全部產品
Search

搜尋本產品

    Elastic Compute Service:授權信息

    文件中心

    Elastic Compute Service:授權信息

    更新時間:Nov 14, 2024
    访问控制(RAM)是阿里云提供的管理用户身份与资源访问权限的服务。使用RAM可以让您避免与其他用户共享阿里云账号密钥,并可按需为用户授予最小权限。RAM中使用权限策略描述授权的具体内容。
    本文为您介绍ECS为RAM权限策略定义的操作(Action)、资源(Resource)和条件(Condition)。ECS的RAM代码(RamCode)为[{"popCode":"Ecs","ramCodes":["ecs","vpc"]},{"popCode":"ecs-workbench","ramCodes":["ecs-workbench"]}],支持的授权粒度为ECS RESOURCE

    权限策略通用结构

    权限策略支持JSON格式,其通用结构如下:
    {
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}
    各字段含义如下:
    • Effect:权限策略效果。取值:Allow(允许)、Deny(拒绝)。
    • Action:授予允许或拒绝权限的具体操作。具体信息,请参见操作(Action)
    • Resource:受操作影响的具体对象,您可以使用资源ARN来描述指定资源。具体信息,请参见资源(Resource)
    • Condition:指授权生效的条件。可选字段。具体信息,请参见条件(Condition)
      • Condition_operator:条件运算符,不同类型的条件对应不同的条件运算符。具体信息,请参见权限策略基本元素
      • Condition_key:条件关键字。
      • Condition_value:条件关键字对应的值。

    操作(Action)

    下表是ECS定义的操作,这些操作可以在RAM权限策略语句的Action元素中使用,用来授予执行该操作的权限。下面对表中的具体项提供说明:
    • 操作:是指具体的权限点。
    • API:是指操作对应的API接口。
    • 访问级别:是指每个操作的访问级别,取值为写入(Write)、读取(Read)或列出(List)。
    • 资源类型:是指操作中支持授权的资源类型。具体说明如下:
      • 对于必选的资源类型,用背景高亮的方式表示。
      • 对于不支持资源级授权的操作,用全部资源表示。
    • 条件关键字:是指云产品自身定义的条件关键字。该列不体现适用于任何操作的通用条件关键字
    • 关联操作:是指成功执行操作所需要的其他权限。操作者必须同时具备关联操作的权限,操作才能成功。
    操作API访问级别资源类型条件关键字关联操作
    ecs:DescribeActivationsDescribeActivationsget
    Activation
    acs:ecs:{#regionId}:{#accountId}:activation/*
    Activation
    acs:ecs:{#regionId}:{#accountId}:activation/{#activationId}
    ecs:DescribeSecurityGroupsDescribeSecurityGroupsget
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/*
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:tag
    ecs:tag
    ecs:tag
    ecs:tag
    ecs:DescribeHpcClustersDescribeHpcClustersget
    HpcCluster
    acs:ecs:{#regionId}:{#accountId}:hpc/*
    ecs:ModifyDiskChargeTypeModifyDiskChargeTypeupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeTagsDescribeTagsget
    全部资源
    *
    ecs:DescribeDedicatedHostClustersDescribeDedicatedHostClustersget
    DedicatedHostCluster
    acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}
    DedicatedHostCluster
    acs:ecs:{#regionId}:{#accountId}:ddhcluster/*
    ecs:DescribeImagePipelineExecutionsDescribeImagePipelineExecutionsget
    全部资源
    *
    ecs:ModifyInstanceDeploymentModifyInstanceDeploymentupdate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeInstanceHistoryEventsDescribeInstanceHistoryEventsget
    全部资源
    *
    ecs:ModifyInstanceAutoReleaseTimeModifyInstanceAutoReleaseTimeupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ListTagResourcesListTagResourcesget
    全部资源
    *
    ecs:DescribePriceDescribePriceget
    全部资源
    *
    ecs:ModifyImageShareGroupPermissionModifyImageShareGroupPermissionupdate
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:DescribeDiskMonitorDataDescribeDiskMonitorDataget
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:ModifyReservedInstanceAttributeModifyReservedInstanceAttributeupdate
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}
    ecs:SendFileSendFileupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:PurchaseReservedInstancesOfferingPurchaseReservedInstancesOfferingcreate
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/*
    ecs:StopInvocationStopInvocationupdate
    全部资源
    *
    ecs:DescribeRenewalPriceDescribeRenewalPriceget
    全部资源
    *
    ecs:TagResourcesTagResourcescreate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    KeyPair
    acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}
    LaunchTemplate
    acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    AutoSnapshotPolicy
    acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#SnapshotPolicyId}
    ecs:DescribeReservedInstancesDescribeReservedInstancesget
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/*
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}
    ecs:ModifyLaunchTemplateDefaultVersionModifyLaunchTemplateDefaultVersionupdate
    全部资源
    *
    ecs:DeleteLaunchTemplateVersionDeleteLaunchTemplateVersiondelete
    LaunchTemplate
    acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}
    ecs:CreateSecurityGroupCreateSecurityGroupcreate
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/*
    VPC
    acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId}
    ecs:ModifySecurityGroupPolicyModifySecurityGroupPolicyupdate
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:UnassignPrivateIpAddressesUnassignPrivateIpAddressesdelete
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:CopyImageCopyImageupdate
    全部资源
    *
    ecs:RunCommandRunCommandupdate
    全部资源
    *
    ecs:CommandRunAs
    ecs:ModifySecurityGroupRuleModifySecurityGroupRuleupdate
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:SecurityGroupIpProtocols
    ecs:SecurityGroupSourceCidrIps
    ecs:JoinResourceGroupJoinResourceGroupupdate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    KeyPair
    acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}
    LaunchTemplate
    acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#SnapshotId}
    ecs:ModifyDedicatedHostClusterAttributeModifyDedicatedHostClusterAttributeupdate
    ddhcluster
    acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}
    ecs:UntagResourcesUntagResourcesdelete
    全部资源
    *
    ecs:ReportInstancesStatusReportInstancesStatusget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ModifyStorageSetAttributeModifyStorageSetAttributeupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:DescribeNetworkInterfacePermissionsDescribeNetworkInterfacePermissionsget
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:ModifyDiskSpecModifyDiskSpecupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:DescribeInstancesFullStatusDescribeInstancesFullStatusget
    全部资源
    *
    ecs:CreateAutoProvisioningGroupCreateAutoProvisioningGroupcreate
    全部资源
    *
    ecs:DescribeSnapshotsUsageDescribeSnapshotsUsageget
    全部资源
    *
    ecs:RevokeSecurityGroupRevokeSecurityGroupdelete
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:tag
    ecs:tag
    ecs:tag
    ecs:DescribePrefixListsDescribePrefixListsget
    PrefixList
    acs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}
    ecs:DescribePrefixListAttributesDescribePrefixListAttributesget
    PrefixList
    acs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}
    ecs:ModifySecurityGroupAttributeModifySecurityGroupAttributeupdate
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:ModifySecurityGroupEgressRuleModifySecurityGroupEgressRuleupdate
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:tag
    ecs:tag
    ecs:SecurityGroupIpProtocols
    ecs:SecurityGroupSourceCidrIps
    ecs:CreatePrefixListCreatePrefixListcreate
    全部资源
    *
    ecs:DetachNetworkInterfaceDetachNetworkInterfaceupdate
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ModifyAutoSnapshotPolicyModifyAutoSnapshotPolicyupdate
    全部资源
    *
    ecs:ModifyDedicatedHostAutoRenewAttributeModifyDedicatedHostAutoRenewAttributeupdate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    ecs:DeleteDeploymentSetDeleteDeploymentSetdelete
    DeploymentSet
    acs:ecs:{#regionid}:{#accountId}:deploymentset/{#deploymentSetId}
    ecs:CreateImagePipelineCreateImagePipelinecreate
    ImagePipeline
    acs:ecs:{#regionId}:{#accountId}:imagepipeline/*
    ecs:ModifyInvocationAttributeModifyInvocationAttributeupdate
    全部资源
    *
    ecs:ModifyPrepayInstanceSpecModifyPrepayInstanceSpecupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DeleteInstanceDeleteInstancedelete
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:RenewInstanceRenewInstanceupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:PurchaseElasticityAssurancePurchaseElasticityAssuranceupdate
    全部资源
    *
    ecs:ConvertNatPublicIpToEipConvertNatPublicIpToEipupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:AuthorizeSecurityGroupEgressAuthorizeSecurityGroupEgresscreate
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:SecurityGroupIpProtocols
    ecs:SecurityGroupSourceCidrIps
    ecs:CreateStorageSetCreateStorageSetcreate
    全部资源
    *
    ecs:DescribeReservedInstanceAutoRenewAttributeDescribeReservedInstanceAutoRenewAttributeget
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#ReservedInstanceId}
    ecs:DescribeAutoSnapshotPolicyEXDescribeAutoSnapshotPolicyExget
    AutoSnapshotPolicy
    acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/*
    AutoSnapshotPolicy
    acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId}
    ecs:DeregisterManagedInstanceDeregisterManagedInstanceupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeCapacityReservationsDescribeCapacityReservationsget
    CapacityReservation
    acs:ecs:{#regionId}:{#accountId}:capacityreservation/*
    ecs:ModifyManagedInstanceModifyManagedInstanceupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CreateDedicatedHostClusterCreateDedicatedHostClustercreate
    全部资源
    *
    ecs:DescribeClassicLinkInstancesDescribeClassicLinkInstancesget
    全部资源
    *
    ecs:AttachKeyPairAttachKeyPairupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    KeyPair
    acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairName}
    ecs:DescribeEniMonitorDataDescribeEniMonitorDataget
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CreateKeyPairCreateKeyPaircreate
    KeyPair
    acs:ecs:{#regionId}:{#accountId}:keypair/*
    ecs:DescribeInstanceVncUrlDescribeInstanceVncUrlget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ListPluginStatusListPluginStatusget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId}
    ecs:DescribeInstanceAttributeDescribeInstanceAttributeget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeImageSupportInstanceTypesDescribeImageSupportInstanceTypesget
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:CancelSimulatedSystemEventsCancelSimulatedSystemEventsupdate
    全部资源
    *
    ecs:DescribeSnapshotPackageDescribeSnapshotPackageget
    全部资源
    *
    ecs:ModifyHpcClusterAttributeModifyHpcClusterAttributeupdate
    全部资源
    *
    ecs:CreateNetworkInterfaceCreateNetworkInterfacecreate
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/*
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    VSwitch
    acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId}
    vpc:IsDefaultVSwitch
    vpc:IsDefaultVpc
    vpc:VPC
    vpc:tag
    vpc:tag
    vpc:tag
    ecs:RebootInstancesRebootInstancesupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeInstanceStatusDescribeInstanceStatusget
    全部资源
    *
    ecs:ModifyPrefixListModifyPrefixListupdate
    PrefixList
    acs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}
    ecs:ExportImageExportImageupdate
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:StopInstanceStopInstanceupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ModifyInstanceAutoRenewAttributeModifyInstanceAutoRenewAttributeupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CreateCommandCreateCommandcreate
    Command
    acs:ecs:{#regionId}:{#accountId}:command/*
    ecs:DeleteDiagnosticReportsDeleteDiagnosticReportsdelete
    全部资源
    *
    ecs:RevokeSecurityGroupEgressRevokeSecurityGroupEgressdelete
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:tag
    ecs:tag
    ecs:tag
    ecs:DescribeResourceByTagsDescribeResourceByTagsget
    全部资源
    *
    ecs:DeleteImagePipelineDeleteImagePipelinedelete
    ImagePipeline
    acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId}
    ecs:ModifyDedicatedHostAutoReleaseTimeModifyDedicatedHostAutoReleaseTimeupdate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    ecs:DeleteNetworkInterfaceDeleteNetworkInterfacedelete
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:ModifyCloudAssistantSettingsModifyCloudAssistantSettingsupdate
    ServiceSettings
    acs:ecs:{#regionId}:{#accountId}:servicesettings/{#servicesettingId}
    ecs:ModifyElasticityAssuranceModifyElasticityAssuranceupdate
    全部资源
    *
    ecs:AllocateDedicatedHostsAllocateDedicatedHostscreate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/*
    ecs:DescribeNetworkInterfaceAttributeDescribeNetworkInterfaceAttributeget
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:ModifyImageSharePermissionModifyImageSharePermissionupdate
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:DescribeTerminalSessionsDescribeTerminalSessionslist
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId}
    ecs:DescribeCloudAssistantSettingsDescribeCloudAssistantSettingslist
    ServiceSettings
    acs:ecs:{#regionId}:{#accountId}:servicesettings/{#servicesettingId}
    ecs:ModifyUserBusinessBehaviorModifyUserBusinessBehaviorupdate
    全部资源
    *
    ecs:DeleteInstancesDeleteInstancesdelete
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DeleteDiagnosticMetricSetsDeleteDiagnosticMetricSetsdelete
    全部资源
    *
    ecs:StartInstanceStartInstanceupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:AuthorizeSecurityGroupAuthorizeSecurityGroupcreate
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:SecurityGroupIpProtocols
    ecs:SecurityGroupSourceCidrIps
    ecs:DescribeManagedInstancesDescribeManagedInstancesget
    全部资源
    *
    ecs:GetInstanceScreenshotGetInstanceScreenshotget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ImportImageImportImageupdate
    全部资源
    *
    ecs:DeleteSecurityGroupDeleteSecurityGroupdelete
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:ModifyInstanceAttributeModifyInstanceAttributeupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#SecurityGroupId}
    ecs:tag
    ecs:tag
    ecs:tag
    ecs:tag
    ecs:CreateActivationCreateActivationcreate
    Activation
    acs:ecs:{#regionId}:{#accountId}:activation/*
    ecs:DeleteActivationDeleteActivationdelete
    activation
    acs:ecs:{#regionId}:{#accountId}:activation/{#activationId}
    ecs:DescribeAccountAttributesDescribeAccountAttributesget
    全部资源
    *
    ecs:DeleteImageComponentDeleteImageComponentdelete
    ImageComponent
    acs:ecs:{#regionId}:{#accountId}:imagecomponent/{#imagecomponentId}
    ecs:DescribeImageFromFamilyDescribeImageFromFamilyget
    全部资源
    *
    ecs:DescribeImagePipelinesDescribeImagePipelinesget
    ImagePipeline
    acs:ecs:{#regionId}:{#accountId}:imagepipeline/*
    ImagePipeline
    acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId}
    ecs:ModifyInstanceMaintenanceAttributesModifyInstanceMaintenanceAttributesupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CreateDiagnosticMetricSetCreateDiagnosticMetricSetcreate
    全部资源
    *
    ecs:DescribeDiagnosticReportsDescribeDiagnosticReportsget
    全部资源
    *
    ecs:DescribeImagesDescribeImagesget
    Image
    acs:ecs:{#regionId}:{#accountId}:image/*
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:DeleteDedicatedHostClusterDeleteDedicatedHostClusterdelete
    DedicatedHostCluster
    acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}
    ecs:ModifyDiagnosticMetricSetModifyDiagnosticMetricSetupdate
    全部资源
    *
    ecs:RebootInstanceRebootInstanceupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:AttachInstanceRamRoleAttachInstanceRamRoleupdate
    全部资源
    *
    ecs:DescribeLimitationDescribeLimitationget
    全部资源
    *
    ecs:DescribeDiagnosticMetricsDescribeDiagnosticMetricsget
    全部资源
    *
    ecs:DeleteKeyPairsDeleteKeyPairsdelete
    KeyPair
    acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairName}
    ecs:CreateInstanceCreateInstancecreate
    全部资源
    *
    vpc:VPC
    vpc:IsDefaultVSwitch
    vpc:IsDefaultVpc
    ecs:IsDiskEncrypted
    ecs:InstanceType
    ecs:InstanceTypeFamily
    ecs:ImageOwnerId
    ecs:ImageSource
    ecs:NotSpecifySecurityGroupId
    ecs:DescribeDeploymentSetsDescribeDeploymentSetsget
    DeploymentSet
    acs:ecs:{#regionId}:{#accountId}:deploymentset/*
    ecs:AssignPrivateIpAddressesAssignPrivateIpAddressescreate
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:CreateSimulatedSystemEventsCreateSimulatedSystemEventscreate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ReActivateInstancesReActivateInstancesupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ReleaseCapacityReservationReleaseCapacityReservationdelete
    全部资源
    *
    ecs:ModifyNetworkInterfaceAttributeModifyNetworkInterfaceAttributeupdate
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:ResetDiskResetDiskupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:DescribeDiagnosticReportAttributesDescribeDiagnosticReportAttributesget
    全部资源
    *
    ecs:GetInstanceConsoleOutputGetInstanceConsoleOutputget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:AddTagsAddTagscreate
    全部资源
    *
    ecs:ModifyCommandModifyCommandupdate
    Command
    acs:ecs:{#regionId}:{#accountId}:command/{#commandId}
    ecs:DescribeKeyPairsDescribeKeyPairsget
    KeyPair
    acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairName}
    KeyPair
    acs:ecs:{#regionId}:{#accountId}:keypair/*
    ecs:CreateDiagnosticReportCreateDiagnosticReportcreate
    全部资源
    *
    ecs:ModifyDeploymentSetAttributeModifyDeploymentSetAttributeupdate
    DeploymentSet
    acs:ecs:{#regionId}:{#accountId}:deploymentset/{#DeploymentSetId}
    ecs:ApplyAutoSnapshotPolicyApplyAutoSnapshotPolicyupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    AutoSnapshotPolicy
    acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId}
    ecs:ModifyAutoProvisioningGroupModifyAutoProvisioningGroupupdate
    autoprovisioninggroup
    acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId}
    ecs:DetachKeyPairDetachKeyPairupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    KeyPair
    acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairName}
    ecs:ModifyImageAttributeModifyImageAttributeupdate
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:ModifyDedicatedHostsChargeTypeModifyDedicatedHostsChargeTypeupdate
    全部资源
    *
    ecs:DeleteSnapshotDeleteSnapshotdelete
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:ModifyInstanceMetadataOptionsModifyInstanceMetadataOptionsupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CancelTaskCancelTaskupdate
    全部资源
    *
    ecs:DescribeAutoProvisioningGroupInstancesDescribeAutoProvisioningGroupInstancesget
    AutoProvisioningGroup
    acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId}
    ecs:ModifyInstanceSpecModifyInstanceSpecupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ResetDisksResetDisksupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:DescribeInstanceRamRoleDescribeInstanceRamRoleget
    全部资源
    *
    ecs:StartInstancesStartInstancesupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeLaunchTemplatesDescribeLaunchTemplatesget
    LaunchTemplate
    acs:ecs:{#regionId}:{#accountId}:launchtemplate/*
    LaunchTemplate
    acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}
    ecs:DescribeSecurityGroupAttributeDescribeSecurityGroupAttributeget
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:tag
    ecs:DescribeSecurityGroupReferencesDescribeSecurityGroupReferencesget
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:DescribeUserDataDescribeUserDataget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeInstanceAttachmentAttributesDescribeInstanceAttachmentAttributesget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeNetworkInterfacesDescribeNetworkInterfacesget
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:ModifyAutoSnapshotPolicyExModifyAutoSnapshotPolicyExupdate
    全部资源
    *
    ecs:DetachInstanceRamRoleDetachInstanceRamRoleupdate
    全部资源
    *
    ecs:RedeployDedicatedHostRedeployDedicatedHostupdate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    ecs:AttachClassicLinkVpcAttachClassicLinkVpcupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    VPC
    acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId}
    vpc:tag
    ecs:DescribeInstanceMaintenanceAttributesDescribeInstanceMaintenanceAttributesget
    全部资源
    *
    ecs:DeleteCommandDeleteCommanddelete
    Command
    acs:ecs:{#regionId}:{#accountId}:command/{#commandId}
    ecs:CreateDemandCreateDemandcreate
    全部资源
    *
    ecs:DeleteNetworkInterfacePermissionDeleteNetworkInterfacePermissiondelete
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:ImportKeyPairImportKeyPaircreate
    全部资源
    *
    ecs:DescribeUserBusinessBehaviorDescribeUserBusinessBehaviorget
    全部资源
    *
    ecs:PurchaseStorageCapacityUnitPurchaseStorageCapacityUnitcreate
    StorageCapacityUnit
    acs:ecs:{#regionId}:{#accountId}:scu/*
    ecs:CreateImageCreateImagecreate
    Image
    acs:ecs:{#regionId}:{#accountId}:image/*
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:DescribeLaunchTemplateVersionsDescribeLaunchTemplateVersionsget
    全部资源
    *
    ecs:AcceptInquiredSystemEventAcceptInquiredSystemEventupdate
    全部资源
    *
    ecs:DeleteImageDeleteImagedelete
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:DescribeCommandsDescribeCommandsget
    Command
    acs:ecs:{#regionId}:{#accountId}:command/*
    Command
    acs:ecs:{#regionId}:{#accountId}:command/{#commandId}
    ecs:DescribeResourcesModificationDescribeResourcesModificationget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CreateHpcClusterCreateHpcClustercreate
    HpcCluster
    acs:ecs:{#regionId}:{#accountId}:hpc/*
    ecs:RenewReservedInstancesRenewReservedInstancescreate
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#ReservedInstanceId}
    ecs:DescribeSnapshotMonitorDataDescribeSnapshotMonitorDataget
    全部资源
    *
    ecs:ModifyInstanceVncPasswdModifyInstanceVncPasswdupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:InvokeCommandInvokeCommandupdate
    Command
    acs:ecs:{#regionId}:{#accountId}:command/{#commandId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CommandRunAs
    ecs:DescribeDisksFullStatusDescribeDisksFullStatusget
    全部资源
    *
    ecs:DeleteAutoProvisioningGroupDeleteAutoProvisioningGroupdelete
    AutoProvisioningGroup
    acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId}
    ecs:DescribeDedicatedHostAutoRenewDescribeDedicatedHostAutoRenewget
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    ecs:DescribeElasticityAssurancesDescribeElasticityAssurancesget
    ElasticityAssurance
    acs:ecs:{#regionId}:{#accountId}:elasticityassurance/*
    ecs:DeleteAutoSnapshotPolicyDeleteAutoSnapshotPolicydelete
    AutoSnapshotPolicy
    acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#SnapshotPolicyId}
    ecs:DeleteDemandDeleteDemanddelete
    全部资源
    *
    ecs:DescribeDiskEncryptionByDefaultStatusDescribeDiskEncryptionByDefaultStatusnone
    全部资源
    *
    ecs:DeleteSnapshotGroupDeleteSnapshotGroupdelete
    SnapshotGroup
    acs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#snapshotgroupId}
    ecs:DescribeSnapshotLinksDescribeSnapshotLinksget
    全部资源
    *
    ecs:DescribeStorageCapacityUnitsDescribeStorageCapacityUnitsget
    StorageCapacityUnit
    acs:ecs:{#regionId}:{#accountId}:scu/*
    StorageCapacityUnit
    acs:ecs:{#regionId}:{#accountId}:scu/{#scuId}
    ecs:ReInitDiskReInitDiskupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:StartImagePipelineExecutionStartImagePipelineExecutionupdate
    ImagePipeline
    acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId}
    ecs:StartTerminalSessionStartTerminalSessionupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:RenewElasticityAssurancesRenewElasticityAssurancescreate
    ElasticityAssurance
    acs:ecs:{#regionId}:{#accountId}:elasticityassurance/{#ElasticityAssuranceId}
    ecs:CancelCopyImageCancelCopyImageupdate
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:DescribeDiagnosticMetricSetsDescribeDiagnosticMetricSetsget
    全部资源
    *
    ecs:DescribeTaskAttributeDescribeTaskAttributeget
    全部资源
    *
    ecs:DescribeCapacityReservationInstancesDescribeCapacityReservationInstancesget
    全部资源
    *
    ecs:ModifyInstanceAttachmentAttributesModifyInstanceAttachmentAttributesupdate
    全部资源
    *
    ecs:ModifyInstanceNetworkSpecModifyInstanceNetworkSpecupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeElasticityAssuranceInstancesDescribeElasticityAssuranceInstancesget
    全部资源
    *
    ecs:JoinSecurityGroupJoinSecurityGroupupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:ModifyReservedInstancesModifyReservedInstancesupdate
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}
    ecs:ModifySnapshotAttributeModifySnapshotAttributeupdate
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:CancelAutoSnapshotPolicyCancelAutoSnapshotPolicyupdate
    全部资源
    *
    ecs:ReplaceSystemDiskReplaceSystemDiskupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CreateAutoSnapshotPolicyCreateAutoSnapshotPolicycreate
    AutoSnapshotPolicy
    acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/*
    ecs:CancelImagePipelineExecutionCancelImagePipelineExecutionupdate
    ImagePipeline
    acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId}
    ecs:ReleasePublicIpAddressReleasePublicIpAddressdelete
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeInvocationResultsDescribeInvocationResultsget
    全部资源
    *
    ecs:AttachNetworkInterfaceAttachNetworkInterfaceupdate
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DeletePrefixListDeletePrefixListdelete
    PrefixList
    acs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}
    ecs:CreateNetworkInterfacePermissionCreateNetworkInterfacePermissioncreate
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:DescribeInvocationsDescribeInvocationsget
    全部资源
    *
    ecs:AssignIpv6AddressesAssignIpv6Addressescreate
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:DescribeCloudAssistantStatusDescribeCloudAssistantStatusget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CreateImageComponentCreateImageComponentcreate
    ImageComponent
    acs:ecs:{#regionId}:{#accountId}:imagecomponent/*
    ecs:CreateDeploymentSetCreateDeploymentSetcreate
    全部资源
    *
    ecs:DescribePrefixListAssociationsDescribePrefixListAssociationsget
    PrefixList
    acs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}
    ecs:DescribeStorageSetsDescribeStorageSetsget
    全部资源
    *
    ecs:DescribeAutoProvisioningGroupHistoryDescribeAutoProvisioningGroupHistoryget
    全部资源
    *
    ecs:DescribeDemandsDescribeDemandsget
    全部资源
    *
    ecs:DeleteHpcClusterDeleteHpcClusterdelete
    全部资源
    *
    ecs:DescribeBandwidthLimitationDescribeBandwidthLimitationget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DetachClassicLinkVpcDetachClassicLinkVpcupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    VPC
    acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId}
    ecs:DescribeDisksDescribeDiskslist
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/*
    ecs:ExportSnapshotExportSnapshotcreate
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:DeleteStorageSetDeleteStorageSetdelete
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:DescribeSendFileResultsDescribeSendFileResultsget
    全部资源
    *
    ecs:DescribeAutoProvisioningGroupsDescribeAutoProvisioningGroupsget
    全部资源
    *
    ecs:DetachDiskDetachDiskupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DisableActivationDisableActivationupdate
    Activation
    acs:ecs:{#regionId}:{#accountId}:activation/{#ActivationId}
    ecs:DescribeImageSharePermissionDescribeImageSharePermissionget
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:ModifyCapacityReservationModifyCapacityReservationupdate
    全部资源
    *
    ecs:DescribeTasksDescribeTasksget
    全部资源
    *
    ecs:DescribeInstanceModificationPriceDescribeInstanceModificationPriceget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId}
    ecs:ModifyDiskAttributeModifyDiskAttributeupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:RunInstancesRunInstancescreate
    全部资源
    *
    vpc:IsDefaultVSwitch
    vpc:IsDefaultVpc
    vpc:VPC
    ecs:IsDiskEncrypted
    ecs:InstanceTypeFamily
    ecs:InstanceType
    ecs:ImageOwnerId
    ecs:ImageSource
    ecs:NotSpecifySecurityGroupId
    ecs:DescribeInstanceAutoRenewAttributeDescribeInstanceAutoRenewAttributeget
    全部资源
    *
    ecs:DescribeInstanceMonitorDataDescribeInstanceMonitorDataget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:AllocatePublicIpAddressAllocatePublicIpAddresscreate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CreateLaunchTemplateCreateLaunchTemplatecreate
    LaunchTemplate
    acs:ecs:{#regionId}:{#accountId}:launchtemplate/*
    ecs:AttachDiskAttachDiskupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeStorageSetDetailsDescribeStorageSetDetailsget
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:DeleteLaunchTemplateDeleteLaunchTemplatedelete
    全部资源
    *
    ecs:CreateLaunchTemplateVersionCreateLaunchTemplateVersioncreate
    LaunchTemplate
    acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}
    ecs:ModifyStorageCapacityUnitAttributeModifyStorageCapacityUnitAttributeupdate
    StorageCapacityUnit
    acs:ecs:{#regionId}:{#accountId}:scu/{#scuId}
    ecs:DescribeSnapshotsDescribeSnapshotsget
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/*
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:ModifyDedicatedHostAttributeModifyDedicatedHostAttributeupdate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    DedicatedHostCluster
    acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}
    ecs:LeaveSecurityGroupLeaveSecurityGroupupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:ModifySnapshotGroupModifySnapshotGroupupdate
    SnapshotGroup
    acs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#SnapshotGroupId}
    ecs:ResizeDiskResizeDiskupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:DescribeImageComponentsDescribeImageComponentsget
    ImageComponent
    acs:ecs:{#regionId}:{#accountId}:imagecomponent/*
    ImageComponent
    acs:ecs:{#regionId}:{#accountId}:imagecomponent/{#imagecomponentId}
    ecs:UnassignIpv6AddressesUnassignIpv6Addressesdelete
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:CreateSnapshotCreateSnapshotcreate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/*
    ecs:CreateDiskCreateDiskcreate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/*
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:IsDiskEncrypted
    ecs:ReleaseDedicatedHostReleaseDedicatedHostdelete
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    ecs:DeleteDiskDeleteDiskdelete
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:CreateSnapshotGroupCreateSnapshotGroupcreate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:RemoveTagsRemoveTagsdelete
    全部资源
    *
    ecs:StopInstancesStopInstancesupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeDedicatedHostsDescribeDedicatedHostsget
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/*
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    ecs:RedeployInstanceRedeployInstanceupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeInstancesDescribeInstancesget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/*
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ResourceOwner
    ecs:RenewDedicatedHostsRenewDedicatedHostsupdate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    ecs:CopySnapshotCopySnapshotcreate
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:DescribeSnapshotGroupsDescribeSnapshotGroupsget
    SnapshotGroup
    acs:ecs:{#regionId}:{#accountId}:snapshotgroup/*
    SnapshotGroup
    acs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#snapshotgroupId}
    ecs:InstallCloudAssistantInstallCloudAssistantupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ModifyInstanceChargeTypeModifyInstanceChargeTypeupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ModifyReservedInstanceAutoRenewAttributeModifyReservedInstanceAutoRenewAttributeupdate
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#ReservedInstanceId}
    ecs:ModifyInstanceVpcAttributeModifyInstanceVpcAttributeupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    VSwitch
    acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId}
    vpc:tag
    vpc:VPC
    ecs:CreateElasticityAssuranceCreateElasticityAssurancecreate
    ElasticityAssurance
    acs:ecs:{#regionId}:{#accountId}:elasticityassurance/*
    ecs:CreateCapacityReservationCreateCapacityReservationcreate
    CapacityReservation
    acs:ecs:{#regionId}:{#accountId}:capacityreservation/*
    vpc:RemoveBandwidthPackageIpsRemoveBandwidthPackageIpsdelete
    BandwidthPackage
    acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}
    vpc:TerminateVirtualBorderRouterTerminateVirtualBorderRouterupdate
    VirtualBorderRouter
    acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}
    vpc:ModifyEipAddressAttributeModifyEipAddressAttributeupdate
    Address
    acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}
    vpc:CreateRouterInterfaceCreateRouterInterfacecreate
    全部资源
    *
    vpc:TargetAccountRDId
    vpc:ModifyRouterInterfaceAttributeModifyRouterInterfaceAttributeupdate
    RouterInterface
    acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}
    vpc:TargetAccountRDId
    vpc:ModifyVirtualBorderRouterAttributeModifyVirtualBorderRouterAttributeupdate
    VirtualBorderRouter
    acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}
    vpc:CreateForwardEntryCreateForwardEntrycreate
    ForwardTable
    acs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId}
    vpc:DeleteNatGatewayDeleteNatGatewaydelete
    NatGateway
    acs:vpc:{#regionId}:{#accountId}:natgateway/{#natgatewayid}
    vpc:DescribeForwardTableEntriesDescribeForwardTableEntriesget
    ForwardTable
    acs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId}
    vpc:ModifyVRouterAttributeModifyVRouterAttributeupdate
    VRouter
    acs:vpc:{#regionId}:{#accountId}:vrouter/{#VRouterId}
    vpc:TerminatePhysicalConnectionTerminatePhysicalConnectionupdate
    PhysicalConnection
    acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}
    vpc:EnablePhysicalConnectionEnablePhysicalConnectionupdate
    PhysicalConnection
    acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}
    vpc:ModifyVSwitchAttributeModifyVSwitchAttributeupdate
    VSwitch
    acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}
    vpc:ModifyPhysicalConnectionAttributeModifyPhysicalConnectionAttributeupdate
    PhysicalConnection
    acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}
    vpc:DeleteRouterInterfaceDeleteRouterInterfacedelete
    RouterInterface
    acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}
    vpc:DescribeBandwidthPackagesDescribeBandwidthPackagesget
    全部资源
    *
    vpc:UnassociateEipAddressUnassociateEipAddressupdate
    全部资源
    *
    vpc:DescribeVirtualBorderRoutersDescribeVirtualBorderRoutersget
    全部资源
    *
    vpc:ActivateRouterInterfaceActivateRouterInterfaceupdate
    RouterInterface
    acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}
    vpc:ModifyHaVipAttributeModifyHaVipAttributeupdate
    HaVip
    acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}
    vpc:UnassociateHaVipUnassociateHaVipdelete
    Instance
    acs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId}
    HaVip
    acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}
    vpc:DescribeVirtualBorderRoutersForPhysicalConnectionDescribeVirtualBorderRoutersForPhysicalConnectionget
    PhysicalConnection
    acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}
    vpc:PhysicalConnection
    vpc:CreateHaVipCreateHaVipcreate
    全部资源
    *
    vpc:DescribeAccessPointsDescribeAccessPointsget
    全部资源
    *
    vpc:DescribeHaVipsDescribeHaVipsget
    全部资源
    *
    vpc:DescribeVRoutersDescribeVRoutersget
    全部资源
    *
    vpc:VPC
    vpc:CancelPhysicalConnectionCancelPhysicalConnectionupdate
    PhysicalConnection
    acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}
    vpc:DescribeRouterInterfacesDescribeRouterInterfacesget
    全部资源
    *
    vpc:ModifyBandwidthPackageSpecModifyBandwidthPackageSpecupdate
    BandwidthPackage
    acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}
    vpc:DescribeRouteTablesDescribeRouteTablesget
    RouteTable
    acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}
    vpc:VBR
    vpc:VRouter
    vpc:CreateVpcCreateVpccreate
    全部资源
    *
    vpc:DeactivateRouterInterfaceDeactivateRouterInterfaceupdate
    RouterInterface
    acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}
    vpc:DeleteHaVipDeleteHaVipdelete
    HaVip
    acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}
    vpc:ModifyForwardEntryModifyForwardEntryupdate
    ForwardTable
    acs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId}
    vpc:DeleteBandwidthPackageDeleteBandwidthPackagedelete
    BandwidthPackage
    acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}
    vpc:ModifyVpcAttributeModifyVpcAttributeupdate
    VPC
    acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}
    vpc:tag
    vpc:AssociateEipAddressAssociateEipAddressupdate
    全部资源
    *
    vpc:CreatePhysicalConnectionCreatePhysicalConnectioncreate
    全部资源
    *
    vpc:DeleteRouteEntryDeleteRouteEntrydelete
    RouteTable
    acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}
    vpc:DeleteForwardEntryDeleteForwardEntrydelete
    ForwardTable
    acs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId}
    vpc:CreateNatGatewayCreateNatGatewaycreate
    全部资源
    *
    vpc:ConnectRouterInterfaceConnectRouterInterfaceupdate
    RouterInterface
    acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}
    vpc:DeleteVSwitchDeleteVSwitchdelete
    VSwitch
    acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}
    vpc:DescribeEipAddressesDescribeEipAddressesget
    Address
    acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}
    vpc:CreateVSwitchCreateVSwitchcreate
    全部资源
    *
    vpc:tag
    vpc:DeleteVirtualBorderRouterDeleteVirtualBorderRouterdelete
    VirtualBorderRouter
    acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}
    vpc:DescribeNatGatewaysDescribeNatGatewaysget
    全部资源
    *
    vpc:DeletePhysicalConnectionDeletePhysicalConnectiondelete
    PhysicalConnection
    acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}
    vpc:DescribePhysicalConnectionsDescribePhysicalConnectionsget
    全部资源
    *
    vpc:DescribeEipMonitorDataDescribeEipMonitorDataget
    Address
    acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}
    vpc:DescribeVSwitchesDescribeVSwitchesget
    全部资源
    *
    vpc:VPC
    vpc:DescribeVpcsDescribeVpcsget
    全部资源
    *
    vpc:tag
    vpc:CreateRouteEntryCreateRouteEntrycreate
    RouteTable
    acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}
    vpc:DeleteVpcDeleteVpcdelete
    VPC
    acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}
    vpc:tag
    vpc:ReleaseEipAddressReleaseEipAddressupdate
    Address
    acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}
    vpc:tag
    vpc:RecoverVirtualBorderRouterRecoverVirtualBorderRouterupdate
    VirtualBorderRouter
    acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}
    vpc:DescribeNewProjectEipMonitorDataDescribeNewProjectEipMonitorDataget
    全部资源
    *
    vpc:AddBandwidthPackageIpsAddBandwidthPackageIpscreate
    BandwidthPackage
    acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}
    vpc:AssociateHaVipAssociateHaVipupdate
    Instance
    acs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId}
    HaVip
    acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}
    vpc:ModifyRouterInterfaceSpecModifyRouterInterfaceSpecupdate
    RouterInterface
    acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}
    vpc:CreateVirtualBorderRouterCreateVirtualBorderRoutercreate
    全部资源
    *
    vpc:AllocateEipAddressAllocateEipAddressupdate
    全部资源
    *

    资源(Resource)

    下表是ECS定义的资源,这些资源可以在RAM权限策略语句的Resource元素中使用,用来授予对该资源执行具体操作的权限。 其中,资源ARN是资源在阿里云上的唯一标识。具体说明如下:
    • {#}为变量标识,需要您替换为实际值。例如:{#ramcode}需要您替换为实际的云服务RAM代码。
    • *表示全部。例如:
      • {#resourceType}*时:表示全部资源。
      • {#regionId}*时:表示全部地域。
      • {#accountId}*时:表示全部阿里云账号。
    资源类型资源ARN
    Activationacs:ecs:{#regionId}:{#accountId}:activation/*
    Activationacs:ecs:{#regionId}:{#accountId}:activation/{#activationId}
    SecurityGroupacs:ecs:{#regionId}:{#accountId}:securitygroup/*
    SecurityGroupacs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    HpcClusteracs:ecs:{#regionId}:{#accountId}:hpc/*
    Instanceacs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    DedicatedHostacs:ecs:{#regionId}:{#accountId}:ddh/*
    DedicatedHostClusteracs:ecs:{#regionId}:{#accountId}:ddhcluster/*
    Diskacs:ecs:{#regionId}:{#accountId}:disk/*
    Diskacs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    NetworkInterfaceacs:ecs:{#regionId}:{#accountId}:eni/*
    NetworkInterfaceacs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    Imageacs:ecs:{#regionId}:{#accountId}:image/*
    Imageacs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    Instanceacs:ecs:{#regionId}:{#accountId}:instance/*
    KeyPairacs:ecs:{#regionId}:{#accountId}:keypair/*
    Snapshotacs:ecs:{#regionId}:{#accountId}:snapshot/*
    Snapshotacs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    AutoSnapshotPolicyacs:ecs:{#regionId}:{#accountId}:snapshotpolicy/*
    DedicatedHostClusteracs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}
    ImagePipelineacs:ecs:{#regionId}:{#accountId}:imagepipeline/*
    ImagePipelineacs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId}
    DedicatedHostacs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    KeyPairacs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}
    ReservedInstanceacs:ecs:{#regionId}:{#accountId}:reservedinstance/*
    ReservedInstanceacs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}
    LaunchTemplateacs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}
    AutoSnapshotPolicyacs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#SnapshotPolicyId}
    LaunchTemplateacs:ecs:{#regionId}:{#accountId}:launchtemplate/*
    VPCacs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId}
    Commandacs:ecs:{#regionId}:{#accountId}:command/*
    DeploymentSetacs:ecs:{#regionId}:{#accountId}:deploymentset/{#DeploymentSetId}
    ddhclusteracs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}
    Fleetacs:ecs:{#regionId}:{#accountId}:fleet/*
    PrefixListacs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}
    Invocationacs:ecs:{#regionId}:{#accountId}:invocation/{#InvocationId}
    ElasticityAssuranceacs:ecs:{#regionId}:{#accountId}:elasticityassurance/*
    Volumeacs:ecs:{#regionId}:{#accountId}:volume/{#volumeId}
    CapacityReservationacs:ecs:{#regionId}:{#accountId}:capacityreservation/*
    ddhclusteracs:ecs:{#regionId}:{#accountId}:ddhcluster/*
    KeyPairacs:ecs:{#regionId}:{#accountId}:keypair/{#keypairName}
    VSwitchacs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId}
    ServiceSettingsacs:ecs:{#regionId}:{#accountId}:servicesettings/{#servicesettingId}
    activationacs:ecs:{#regionId}:{#accountId}:activation/{#activationId}
    ImageComponentacs:ecs:{#regionId}:{#accountId}:imagecomponent/{#imagecomponentId}
    Roleacs:ram:*:{#accountId}:role/{#roleName}
    VSwitchacs:vpc:{#regionId}:{#accountId}:vswitch/*
    DeploymentSetacs:ecs:{#regionId}:{#accountId}:deploymentset/*
    snapshotpolicyacs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId}
    Commandacs:ecs:{#regionId}:{#accountId}:command/{#commandId}
    autoprovisioninggroupacs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId}
    AutoProvisioningGroupacs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId}
    StorageCapacityUnitacs:ecs:{#regionId}:{#accountId}:scu/*
    Demandacs:ecs:*:{#accountId}:*
    AutoSnapshotPolicyacs:ecs:{#regionId}:{#accountId}:autosnapshotpolicy/*
    SnapshotGroupacs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#snapshotgroupId}
    StorageCapacityUnitacs:ecs:{#regionId}:{#accountId}:scu/{#scuId}
    ElasticityAssuranceacs:ecs:{#regionId}:{#accountId}:elasticityassurance/{#ElasticityAssuranceId}
    ImageComponentacs:ecs:{#regionId}:{#accountId}:imagecomponent/*
    Demandacs:ecs:{#regionId}:{#accountId}:ecsdemand/*
    AutoProvisioningGroupacs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/*
    Volumeacs:ecs:{#regionId}:{#accountId}:volume/*
    SnapshotGroupacs:ecs:{#regionId}:{#accountId}:snapshotgroup/*
    BandwidthPackageacs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}
    VirtualBorderRouteracs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}
    Addressacs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}
    VirtualBorderRouteracs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}
    RouterInterfaceacs:vpc:{#regionId}:{#accountId}:routerinterface/*
    RouterInterfaceacs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}
    ForwardTableacs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId}
    NatGatewayacs:vpc:{#regionId}:{#accountId}:natgateway/{#natgatewayid}
    VRouteracs:vpc:{#regionId}:{#accountId}:vrouter/{#VRouterId}
    PhysicalConnectionacs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}
    BandwidthPackageacs:vpc:{#regionId}:{#accountId}:bandwidthpackage/*
    HaVipacs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}
    Instanceacs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId}
    HaVipacs:vpc:{#regionId}:{#accountId}:havip/*
    VRouteracs:vpc:{#regionId}:{#accountId}:vrouter/*
    RouteTableacs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}
    VPCacs:vpc:{#regionId}:{#accountId}:vpc/*
    Associationacs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}
    PhysicalConnectionacs:vpc:{#regionId}:{#accountId}:physicalconnection/*
    NatGatewayacs:vpc:{#regionId}:{#accountId}:natgateway/*
    VirtualBorderRouteracs:vpc:{#regionId}:{#AccountId}:virtualborderrouter/*
    Addressacs:vpc:{#regionId}:{#accountId}:eip/*

    条件(Condition)

    下表是ECS定义的产品级条件关键字,这些条件关键字可以在RAM权限策略语句的Condition元素中使用,用来描述授予权限的条件。以下仅列举产品级的条件关键字,阿里云定义的ECS也同样适用通用条件关键字
    其中,数据类型决定了您可以使用哪些条件运算符将请求中的值与权限策略语句中的值进行比较。您必须使用与数据类型匹配的条件运算符,否则无法匹配策略语句,授权行为无效。数据类型与条件运算符的对应关系,请参见条件操作类型
    条件关键字描述类型
    vpc:VPCVPC InformationString
    vpc:IsDefaultVSwitchWhether it is the default VSwitch and whether the default VSwitch can be usedBoolean
    vpc:IsDefaultVpcWhether it is the default VPCBoolean
    ecs:IsDiskEncryptedWhether it is an encrypted data diskString
    ecs:InstanceTypeInstance specificationsString
    ecs:InstanceTypeFamilyinstance specification familyString
    ecs:ImagePlatformOperating system type of the imageString
    ecs:ImageSourceImage SourceString
    ecs:CommandRunAsUser in the operating system that executes cloud assistant commandsString
    ecs:IsSystemDiskEncryptedWhether it is an encryption system diskString
    ecs:ImageOwnerIdOwner UID of the image.String
    ecs:AssociatePublicIpAddressWhether to support the allocation of public network IP in the process of resource creation and change, that is, whether to allow the operation of resources to make the public network bandwidth greater than 0.Boolean
    ecs:PasswordCustomizedWhether a custom password is usedBoolean
    ecs:PasswordInheritWhether the instance inherits the image password.Boolean
    ecs:SecurityEnhancementStrategyWhether to open security reinforcement.String
    ecs:SecurityHardeningModeWhether to enforce hardened mode (IMDSv2) when accessing instance metadataBoolean
    vpc:CreateDefaultVpcWhether a default VPC can be createdBoolean
    ecs:SecurityGroupIpProtocolsTransport layer protocol with security group openString
    ecs:SecurityGroupSourceCidrIpsThe source IPv4 CIDR segment of the security group that sets access permissionsString
    ecs:NotSpecifySecurityGroupIdWhether the security group ID is not specifiedBoolean

    相关操作

    您可以创建自定义权限策略,并将权限策略授予RAM用户、RAM用户组或RAM角色。具体操作如下: