

slb:CreateLoadBalancerHTTPListener

Creates an HTTP listener for an SLB instance.

slb:RemoveVServerGroupBackendServers

Removes backend servers from a vServer group.

slb:DeleteLoadBalancerListener

Deletes a listener of an SLB instance.

slb:AddTags

Adds tags to an SLB instance.

slb:RemoveTags

Removes tags from an SLB instance.

slb:SetLoadBalancerDeleteProtection

Enables or disables the deletion protection feature for an SLB instance.

Permission (Action)

Description

dns:Describe*

Queries DNS resources.

dns:AddDomainRecord

Adds a DNS record.

Permission (Action)

Description

rds:Describe*

Queries ApsaraDB RDS resources.

rds:ModifySecurityIps

Modifies the IP address whitelist of an ApsaraDB RDS instance.

Permission (Action)

Description

ros:Describe*

Queries ROS resources.

ros:WaitConditions

Waits for the execution of a ROS script.

ros:AbandonStack

Stops a stack.

ros:DeleteStack

Deletes a stack.

ros:CreateStack

Creates a stack.

ros:UpdateStack

Updates a stack.

ros:ValidateTemplate

Verifies a ROS template.

ros:DoActions

Performs actions.

ros:InquiryStack

Queries a stack.

ros:SetDeletionProtection

Enables or disables the deletion protection feature.

ros:PreviewStack

Previews a stack.

Permission (Action)

Description

ess:Describe*

Queries Auto Scaling resources.

ess:CreateScalingConfiguration

Creates a scaling configuration.

ess:EnableScalingGroup

Enables a scaling group.

ess:ExitStandby

Switches the state of a standby ECS instance in a scaling group to Running.

ess:DetachDBInstances

Removes one or more ApsaraDB RDS instances from a scaling group.

ess:DetachLoadBalancers

Removes one or more SLB instances from a scaling group.

ess:AttachInstances

Adds one or more ECS instances to a scaling group.

ess:DeleteScalingConfiguration

Deletes a scaling configuration.

ess:AttachLoadBalancers

Adds one or more SLB instances to a scaling group.

ess:DetachInstances

Removes one or more ECS instances from a scaling group.

ess:ModifyScalingRule

Modifies a scaling group rule.

ess:RemoveInstances

Removes ECS instances from a scaling group.

ess:ModifyScalingGroup

Modifies a scaling group.

ess:AttachDBInstances

Adds one or more ApsaraDB RDS instances.

ess:CreateScalingRule

Creates a scaling rule.

ess:DeleteScalingRule

Deletes a scaling rule.

ess:ExecuteScalingRule

Runs a scaling rule.

ess:SetInstancesProtection

Enables or disables protection for one or more ECS instances in a scaling group.

ess:ModifyNotificationConfiguration

Modifies a notification of auto scaling events and resource changes.

ess:CreateNotificationConfiguration

Creates a notification of auto scaling events and resource changes.

ess:EnterStandby

Switches the state of an ECS instance in a scaling group to Standby.

ess:DeleteScalingGroup

Deletes a scaling group.

ess:CreateScalingGroup

Creates a scaling group.

ess:DeleteNotificationConfiguration

Deletes a notification of auto scaling events and resource changes.

ess:DisableScalingGroup

Disables a scaling group.

ModifyScalingConfiguration

Modifies a scaling configuration.

SetGroupDeletionProtection

Enables or disables the deletion protection feature for a scaling group.

Permission (Action)

Description

ram:PassRole

Authorizes a RAM user to use other cloud services.

ram:Get*

Queries permissions on RAM resources.

ram:List*

Lists permissions on RAM resources.

ram:DetachPolicyFromRole

Revokes a permission from a role.

ram:AttachPolicyToRole

Grants a permission to a role.

ram:DeletePolicy

Deletes a policy.

ram:DeletePolicyVersion

Deletes a policy of a version.

ram:DeleteRole

Deletes a RAM role.

ram:CreateRole

Creates a RAM role.

ram:CreatePolicy

Creates a RAM policy.

ram:CreateServiceLinkedRole

Creates permissions for service-linked roles.

Permission (Action)

Description

cms:CreateMyGroups

Creates private application groups.

cms:AddMyGroupInstances

Adds resources to a private application group.

cms:DeleteMyGroupInstances

Deletes resources from a private application group.

cms:DeleteMyGroups

Deletes private application groups.

cms:GetMyGroups

Queries private application groups.

cms:ListMyGroups

Lists private application groups.

cms:UpdateMyGroupInstances

Updates resources in a private application group.

cms:UpdateMyGroups

Updates private application groups.

cms:TaskConfigCreate

Creates configurations for a monitoring task.

cms:TACK ServerlessConfigList

Lists configurations for a monitoring task.

Permission (Action)

Description

ess:CreateLifecycleHook

Creates one or more lifecycle hooks for a scaling group.

ess:DescribeLifecycleHooks

Queries lifecycle hooks.

ess:ModifyLifecycleHook

Modifies a lifecycle hook.

ess:DeleteLifecycleHook

Deletes a lifecycle hook.

Permission (Action)

Description

ens:Describe*

Queries the permissions on Edge Node Service (ENS) resources.

ens:CreateInstance

Creates an ENS instance.

ens:StartInstance

Starts an ENS instance.

ens:StopInstance

Stops an ENS instance.

ens:ReleasePrePaidInstance

Releases a subscription instance.

Permission (Action)

Description

ecs:Describe*

Queries ECS resources.

ecs:CreateRouteEntry

Creates a route entry.

ecs:DeleteRouteEntry

Deletes a route entry.

ecs:CreateNetworkInterface

Creates an ENI.

ecs:DeleteNetworkInterface

Deletes an ENI.

ecs:CreateNetworkInterfacePermission

Creates ENI permissions.

ecs:DeleteNetworkInterfacePermission

Revokes ENI permissions.

ecs:ModifyInstanceAttribute

Modifies the attributes of an ECS instance.

ecs:AttachKeyPair

Binds an SSH key pair to one or more ECS instances that run the Linux operating system.

ecs:StopInstance

Stops an instance.

ecs:StartInstance

Starts an instance.

ecs:ReplaceSystemDisk

Replaces the system disk or the operating system of an ECS instance.

Permission (Action)

Description

slb:Describe*

Queries SLB resources.

slb:CreateLoadBalancer

Creates an SLB instance.

slb:DeleteLoadBalancer

Deletes an SLB instance.

slb:ModifyLoadBalancerInternetSpec

Changes the billing method of an Internet-facing SLB instance.

slb:RemoveBackendServers

Removes backend servers.

slb:AddBackendServers

Adds backend servers.

slb:RemoveTags

Removes tags from an SLB instance.

slb:AddTags

Adds tags to an SLB instance.

slb:StopLoadBalancerListener

Stops a listener.

slb:StartLoadBalancerListener

Starts a listener.

slb:SetLoadBalancerHTTPListenerAttribute

Modifies the configurations of an HTTP listener.

slb:SetLoadBalancerHTTPSListenerAttribute

Modifies the configurations of an HTTPS listener.

slb:SetLoadBalancerTCPListenerAttribute

Modifies the configurations of a TCP listener.

slb:SetLoadBalancerUDPListenerAttribute

Modifies the configurations of a UDP listener.

slb:CreateLoadBalancerHTTPSListener

Creates an HTTPS listener for an SLB instance.

slb:CreateLoadBalancerHTTPListener

Creates an HTTP listener for an SLB instance.

slb:CreateLoadBalancerTCPListener

Creates a TCP listener for an SLB instance.

slb:CreateLoadBalancerUDPListener

Creates a UDP listener.

slb:DeleteLoadBalancerListener

Deletes a listener of an SLB instance.

slb:CreateVServerGroup

Adds backend servers to a vServer group.

slb:DescribeVServerGroups

Queries vServer groups.

slb:DeleteVServerGroup

Deletes a vServer group.

slb:SetVServerGroupAttribute

Modifies the configurations of a vServer group.

slb:DescribeVServerGroupAttribute

Queries the details of a vServer group.

slb:ModifyVServerGroupBackendServers

Modifies the backend servers of a vServer group.

slb:AddVServerGroupBackendServers

Adds backend servers to a vServer group.

slb:ModifyLoadBalancerInstanceSpec

Modifies the specifications of an SLB instance.

slb:ModifyLoadBalancerInternetSpec

Changes the billing method of an Internet-facing SLB instance.

slb:RemoveVServerGroupBackendServers

Removes backend servers from a vServer group.

Permission (Action)

Description

vpc:Describe*

Queries VPC resources.

vpc:DeleteRouteEntry

Deletes a custom route.

vpc:CreateRouteEntry

Creates a custom route.

Permission (Action)

Description

cr:Get*

Queries Container Registry-related resources.

cr:List*

Queries image repositories.

cr:PullRepository

Pulls an image.

Permission (Action)

Description

DescribeVSwitches

Queries existing vSwitches.

DescribeVpcs

Queries existing VPCs.

AssociateEipAddress

Associates an EIP with an instance that resides in the same region as the EIP.

DescribeEipAddresses

Queries existing EIPs in a region.

AllocateEipAddress

Applies for an EIP.

ReleaseEipAddress

Releases an EIP.

AddCommonBandwidthPackageIp

Associates an EIP with an EIP bandwidth plan.

RemoveCommonBandwidthPackageIp

Disassociates an EIP from an EIP bandwidth plan.

Permission (Action)

Description

DescribeSecurityGroups

Queries the basic information about security groups.

CreateNetworkInterface

Creates an ENI.

CreateNetworkInterfacePermission

Creates ENI permissions.

DescribeNetworkInterfaces

Queries ENIs.

AttachNetworkInterface

Binds an ENI to a VPC-connected ECS instance.

DetachNetworkInterface

Unbinds an ENI from an ECS instance.

DeleteNetworkInterface

Deletes an ENI.

DeleteNetworkInterfacePermission

Revokes ENI permissions.

Permission (Action)

Description

slb:Describe*

Queries SLB resources.

slb:CreateLoadBalancer

Creates an SLB instance.

slb:DeleteLoadBalancer

Deletes a pay-as-you-go SLB instance.

slb:RemoveBackendServers

Removes backend servers.

slb:StartLoadBalancerListener

Starts a listener.

slb:StopLoadBalancerListener

Stops a listener.

slb:DeleteLoadBalancerListener

Deletes a listener of an SLB instance.

slb:CreateLoadBalancerTCPListener

Creates a TCP listener for an SLB instance.

slb:AddBackendServers*

Adds backend servers.

slb:UploadServerCertificate

Uploads a server certificate.

slb:CreateLoadBalancerHTTPListener

Creates an HTTP listener for an SLB instance.

slb:CreateLoadBalancerHTTPSListener

Creates an HTTPS listener for an SLB instance.

slb:CreateLoadBalancerUDPListener

Creates a UDP listener.

slb:ModifyLoadBalancerInternetSpec

Changes the billing method of an Internet-facing CLB instance.

slb:CreateRules

Adds forwarding rules to an HTTP or HTTPS listener.

slb:DeleteRules

Deletes a forwarding rule.

slb:SetRule

Modifies the forwarding rule of a vServer group.

slb:CreateVServerGroup

Adds backend servers to a vServer group.

slb:SetVServerGroupAttribute

Modifies the configurations of a vServer group.

slb:AddVServerGroupBackendServers

Adds backend servers to a vServer group.

slb:RemoveVServerGroupBackendServers

Removes backend servers from a vServer group.

slb:ModifyVServerGroupBackendServers

Modifies the backend servers of a vServer group.

slb:DeleteVServerGroup

Deletes a vServer group.

slb:SetLoadBalancerTCPListenerAttribute

Modifies the configurations of a TCP listener.

slb:SetLoadBalancerHTTPListenerAttribute

Modifies the configurations of an HTTP listener.

slb:SetLoadBalancerHTTPSListenerAttribute

Modifies the configurations of an HTTPS listener.

slb:AddTags

Adds tags to an SLB instance.

Permission (Action)

Description

AddZone

Creates a private zone.

DeleteZone

Deletes a private zone.

DescribeZones

Queries private zones.

DescribeZoneInfo

Queries the information about a private zone.

BindZoneVpc

Binds a private zone to or unbinds a private zone from a VPC.

AddZoneRecord

Adds a DNS record to a private zone.

DeleteZoneRecord

Deletes a DNS record.

DescribeZoneRecords

Queries DNS records.

Permission (Action)

Description

Get*

Queries Container Registry-related resources.

List*

Queries image repositories.

PullRepository

Pulls an image.

Permission (Action)

Description

CreateContainerGroup

Creates a pod.

DeleteContainerGroup

Deletes a pod.

DescribeContainerGroups

Queries the information about pods.

DescribeContainerLog

Queries the logs of a pod.

UpdateContainerGroup

Updates an elastic container instance.

UpdateContainerGroupByTemplate

Updates an elastic container instance by using a template.

CreateContainerGroupFromTemplate

Creates an elastic container instance by using a template.

RestartContainerGroup

Restarts an elastic container instance.

ExportContainerGroupTemplate

Exports an elastic container instance template.

DescribeContainerGroupMetric

Queries the monitoring data of an elastic container instance.

DescribeMultiContainerGroupMetric

Queries the monitoring data of multiple pods.

ExecContainerCommand

Runs a command on a container.

CreateImageCache

Creates an image cache.

DescribeImageCaches

Queries the information about image caches.

DeleteImageCache

Deletes an image cache.

Permission (Action)

Description

ram:PassRole

Accesses the Alibaba Cloud CodePipeline console.

Permission (Action)

Description

oss:GetObject

Queries a file or folder.

oss:GetObjectMeta

Queries the metadata information of an object.

Permission (Action)

Description

fc:CreateService

Creates a service.

fc:ListServices

Queries services.

fc:GetService

Queries a service.

fc:UpdateService

Updates a service.

fc:DeleteService

Deletes a service.

fc:CreateFunction

Creates a function.

fc:ListFunctions

Queries the functions of a service.

fc:GetFunction

Queries the configurations of a function.

fc:GetFunctionCode

Queries the code of a function.

fc:UpdateFunction

Updates the configurations and code of a function.

fc:DeleteFunction

Deletes a function.

fc:CreateTrigger

Creates a function trigger.

fc:ListTriggers

Queries the triggers of a function.

fc:GetTrigger

Queries a trigger.

fc:UpdateTrigger

Updates the configurations of a trigger.

fc:DeleteTrigger

Deletes the triggers of a function.

fc:PublishServiceVersion

Releases a Function Compute version.

fc:ListServiceVersions

Lists Function Compute versions.

fc:DeleteServiceVersion

Deletes a Function Compute version.

fc:CreateAlias

Creates an alias and binds the alia to a customer master key (CMK).

fc:ListAliases

Queries all aliases of the current Alibaba Cloud account in the current region.

fc:GetAlias

Queries the information about an alias.

fc:UpdateAlias

Binds an alias to a different CMK.

fc:DeleteAlias

Deletes an alias.

Permission (Action)

Description

log:CreateProject

Creates a project.

log:GetProject

Queries a project by project name.

log:DeleteProject

Deletes a project.

log:CreateLogStore

Creates a Logstore in a project.

log:GetLogStore

Queries the attributes of a Logstore.

log:UpdateLogStore

Updates the attributes of a Logstore.

log:DeleteLogStore

Deletes a Logstore.

log:CreateConfig

Creates a Logtail configuration.

log:UpdateConfig

Updates a Logtail configuration.

log:GetConfig

Queries the details of a Logtail configuration.

log:DeleteConfig

Deletes a Logtail configuration.

log:CreateMachineGroup

Creates a machine group to apply Logtail configurations.

log:UpdateMachineGroup

Updates a machine group.

log:GetMachineGroup

Queries the information about a machine group.

log:DeleteMachineGroup

Deletes a machine group.

log:ApplyConfigToGroup

Applies a Logtail configuration file to a machine group.

log:GetAppliedMachineGroups

Lists the machines to which a Logtail configuration is applied in a machine group.

log:GetAppliedConfigs

Lists the Logtail configurations that are applied to a machine group.

log:RemoveConfigFromMachineGroup

Removes Logtail configurations from a machine group.

log:CreateIndex

Creates indexes for a Logstore.

log:GetIndex

Queries indexes of a Logstore.

log:UpdateIndex

Updates indexes of a Logstore.

log:DeleteIndex

Removes indexes from a Logstore.

log:CreateSavedSearch

Creates a saved search.

log:GetSavedSearch

Queries a saved search.

log:UpdateSavedSearch

Updates a saved search.

log:DeleteSavedSearch

Deletes a saved search.

log:CreateDashboard

Creates a dashboard.

log:GetDashboard

Queries a dashboard.

log:UpdateDashboard

Updates a dashboard.

log:DeleteDashboard

Deletes a dashboard.

log:CreateJob

Creates a task, such as an alert task or a subscription task.

log:GetJob

Queries a task.

log:DeleteJob

Deletes a task.

log:UpdateJob

Updates a task.

log:PostLogStoreLogs

Writes logs to a Logstore.

Permission (Action)

Description

ecs:CreateNetworkInterface

Creates an ENI.

ecs:DescribeNetworkInterfaces

Queries ENIs.

ecs:AttachNetworkInterface

Attaches an ENI to a VPC-connected ECS instance.

ecs:DetachNetworkInterface

Detaches an ENI from an ECS instance.

ecs:DeleteNetworkInterface

Deletes an ENI.

ecs:DescribeInstanceAttribute

Queries the information about one or more ECS instances.

ecs:AssignPrivateIpAddresses

Assigns one or more secondary private IP addresses to an ENI.

ecs:UnassignPrivateIpAddresses

Unassigns one or more secondary private IP addresses from an ENI.

ecs:DescribeInstances

Queries the details of one or more ECS instances.

vpc:DescribeVSwitches

Queries the details of one or more vSwitches.

Permission (Action)

Description

ecs:AttachDisk

Attaches a pay-as-you-go data disk or a system disk to an ECS instance.

ecs:DetachDisk

Detaches a pay-as-you-go disk from an ECS instance.

ecs:DescribeDisks

Queries one or more cloud disks and local disks that you have created.

ecs:CreateDisk

Creates a pay-as-you-go or subscription data disk.

ecs:ResizeDisk

Resizes a cloud disk. You can resize a system disk or a data disk.

ecs:CreateSnapshot

Creates a snapshot for a cloud disk.

ecs:DeleteSnapshot

Deletes a snapshot. If you want to cancel a snapshot that is being created, this action can be performed to delete snapshots. This way, the specified snapshot is canceled.

ecs:CreateAutoSnapshotPolicy

Creates an automatic snapshot policy.

ecs:ApplyAutoSnapshotPolicy

Enables an automatic snapshot policy for one or more cloud disks.

ecs:CancelAutoSnapshotPolicy

Disables an automatic snapshot policy for one or more cloud disks.

ecs:DeleteAutoSnapshotPolicy

Deletes an automatic snapshot policy.

ecs:DescribeAutoSnapshotPolicyEX

Queries automatic snapshot policies that you have created.

ecs:ModifyAutoSnapshotPolicyEx

Modifies an automatic snapshot policy.

ecs:AddTags

Attaches tags to an ECS instance.

ecs:DescribeTags

Queries tags.

ecs:DescribeSnapshots

Queries all the snapshots of an ECS instance or a disk.

ecs:ListTagResources

Queries the tags that are added to one or more ECS resources.

ecs:TagResources

Creates and adds tags to the specified ECS resources.

ecs:UntagResources

Removes tags from the specified ECS resources and deletes the tags.

ecs:ModifyDiskSpec

Upgrades the performance level of an Enterprise SSD (ESSD).

ecs:CreateSnapshot

Creates a snapshot for a cloud disk.

ecs:DeleteDisk

Deletes a pay-as-you-go data disk.

ecs:DescribeInstanceAttribute

Queries all attributes of an ECS instance.

ecs:DescribeInstances

Queries the details of one or more ECS instances.

Permission (Action)

Description

nas:DescribeFileSystems

Queries the information about file systems.

nas:DescribeMountTargets

Queries the information about mount targets.

nas:AddTags

Adds one or more tags to a file system or overwrites one or more tags of a file system

nas:DescribeTags

Queries the existing tags.

nas:RemoveTags

Removes one or more tags from a file system.

nas:CreateFileSystem

Creates a file system.

nas:DeleteFileSystem

Deletes a file system.

nas:DescribeFileSystems

Queries the information about file systems.

nas:ModifyFileSystem

Modifies the description of a file system.

nas:CreateMountTarget

Creates a mount target.

nas:DeleteMountTarget

Deletes a mount target.

nas:DescribeMountTargets

Queries the information about mount targets.

nas:ModifyMountTarget

Modifies a mount target.

Permission (Action)

Description

cms:DescribeMonitorGroups

Queries application groups.

cms:DescribeMonitorGroupInstances

Queries the resources in an application group.

cms:CreateMonitorGroup

Creates an application group.

cms:DeleteMonitorGroup

Deletes an application group.

cms:ModifyMonitorGroupInstances

Modifies the instances that are added to an application group.

cms:CreateMonitorGroupInstances

Adds instances to an application group.

cms:DeleteMonitorGroupInstances

Deletes instances from an application group.

cms:TaskConfigCreate

Creates configurations for a monitoring task.

cms:TaskConfigList

Lists configurations for a monitoring task.

cms:DescribeMetricList

Queries the monitoring data on a time series metric of CloudMonitor in the specified period of time.

cs:DescribeMonitorToken

Queries the token that is required to use the CloudMonitor component.

ahas:GetSentinelAppSumMetric

Queries the metrics that are monitored by the AHAS Sentinel application.

log:GetLogStoreLogs

Queries logs in a Logstore.

slb:DescribeMetricList

Queries the monitoring data on a time series metric of SLB in the specified period of time.

sls:GetLogs

Queries logs in a Logstore of a project in Simple Log Service.

sls:PutLogs

Updates logs in a Logstore of a project in Simple Log Service.

Permission (Action)

Description

log:CreateProject

Creates a project.

log:GetProject

Queries a project by project name.

log:DeleteProject

Deletes a project.

log:CreateLogStore

Creates a Logstore in a project.

log:GetLogStore

Queries the attributes of a Logstore.

log:UpdateLogStore

Updates the attributes of a Logstore.

log:DeleteLogStore

Deletes a Logstore.

log:CreateConfig

Creates a Logtail configuration.

log:UpdateConfig

Updates a Logtail configuration.

log:GetConfig

Queries the details of a Logtail configuration.

log:DeleteConfig

Deletes a Logtail configuration.

log:CreateMachineGroup

Creates a machine group to apply Logtail configurations.

log:UpdateMachineGroup

Updates a machine group.

log:GetMachineGroup

Queries the information about a machine group.

log:DeleteMachineGroup

Deletes a machine group.

log:ApplyConfigToGroup

Applies a Logtail configuration file to a machine group.

log:GetAppliedMachineGroups

Lists the machines to which a Logtail configuration is applied in a machine group.

log:GetAppliedConfigs

Lists the Logtail configurations that are applied to a machine group.

log:RemoveConfigFromMachineGroup

Removes Logtail configurations from a machine group.

log:CreateIndex

Creates indexes for a Logstore.

log:GetIndex

Queries indexes of a Logstore.

log:UpdateIndex

Updates indexes of a Logstore.

log:DeleteIndex

Removes indexes from a Logstore.

log:CreateSavedSearch

Creates a saved search.

log:GetSavedSearch

Queries a saved search.

log:UpdateSavedSearch

Updates a saved search.

log:DeleteSavedSearch

Deletes a saved search.

log:CreateDashboard

Creates a dashboard.

log:GetDashboard

Queries a dashboard.

log:UpdateDashboard

Updates a dashboard.

log:DeleteDashboard

Deletes a dashboard.

log:CreateJob

Creates a task, such as an alert task or a subscription task.

log:GetJob

Queries a task.

log:DeleteJob

Deletes a task.

log:UpdateJob

Updates a task.

log:PostLogStoreLogs

Writes logs to a Logstore.

log:CreateSortedSubStore

Creates a sorted sub-Logstore.

log:GetSortedSubStore

Queries a sorted sub-Logstore.

log:ListSortedSubStore

Lists sorted sub-Logstores.

log:UpdateSortedSubStore

Updates a sorted sub-Logstore.

log:DeleteSortedSubStore

Deletes a sorted sub-Logstore.

log:CreateApp

Creates Simple Log Service applications such as Cost Manager and Log Audit Service.

log:UpdateApp

Updates Simple Log Service applications such as Cost Manager and Log Audit Service.

log:GetApp

Queries Simple Log Service applications such as Cost Manager and Log Audit Service.

log:DeleteApp

Deletes Simple Log Service applications such as Cost Manager and Log Audit Service.

cs:DescribeTemplates

Queries container templates.

cs:DescribeTemplateAttribute

Queries the attributes of a container template.

Permission (Action)

Description

vpc:DescribeVSwitches

Queries existing vSwitches.

vpc:DescribeVpcs

Queries existing VPCs.

vpc:AssociateEipAddress

Associates an EIP with an instance that resides in the same region as the EIP.

vpc:DescribeEipAddresses

Queries existing EIPs in a region.

vpc:AllocateEipAddress

Applies for an EIP.

vpc:ReleaseEipAddress

Releases an EIP.

Permission (Action)

Description

ecs:DescribeSecurityGroups

Queries the basic information about security groups.

ecs:CreateNetworkInterface

Creates an ENI.

ecs:CreateNetworkInterfacePermission

Creates ENI permissions.

ecs:DescribeNetworkInterfaces

Queries ENIs.

ecs:AttachNetworkInterface

Binds an ENI to a VPC-connected ECS instance.

ecs:DetachNetworkInterface

Unbinds an ENI from an ECS instance.

ecs:DeleteNetworkInterface

Deletes an ENI.

ecs:DeleteNetworkInterfacePermission

Revokes ENI permissions.

Permission (Action)

Description

pvtz:AddZone

Creates a private zone.

pvtz:DeleteZone

Deletes a private zone.

pvtz:DescribeZones

Queries private zones.

pvtz:DescribeZoneInfo

Queries the information about a private zone.

pvtz:BindZoneVpc

Binds a private zone to or unbinds a private zone from a VPC.

pvtz:AddZoneRecord

Adds a DNS record to a private zone.

pvtz:DeleteZoneRecord

Deletes a DNS record.

pvtz:DescribeZoneRecords

Queries DNS records.

Permission (Action)

Description

eci:CreateContainerGroup

Creates a pod.

eci:DeleteContainerGroup

Deletes a pod.

eci:DescribeContainerGroups

Queries the information about pods.

eci:DescribeContainerLog

Queries the logs of a pod.

eci:UpdateContainerGroup

Updates a pod.

eci:UpdateContainerGroupByTemplate

Updates an elastic container instance by using a template.

eci:CreateContainerGroupFromTemplate

Creates an elastic container instance by using a template.

eci:RestartContainerGroup

Restarts an elastic container instance.

eci:ExportContainerGroupTemplate

Exports an elastic container instance template.

eci:DescribeContainerGroupMetric

Queries the monitoring data of an elastic container instance.

eci:DescribeMultiContainerGroupMetric

Queries the monitoring data of multiple pods.

eci:ExecContainerCommand

Runs a command on a container.

eci:CreateImageCache

Creates an image cache.

eci:DescribeImageCaches

Queries the information about image caches.

eci:DeleteImageCache

Deletes an image cache.

Permission (Action)

Description

arms:CreateApp

Creates an application monitoring task.

arms:DeleteApp

Deletes an application monitoring task.

arms:ConfigAgentLabel

Modifies the tags of the application monitoring agent.

arms:GetAssumeRoleCredentials

Queries the key that is required for a RAM user to assume a RAM role during application monitoring.

arms:CreateProm

Creates a monitoring task based on Managed Service for Prometheus.

arms:SearchEvents

Queries alert events.

arms:SearchAlarmHistories

Queries the alert sending history.

arms:SearchAlertRules

Queries alert rules.

arms:GetAlertRules

Obtains alert rules.

arms:CreateAlertRules

Creates alert rules.

arms:UpdateAlertRules

Updates alert rules.

arms:StartAlertRule

Enables an alert rule.

arms:StopAlertRule

Disables an alert rule.

arms:CreateContact

Creates an alert contact.

arms:SearchContact

Queries an alert contact.

arms:UpdateContact

Updates an alert contact.

arms:CreateContactGroup

Creates an alert contact group.

arms:SearchContactGroup

Queries an alert contact group.

arms:UpdateContactGroup

Updates an alert contact group.

Permission (Action)

Description

cr:GetAuthorizationToken

Obtains a temporary account and password that are used to log on to a Container Registry instance.

cr:ListInstanceEndpoint

Queries endpoints of an instance.

cr:PullRepository

Pulls an image.

Permission (Action)

Description

ecs:ModifyInstanceAttribute

Modifies the information about an ECS instance, such as the password, name, description, hostname, security group, and user data. If the instance is a burstable instance, you can also change the performance mode of the instance.

ecs:AttachKeyPair

Binds an SSH key pair to one or more ECS instances that run the Linux operating system.

ecs:StopInstance

Stops an ECS instance that is in the Running state. After the action is performed, the state of the instance changes to Stopping and then to Stopped.

ecs:StartInstance

Starts an ECS instance. After the action is performed, the state of the ECS instance changes to Starting.

ecs:DescribeInvocations

Queries the execution list and status of Cloud Assistant commands.

ecs:DescribeInstanceAttribute

Queries the attributes of an ECS instance, such as the instance ID and description.

ecs:DescribeInstances

Queries the details of one or more ECS instances.

ecs:DeleteInstance

Releases a pay-as-you-go instance or an expired subscription instance.

ecs:RunCommand

Runs a Cloud Assistant command of the Shell, PowerShell, or Bat type on one or more ECS instances.

ecs:DescribeInvocationResults

Queries the result of running one or more Cloud Assistant commands on an ECS instance.

ecs:ReplaceSystemDisk

Replaces the system disk or the operating system of an ECS instance. If the system disk is replaced, the original cloud disk is released, and the ID of the new cloud disk is used.

ecs:DescribeUserData

Queries the user data of an ECS instance.

Permission

Description

ess:DescribeScalingGroups

Queries scaling groups.

ess:DescribeScalingConfigurations

Queries scaling configurations.

Permission (Action)

Description

cs:RepairClusterNodePool

Fixes the issues on the specified nodes in a managed node pool.

cs:DescribeClusterNodePoolDetail

Queries the details of a node pool in a cluster by node pool ID.

cs:DescribeTaskInfo

Queries the execution details of a task by task ID.

cs:FixNodePoolVuls

Automatically fixes node pool vulnerabilities in a cluster.

cs:DescribeTaskInfo

Queries the execution details of a task by task ID.

cs:CancelTask

Cancels a task.

cs:PauseTask

Pauses a task.

cs:ResumeTask

Resumes a task.

cs:DescribeNodePoolVuls

Queries node pool vulnerabilities in a cluster.

Permission (Action)

Description

ess:DescribeScalingGroups

Queries scaling groups.

ess:DescribeScalingInstances

Queries information about the ECS instances in a scaling group.

ess:DescribeScalingActivities

Queries scaling activities.

ess:DescribeScalingConfigurations

Queries scaling configurations.

ess:DescribeScalingRules

Queries information about the scaling rules in a scaling group.

ess:DescribeScheduledTasks

Queries scheduled tasks.

ess:DescribeLifecycleHooks

Queries lifecycle hooks.

ess:DescribeNotificationConfigurations

Queries notifications that you create for auto scaling events and resource changes.

ess:DescribeNotificationTypes

Queries the types of notifications for auto scaling events and resource changes.

ess:DescribeRegions

Queries the regions in which Auto Scaling is available.

ess:CreateScalingRule

Creates a scaling rule.

ess:ModifyScalingGroup

Modifies a scaling group.

ess:RemoveInstances

Deletes one or more ECS instances or elastic container instances from a scaling group.

ess:ExecuteScalingRule

Runs a scaling rule.

ess:ModifyScalingRule

Modifies a scaling rule.

ess:DeleteScalingRule

Deletes a scaling rule.

ess:DetachInstances

Removes one or more ECS instances or elastic container instances from a scaling group.

ess:CompleteLifecycleAction

Takes a scaling activity out of the wait state in advance.

ess:ScaleWithAdjustment

Scales instances in a scaling group based on the specified scaling rule.

Permission (Action)

Description

ecs:DescribeInstanceTypes

Queries all instance types of ECS instances or the instance type of an ECS instance.

ecs:DescribeImages

Queries available operating system images.

Permission (Action)

Description

cs:DeleteClusterNodes

Removes the specified nodes from a cluster by node name.

cs:DescribeClusterNodes

Queries the details of all nodes in a cluster by cluster ID

Permission (Action)

Description

vpc:DescribeVSwitches

Queries the information about available vSwitches that are used in an internal network.

Permission (Action)

Description

kms:GetSecretValue

Queries a secret.

kms:ListSecrets

Queries all secrets that are created by the current user in the current region.

kms:ListKeys

Queries the IDs of all CMKs of the current Alibaba Cloud account in the current region.

kms:ListSecretVersionIds

Queries all versions of a secret.

kms:ListAliasesByKeyId

Queries all aliases that are bound to a CMK.

kms:SetDeletionProtection

Enables or disables the deletion protection feature for a CMK.

kms:DescribeKey

Queries the details of a CMK.

kms:Encrypt

Encrypts plaintext by using a symmetric CMK.

kms:Decrypt

Decrypts the ciphertext that is specified by using CiphertextBlob.

Permission (Action)

Description

bssapi:QueryInstanceBill

Queries the billing information of instances or billable items in a billing cycle. This action is updated to DescribeInstanceBill. This action can be performed to query up to 50,000 data rows.

bssapi:DescribeInstanceBill

Queries the billing information of instances or billable items in a billing cycle.

Permission (Action)

Description

ecs:DescribeDisks

Queries one or more Elastic Block Storage (EBS) devices that you have created. The EBS devices include cloud disks and local disks.

ecs:DescribeSpotPriceHistory

Queries the price history of a preemptible instance in the previous 30 days.

ecs:DescribeInstances

Queries the details of one or more ECS instances.

ecs:DescribePrice

Queries the most recent prices of ECS resources.

Permission (Action)

Description

eci: DescribeContainerGroupPrice

Queries the price of an elastic container instance.

Permission

Description

eflo:ListNetworkInterfaces

Queries Lingjun network interfaces (LNIs).

eflo:GetNetworkInterface

Queries information about an LNI.

eflo:AssignPrivateIpAddress

Applies for a private secondary IP address for the current LNI. You can also perform this action to assign a secondary Media Access Control (MAC) address to the current LNI.

eflo:UnAssignPrivateIpAddress

Deletes an assigned secondary private IP address.

eflo:UpdateNetworkInterfacePrivateMac

Changes the MAC address of an LNI.

Permission (Action)

Description

hbr:CreateVault

Creates a backup vault.

hbr:CreateBackupJob

Creates a manual backup task.

hbr:DescribeVaults

Queries one or more backup vaults that meet the specified conditions.

hbr:DescribeBackupJobs2

Queries one or more backup tasks that meet the specified conditions.

hbr:DescribeRestoreJobs

Queries a restoration task.

hbr:SearchHistoricalSnapshots

Queries one or more historical backup snapshots that meet the specified conditions.

hbr:CreateRestoreJob

Creates a restoration task.

hbr:AddContainerCluster

Registers a Kubernetes cluster.

hbr:DescribeContainerCluster

Queries one or more Kubernetes clusters that meet the specified conditions.

hbr:DescribeRestoreJobs2

Queries one or more restore tasks that meet the specified conditions.

Permissions

Description

oss:PutObject

Uploads an object.

oss:IsObjectExist

Checks whether an object exists.

oss:ListObjects

Queries the information about all objects in a bucket.

oss:GetObject

Queries an object.

oss:DeleteObject

Deletes an object.

oss:GetBucket

Queries the information about a bucket.

Permission (Action)

Description

slb:CreateLoadBalancer

Creates an SLB instance.

slb:DeleteLoadBalancer

Deletes an SLB instance.

slb:DescribeLoadBalancers

Queries existing SLB instances.

slb:DescribeLoadBalancerAttribute

Queries the details of an SLB instance.

slb:CreateAccessControlList

Creates an access control list (ACL).

slb:DeleteAccessControlList

Deletes an ACL.

slb:AddAccessControlListEntry

Adds IP entries to an ACL.

slb:RemoveAccessControlListEntry

Removes IP entries from an ACL.

slb:DescribeAccessControlListAttribute

Queries the configurations of an ACL.

slb:DescribeAccessControlLists

Queries existing ACLs.

slb:TagResources

Adds tags to resources.

Permission (Action)

Description

vpc:AllocateEipAddress

Assigns an EIP to a VPC.

vpc:AssociateEipAddress

Binds an EIP to a VPC.

vpc:UnassociateEipAddress

Unbinds an EIP from a VPC.

vpc:ReleaseEipAddress

Releases an EIP.

vpc:DescribeEipAddresses

Queries the configurations of an EIP.

vpc:DescribeVpcs

Queries created VPCs.

vpc:DescribeRouteEntryList

Queries routes.

Permission (Action)

Description

ens:CreateLoadBalancer

Creates an SLB instance.

ens:ReleaseInstance

Releases an SLB instance.

ens:SetLoadBalancerStatus

Modifies the state of an SLB instance.

ens:ModifyLoadBalancerAttribute

Modifies the information about an SLB instance.

ens:SetBackendServers

Specifies weights for backend servers.

ens:AddBackendServers

Adds backend servers.

ens:RemoveBackendServers

Removes backend servers.

ens:CreateLoadBalancerUDPListener

Creates a UDP listener.

ens:SetLoadBalancerUDPListenerAttribute

Modifies the configurations of a UDP listener.

ens:CreateLoadBalancerTCPListener

Creates a TCP listener.

ens:SetLoadBalancerTCPListenerAttribute

Modifies the configurations of a TCP listener.

ens:StartLoadBalancerListener

Starts a listener.

ens:StopLoadBalancerListener

Stops a listener.

ens:DeleteLoadBalancerListener

Deletes a listener.

ens:CreateLoadBalancerHTTPListener

Creates an HTTP listener.

ens:SetLoadBalancerHTTPListenerAttribute

Modifies the configurations of an HTTP listener.

ens:CreateLoadBalancerHTTPSListener

Creates an HTTPS listener.

ens:SetLoadBalancerHTTPSListenerAttribute

Modifies the configurations of an HTTPS listener.

ens:CreateEipInstance

Create an EIP.

ens:ModifyEnsEipAddressAttribute

Modifies the name and description of an EIP.

ens:AssociateEnsEipAddress

Associates an EIP with an instance that resides in the same region as the EIP.

ens:UnAssociateEnsEipAddress

Disassociates an EIP from a cloud resource.

ens:DescribeNetworks

Queries VPCs.

ens:DescribeInstances

Queries the details of one or more instances.

ens:DescribeLoadBalancers

Queries existing SLB instances.

ens:DescribeLoadBalancerAttribute

Queries the details of an SLB instance.

ens:DescribeLoadBalancerUDPListenerAttribute

Queries the configurations of a UDP listener.

ens:DescribeLoadBalancerTCPListenerAttribute

Queries the configurations of a TCP listener.

ens:DescribeLoadBalancerHTTPListenerAttribute

Queries the configurations of an HTTP listener.

ens:DescribeLoadBalancerHTTPSListenerAttribute

Queries the configurations of an HTTPS listener.

ens:DescribeEnsEipAddresses

Queries existing EIPs.