全部產品
Search

搜尋本產品

    Elastic Compute Service:授權信息

    文件中心

    Elastic Compute Service:授權信息

    更新時間:Nov 01, 2024
    访问控制(RAM)是阿里云提供的管理用户身份与资源访问权限的服务。使用RAM可以让您避免与其他用户共享阿里云账号密钥,并可按需为用户授予最小权限。RAM中使用权限策略描述授权的具体内容。
    本文为您介绍ECS为RAM权限策略定义的操作(Action)、资源(Resource)和条件(Condition)。ECS的RAM代码(RamCode)为ecs,vpc,支持的授权粒度为ECS RESOURCE

    权限策略通用结构

    权限策略支持JSON格式,其通用结构如下:
    {
  "Version": "1",
  "Statement": [
    {
      "Effect": "<Effect>",
      "Action": "<Action>",
      "Resource": "<Resource>",
      "Condition": {
        "<Condition_operator>": {
          "<Condition_key>": [
            "<Condition_value>"
          ]
        }
      }
    }
  ]
}
    各字段含义如下:
    • Effect:权限策略效果。取值:Allow(允许)、Deny(拒绝)。
    • Action:授予允许或拒绝权限的具体操作。具体信息,请参见操作(Action)
    • Resource:受操作影响的具体对象,您可以使用资源ARN来描述指定资源。具体信息,请参见资源(Resource)
    • Condition:指授权生效的条件。可选字段。具体信息,请参见条件(Condition)
      • Condition_operator:条件运算符,不同类型的条件对应不同的条件运算符。具体信息,请参见权限策略基本元素
      • Condition_key:条件关键字。
      • Condition_value:条件关键字对应的值。

    操作(Action)

    下表是ECS定义的操作,这些操作可以在RAM权限策略语句的Action元素中使用,用来授予执行该操作的权限。下面对表中的具体项提供说明:
    • 操作:是指具体的权限点。
    • API:是指操作对应的API接口。
    • 访问级别:是指每个操作的访问级别,取值为写入(Write)、读取(Read)或列出(List)。
    • 资源类型:是指操作中支持授权的资源类型。具体说明如下:
      • 对于必选的资源类型,用背景高亮的方式表示。
      • 对于不支持资源级授权的操作,用全部资源表示。
    • 条件关键字:是指云产品自身定义的条件关键字。该列不体现适用于任何操作的通用条件关键字
    • 关联操作:是指成功执行操作所需要的其他权限。操作者必须同时具备关联操作的权限,操作才能成功。
    操作API访问级别资源类型条件关键字关联操作
    ecs:DescribeInstanceStatusDescribeInstanceStatusget
    全部资源
    *
    ecs:DescribeSnapshotLinksDescribeSnapshotLinksget
    全部资源
    *
    ecs:DescribeResourceByTagsDescribeResourceByTagsget
    全部资源
    *
    ecs:DescribeStorageCapacityUnitsDescribeStorageCapacityUnitsget
    StorageCapacityUnit
    acs:ecs:{#regionId}:{#accountId}:scu/*
    StorageCapacityUnit
    acs:ecs:{#regionId}:{#accountId}:scu/{#scuId}
    ecs:ExportImageExportImageupdate
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:JoinResourceGroupJoinResourceGroupupdate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    KeyPair
    acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}
    LaunchTemplate
    acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#SnapshotId}
    ecs:ModifyInstanceAutoRenewAttributeModifyInstanceAutoRenewAttributeupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ModifyDiskSpecModifyDiskSpecupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:ModifyInstanceDeploymentModifyInstanceDeploymentupdate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:AuthorizeSecurityGroupEgressAuthorizeSecurityGroupEgresscreate
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:SecurityGroupIpProtocols
    ecs:SecurityGroupSourceCidrIps
    ecs:ModifyReservedInstanceAttributeModifyReservedInstanceAttributeupdate
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}
    ecs:DeregisterManagedInstanceDeregisterManagedInstanceupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeResourcesModificationDescribeResourcesModificationget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeInstanceHistoryEventsDescribeInstanceHistoryEventsget
    全部资源
    *
    ecs:DescribeSnapshotMonitorDataDescribeSnapshotMonitorDataget
    全部资源
    *
    ecs:AllocatePublicIpAddressAllocatePublicIpAddresscreate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ModifyManagedInstanceModifyManagedInstanceupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeUserDataDescribeUserDataget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DetachInstanceRamRoleDetachInstanceRamRoleupdate
    全部资源
    *
    ecs:DescribePrefixListsDescribePrefixListsget
    PrefixList
    acs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}
    ecs:DescribeImageSupportInstanceTypesDescribeImageSupportInstanceTypesget
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:AttachClassicLinkVpcAttachClassicLinkVpcupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    VPC
    acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId}
    vpc:tag
    ecs:DeleteAutoSnapshotPolicyDeleteAutoSnapshotPolicydelete
    AutoSnapshotPolicy
    acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#SnapshotPolicyId}
    ecs:CreateDemandCreateDemandcreate
    全部资源
    *
    ecs:DeleteInstanceDeleteInstancedelete
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DeleteDemandDeleteDemanddelete
    全部资源
    *
    ecs:CreateImageCreateImagecreate
    Image
    acs:ecs:{#regionId}:{#accountId}:image/*
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:DeleteImageDeleteImagedelete
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:DeleteSnapshotGroupDeleteSnapshotGroupdelete
    SnapshotGroup
    acs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#snapshotgroupId}
    ecs:DescribeCommandsDescribeCommandsget
    Command
    acs:ecs:{#regionId}:{#accountId}:command/*
    Command
    acs:ecs:{#regionId}:{#accountId}:command/{#commandId}
    ecs:InvokeCommandInvokeCommandupdate
    Command
    acs:ecs:{#regionId}:{#accountId}:command/{#commandId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CommandRunAs
    ecs:DescribeDiagnosticReportsDescribeDiagnosticReportsget
    全部资源
    *
    ecs:AttachKeyPairAttachKeyPairupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    KeyPair
    acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairName}
    ecs:DeleteDeploymentSetDeleteDeploymentSetdelete
    DeploymentSet
    acs:ecs:{#regionid}:{#accountId}:deploymentset/{#deploymentSetId}
    ecs:ModifyHpcClusterAttributeModifyHpcClusterAttributeupdate
    全部资源
    *
    ecs:ImportKeyPairImportKeyPaircreate
    全部资源
    *
    ecs:RedeployDedicatedHostRedeployDedicatedHostupdate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    ecs:CreateImagePipelineCreateImagePipelinecreate
    ImagePipeline
    acs:ecs:{#regionId}:{#accountId}:imagepipeline/*
    ecs:DeleteCommandDeleteCommanddelete
    Command
    acs:ecs:{#regionId}:{#accountId}:command/{#commandId}
    ecs:DeleteNetworkInterfacePermissionDeleteNetworkInterfacePermissiondelete
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:ModifyDedicatedHostAutoRenewAttributeModifyDedicatedHostAutoRenewAttributeupdate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    ecs:DescribeReservedInstanceAutoRenewAttributeDescribeReservedInstanceAutoRenewAttributeget
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#ReservedInstanceId}
    ecs:ModifyPrepayInstanceSpecModifyPrepayInstanceSpecupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:StartImagePipelineExecutionStartImagePipelineExecutionupdate
    ImagePipeline
    acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId}
    ecs:RenewInstanceRenewInstanceupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:UnassignPrivateIpAddressesUnassignPrivateIpAddressesdelete
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:ModifyDedicatedHostClusterAttributeModifyDedicatedHostClusterAttributeupdate
    ddhcluster
    acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}
    ecs:ModifyDiskChargeTypeModifyDiskChargeTypeupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CopyImageCopyImageupdate
    全部资源
    *
    ecs:ModifyInstanceAutoReleaseTimeModifyInstanceAutoReleaseTimeupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DeleteLaunchTemplateVersionDeleteLaunchTemplateVersiondelete
    LaunchTemplate
    acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}
    ecs:CreateAutoProvisioningGroupCreateAutoProvisioningGroupcreate
    全部资源
    *
    ecs:ModifyLaunchTemplateDefaultVersionModifyLaunchTemplateDefaultVersionupdate
    全部资源
    *
    ecs:CreateSecurityGroupCreateSecurityGroupcreate
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/*
    VPC
    acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId}
    ecs:DescribeSnapshotsUsageDescribeSnapshotsUsageget
    全部资源
    *
    ecs:DescribeSendFileResultsDescribeSendFileResultsget
    全部资源
    *
    ecs:ModifyDedicatedHostAttributeModifyDedicatedHostAttributeupdate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    DedicatedHostCluster
    acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}
    ecs:UnassignIpv6AddressesUnassignIpv6Addressesdelete
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:ModifySnapshotGroupModifySnapshotGroupupdate
    SnapshotGroup
    acs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#SnapshotGroupId}
    ecs:DetachNetworkInterfaceDetachNetworkInterfaceupdate
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ReleaseDedicatedHostReleaseDedicatedHostdelete
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    ecs:ModifySecurityGroupRuleModifySecurityGroupRuleupdate
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:SecurityGroupIpProtocols
    ecs:SecurityGroupSourceCidrIps
    ecs:ModifyAutoSnapshotPolicyModifyAutoSnapshotPolicyupdate
    全部资源
    *
    ecs:RemoveTagsRemoveTagsdelete
    全部资源
    *
    ecs:RevokeSecurityGroupRevokeSecurityGroupdelete
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:tag
    ecs:tag
    ecs:tag
    ecs:StopInstancesStopInstancesupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ModifySnapshotAttributeModifySnapshotAttributeupdate
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:RunCommandRunCommandupdate
    全部资源
    *
    ecs:CommandRunAs
    ecs:DescribeAutoSnapshotPolicyEXDescribeAutoSnapshotPolicyExget
    AutoSnapshotPolicy
    acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/*
    AutoSnapshotPolicy
    acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId}
    ecs:DescribeInstancesFullStatusDescribeInstancesFullStatusget
    全部资源
    *
    ecs:CreateLaunchTemplateCreateLaunchTemplatecreate
    LaunchTemplate
    acs:ecs:{#regionId}:{#accountId}:launchtemplate/*
    ecs:PurchaseReservedInstancesOfferingPurchaseReservedInstancesOfferingcreate
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/*
    ecs:DescribeCapacityReservationsDescribeCapacityReservationsget
    CapacityReservation
    acs:ecs:{#regionId}:{#accountId}:capacityreservation/*
    ecs:CreateLaunchTemplateVersionCreateLaunchTemplateVersioncreate
    LaunchTemplate
    acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}
    ecs:ConvertNatPublicIpToEipConvertNatPublicIpToEipupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeHpcClustersDescribeHpcClustersget
    HpcCluster
    acs:ecs:{#regionId}:{#accountId}:hpc/*
    ecs:DescribeImageComponentsDescribeImageComponentsget
    ImageComponent
    acs:ecs:{#regionId}:{#accountId}:imagecomponent/*
    ImageComponent
    acs:ecs:{#regionId}:{#accountId}:imagecomponent/{#imagecomponentId}
    ecs:DescribeNetworkInterfacePermissionsDescribeNetworkInterfacePermissionsget
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:DescribeInvocationResultsDescribeInvocationResultsget
    全部资源
    *
    ecs:DescribePrefixListAttributesDescribePrefixListAttributesget
    PrefixList
    acs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}
    ecs:DeleteLaunchTemplateDeleteLaunchTemplatedelete
    全部资源
    *
    ecs:DescribeInvocationsDescribeInvocationsget
    全部资源
    *
    ecs:DescribeReservedInstancesDescribeReservedInstancesget
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/*
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}
    ecs:ModifySecurityGroupEgressRuleModifySecurityGroupEgressRuleupdate
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:tag
    ecs:tag
    ecs:SecurityGroupIpProtocols
    ecs:SecurityGroupSourceCidrIps
    ecs:DescribePrefixListAssociationsDescribePrefixListAssociationsget
    PrefixList
    acs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}
    ecs:AttachDiskAttachDiskupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ReportInstancesStatusReportInstancesStatusget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeSecurityGroupsDescribeSecurityGroupsget
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/*
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:tag
    ecs:tag
    ecs:tag
    ecs:tag
    ecs:DescribeSnapshotsDescribeSnapshotsget
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/*
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:ModifyImageShareGroupPermissionModifyImageShareGroupPermissionupdate
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:ModifyAutoSnapshotPolicyExModifyAutoSnapshotPolicyExupdate
    全部资源
    *
    ecs:ModifyInstanceAttributeModifyInstanceAttributeupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#SecurityGroupId}
    ecs:tag
    ecs:tag
    ecs:tag
    ecs:tag
    ecs:DescribeSecurityGroupAttributeDescribeSecurityGroupAttributeget
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:tag
    ecs:CreateActivationCreateActivationcreate
    Activation
    acs:ecs:{#regionId}:{#accountId}:activation/*
    ecs:DescribeSecurityGroupReferencesDescribeSecurityGroupReferencesget
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:DeleteActivationDeleteActivationdelete
    activation
    acs:ecs:{#regionId}:{#accountId}:activation/{#activationId}
    ecs:ModifyAutoProvisioningGroupModifyAutoProvisioningGroupupdate
    autoprovisioninggroup
    acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId}
    ecs:DeleteImageComponentDeleteImageComponentdelete
    ImageComponent
    acs:ecs:{#regionId}:{#accountId}:imagecomponent/{#imagecomponentId}
    ecs:CancelCopyImageCancelCopyImageupdate
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:ModifyDedicatedHostsChargeTypeModifyDedicatedHostsChargeTypeupdate
    全部资源
    *
    ecs:ExportSnapshotExportSnapshotcreate
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:DescribeImagePipelinesDescribeImagePipelinesget
    ImagePipeline
    acs:ecs:{#regionId}:{#accountId}:imagepipeline/*
    ImagePipeline
    acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId}
    ecs:ModifyCloudAssistantSettingsModifyCloudAssistantSettingsupdate
    ServiceSettings
    acs:ecs:{#regionId}:{#accountId}:servicesettings/{#servicesettingId}
    ecs:CreateSnapshotGroupCreateSnapshotGroupcreate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DeleteNetworkInterfaceDeleteNetworkInterfacedelete
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:ModifyCapacityReservationModifyCapacityReservationupdate
    全部资源
    *
    ecs:ResetDisksResetDisksupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:StartInstancesStartInstancesupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeNetworkInterfaceAttributeDescribeNetworkInterfaceAttributeget
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:GetInstanceScreenshotGetInstanceScreenshotget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:PurchaseElasticityAssurancePurchaseElasticityAssuranceupdate
    全部资源
    *
    ecs:ModifyDiskAttributeModifyDiskAttributeupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:DescribeTaskAttributeDescribeTaskAttributeget
    全部资源
    *
    ecs:DescribeStorageSetsDescribeStorageSetsget
    全部资源
    *
    ecs:AllocateDedicatedHostsAllocateDedicatedHostscreate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/*
    ecs:AssignPrivateIpAddressesAssignPrivateIpAddressescreate
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:AcceptInquiredSystemEventAcceptInquiredSystemEventupdate
    全部资源
    *
    ecs:DescribeDiagnosticMetricSetsDescribeDiagnosticMetricSetsget
    全部资源
    *
    ecs:DeleteInstancesDeleteInstancesdelete
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CreateKeyPairCreateKeyPaircreate
    KeyPair
    acs:ecs:{#regionId}:{#accountId}:keypair/*
    ecs:DetachClassicLinkVpcDetachClassicLinkVpcupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    VPC
    acs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId}
    ecs:DescribeInstanceAttributeDescribeInstanceAttributeget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeImagesDescribeImagesget
    Image
    acs:ecs:{#regionId}:{#accountId}:image/*
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:CreateCommandCreateCommandcreate
    Command
    acs:ecs:{#regionId}:{#accountId}:command/*
    ecs:DeleteSnapshotDeleteSnapshotdelete
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:DescribeLimitationDescribeLimitationget
    全部资源
    *
    ecs:DetachDiskDetachDiskupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DeleteStorageSetDeleteStorageSetdelete
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:DescribeAutoProvisioningGroupInstancesDescribeAutoProvisioningGroupInstancesget
    AutoProvisioningGroup
    acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId}
    ecs:DescribeSnapshotPackageDescribeSnapshotPackageget
    全部资源
    *
    ecs:DescribeInstanceRamRoleDescribeInstanceRamRoleget
    全部资源
    *
    ecs:DeleteImagePipelineDeleteImagePipelinedelete
    ImagePipeline
    acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId}
    ecs:ModifyInvocationAttributeModifyInvocationAttributeupdate
    全部资源
    *
    ecs:DescribeAutoProvisioningGroupsDescribeAutoProvisioningGroupsget
    全部资源
    *
    ecs:AttachNetworkInterfaceAttachNetworkInterfaceupdate
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ImportImageImportImageupdate
    全部资源
    *
    ecs:DescribeLaunchTemplatesDescribeLaunchTemplatesget
    LaunchTemplate
    acs:ecs:{#regionId}:{#accountId}:launchtemplate/*
    LaunchTemplate
    acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}
    ecs:RebootInstancesRebootInstancesupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CreateNetworkInterfacePermissionCreateNetworkInterfacePermissioncreate
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:ModifyInstanceAttachmentAttributesModifyInstanceAttachmentAttributesupdate
    全部资源
    *
    ecs:DescribeInstanceModificationPriceDescribeInstanceModificationPriceget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId}
    ecs:DeleteDiagnosticReportsDeleteDiagnosticReportsdelete
    全部资源
    *
    ecs:CreateSimulatedSystemEventsCreateSimulatedSystemEventscreate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:StopInstanceStopInstanceupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ListPluginStatusListPluginStatusget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId}
    ecs:ModifyInstanceNetworkSpecModifyInstanceNetworkSpecupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ReInitDiskReInitDiskupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:StartTerminalSessionStartTerminalSessionupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeTerminalSessionsDescribeTerminalSessionslist
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId}
    ecs:CreateDedicatedHostClusterCreateDedicatedHostClustercreate
    全部资源
    *
    ecs:ReleasePublicIpAddressReleasePublicIpAddressdelete
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:UntagResourcesUntagResourcesdelete
    全部资源
    *
    ecs:CreateImageComponentCreateImageComponentcreate
    ImageComponent
    acs:ecs:{#regionId}:{#accountId}:imagecomponent/*
    ecs:StartInstanceStartInstanceupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeTasksDescribeTasksget
    全部资源
    *
    ecs:DescribeSnapshotGroupsDescribeSnapshotGroupsget
    SnapshotGroup
    acs:ecs:{#regionId}:{#accountId}:snapshotgroup/*
    SnapshotGroup
    acs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#snapshotgroupId}
    ecs:DeleteHpcClusterDeleteHpcClusterdelete
    全部资源
    *
    ecs:AuthorizeSecurityGroupAuthorizeSecurityGroupcreate
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:SecurityGroupIpProtocols
    ecs:SecurityGroupSourceCidrIps
    ecs:CancelSimulatedSystemEventsCancelSimulatedSystemEventsupdate
    全部资源
    *
    ecs:ModifyInstanceChargeTypeModifyInstanceChargeTypeupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ModifyPrefixListModifyPrefixListupdate
    PrefixList
    acs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}
    ecs:ModifyStorageCapacityUnitAttributeModifyStorageCapacityUnitAttributeupdate
    StorageCapacityUnit
    acs:ecs:{#regionId}:{#accountId}:scu/{#scuId}
    ecs:ModifyInstanceVpcAttributeModifyInstanceVpcAttributeupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    VSwitch
    acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId}
    vpc:tag
    vpc:VPC
    ecs:CreateDiagnosticMetricSetCreateDiagnosticMetricSetcreate
    全部资源
    *
    ecs:ResizeDiskResizeDiskupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:RedeployInstanceRedeployInstanceupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:RevokeSecurityGroupEgressRevokeSecurityGroupEgressdelete
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:tag
    ecs:tag
    ecs:tag
    ecs:AssignIpv6AddressesAssignIpv6Addressescreate
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:AddTagsAddTagscreate
    全部资源
    *
    ecs:DescribeInstanceVncUrlDescribeInstanceVncUrlget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CreateSnapshotCreateSnapshotcreate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/*
    ecs:RenewDedicatedHostsRenewDedicatedHostsupdate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    ecs:DescribeInstanceMonitorDataDescribeInstanceMonitorDataget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ModifyDedicatedHostAutoReleaseTimeModifyDedicatedHostAutoReleaseTimeupdate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    ecs:DescribeStorageSetDetailsDescribeStorageSetDetailsget
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:ModifyElasticityAssuranceModifyElasticityAssuranceupdate
    全部资源
    *
    ecs:InstallCloudAssistantInstallCloudAssistantupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:LeaveSecurityGroupLeaveSecurityGroupupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:DescribeKeyPairsDescribeKeyPairsget
    KeyPair
    acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairName}
    KeyPair
    acs:ecs:{#regionId}:{#accountId}:keypair/*
    ecs:ModifyImageSharePermissionModifyImageSharePermissionupdate
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:CancelImagePipelineExecutionCancelImagePipelineExecutionupdate
    ImagePipeline
    acs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId}
    ecs:CreateNetworkInterfaceCreateNetworkInterfacecreate
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/*
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    VSwitch
    acs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId}
    vpc:IsDefaultVSwitch
    vpc:IsDefaultVpc
    vpc:VPC
    vpc:tag
    vpc:tag
    vpc:tag
    ecs:DescribeDisksDescribeDiskslist
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/*
    ecs:ModifyDeploymentSetAttributeModifyDeploymentSetAttributeupdate
    DeploymentSet
    acs:ecs:{#regionId}:{#accountId}:deploymentset/{#DeploymentSetId}
    ecs:DeletePrefixListDeletePrefixListdelete
    PrefixList
    acs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}
    ecs:ModifyUserBusinessBehaviorModifyUserBusinessBehaviorupdate
    全部资源
    *
    ecs:ModifyImageAttributeModifyImageAttributeupdate
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:ModifyDiagnosticMetricSetModifyDiagnosticMetricSetupdate
    全部资源
    *
    ecs:CopySnapshotCopySnapshotcreate
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:CreateCapacityReservationCreateCapacityReservationcreate
    CapacityReservation
    acs:ecs:{#regionId}:{#accountId}:capacityreservation/*
    ecs:DescribeDiagnosticMetricsDescribeDiagnosticMetricsget
    全部资源
    *
    ecs:CreateElasticityAssuranceCreateElasticityAssurancecreate
    ElasticityAssurance
    acs:ecs:{#regionId}:{#accountId}:elasticityassurance/*
    ecs:DescribeDedicatedHostsDescribeDedicatedHostsget
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/*
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    ecs:DescribeInstancesDescribeInstancesget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/*
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ResourceOwner
    ecs:DescribeCloudAssistantStatusDescribeCloudAssistantStatusget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeDemandsDescribeDemandsget
    全部资源
    *
    ecs:DisableActivationDisableActivationupdate
    Activation
    acs:ecs:{#regionId}:{#accountId}:activation/{#ActivationId}
    ecs:DescribeDiskEncryptionByDefaultStatusDescribeDiskEncryptionByDefaultStatusnone
    全部资源
    *
    ecs:CreateStorageSetCreateStorageSetcreate
    全部资源
    *
    ecs:DescribeClassicLinkInstancesDescribeClassicLinkInstancesget
    全部资源
    *
    ecs:DescribeEniMonitorDataDescribeEniMonitorDataget
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ModifyCommandModifyCommandupdate
    Command
    acs:ecs:{#regionId}:{#accountId}:command/{#commandId}
    ecs:PurchaseStorageCapacityUnitPurchaseStorageCapacityUnitcreate
    StorageCapacityUnit
    acs:ecs:{#regionId}:{#accountId}:scu/*
    ecs:ModifyNetworkInterfaceAttributeModifyNetworkInterfaceAttributeupdate
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:CreateHpcClusterCreateHpcClustercreate
    HpcCluster
    acs:ecs:{#regionId}:{#accountId}:hpc/*
    ecs:DescribeLaunchTemplateVersionsDescribeLaunchTemplateVersionsget
    全部资源
    *
    ecs:ModifyReservedInstanceAutoRenewAttributeModifyReservedInstanceAutoRenewAttributeupdate
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#ReservedInstanceId}
    ecs:RenewElasticityAssurancesRenewElasticityAssurancescreate
    ElasticityAssurance
    acs:ecs:{#regionId}:{#accountId}:elasticityassurance/{#ElasticityAssuranceId}
    ecs:DescribeDisksFullStatusDescribeDisksFullStatusget
    全部资源
    *
    ecs:CancelAutoSnapshotPolicyCancelAutoSnapshotPolicyupdate
    全部资源
    *
    ecs:DescribeNetworkInterfacesDescribeNetworkInterfacesget
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    ecs:CreateAutoSnapshotPolicyCreateAutoSnapshotPolicycreate
    AutoSnapshotPolicy
    acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/*
    ecs:DeleteDiagnosticMetricSetsDeleteDiagnosticMetricSetsdelete
    全部资源
    *
    ecs:DeleteAutoProvisioningGroupDeleteAutoProvisioningGroupdelete
    AutoProvisioningGroup
    acs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId}
    ecs:DescribeCapacityReservationInstancesDescribeCapacityReservationInstancesget
    全部资源
    *
    ecs:DescribeInstanceAttachmentAttributesDescribeInstanceAttachmentAttributesget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:RunInstancesRunInstancescreate
    全部资源
    *
    vpc:IsDefaultVSwitch
    vpc:IsDefaultVpc
    vpc:VPC
    ecs:IsDiskEncrypted
    ecs:InstanceTypeFamily
    ecs:InstanceType
    ecs:ImageOwnerId
    ecs:ImageSource
    ecs:NotSpecifySecurityGroupId
    ecs:DescribeElasticityAssuranceInstancesDescribeElasticityAssuranceInstancesget
    全部资源
    *
    ecs:DescribeInstanceMaintenanceAttributesDescribeInstanceMaintenanceAttributesget
    全部资源
    *
    ecs:SendFileSendFileupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeUserBusinessBehaviorDescribeUserBusinessBehaviorget
    全部资源
    *
    ecs:StopInvocationStopInvocationupdate
    全部资源
    *
    ecs:DescribeDedicatedHostAutoRenewDescribeDedicatedHostAutoRenewget
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    ecs:JoinSecurityGroupJoinSecurityGroupupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:TagResourcesTagResourcescreate
    DedicatedHost
    acs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    NetworkInterface
    acs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    KeyPair
    acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}
    LaunchTemplate
    acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    AutoSnapshotPolicy
    acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#SnapshotPolicyId}
    ecs:ModifyInstanceVncPasswdModifyInstanceVncPasswdupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:ModifyReservedInstancesModifyReservedInstancesupdate
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}
    ecs:DescribeElasticityAssurancesDescribeElasticityAssurancesget
    ElasticityAssurance
    acs:ecs:{#regionId}:{#accountId}:elasticityassurance/*
    ecs:ReplaceSystemDiskReplaceSystemDiskupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DetachKeyPairDetachKeyPairupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    KeyPair
    acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairName}
    ecs:DescribePriceDescribePriceget
    全部资源
    *
    ecs:ApplyAutoSnapshotPolicyApplyAutoSnapshotPolicyupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    AutoSnapshotPolicy
    acs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId}
    ecs:ModifyInstanceMetadataOptionsModifyInstanceMetadataOptionsupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CancelTaskCancelTaskupdate
    全部资源
    *
    ecs:ReleaseCapacityReservationReleaseCapacityReservationdelete
    全部资源
    *
    ecs:ModifyInstanceSpecModifyInstanceSpecupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeRenewalPriceDescribeRenewalPriceget
    全部资源
    *
    ecs:DeleteDedicatedHostClusterDeleteDedicatedHostClusterdelete
    DedicatedHostCluster
    acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}
    ecs:ResetDiskResetDiskupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:DeleteKeyPairsDeleteKeyPairsdelete
    KeyPair
    acs:ecs:{#regionId}:{#accountId}:keypair/{#keypairName}
    ecs:DescribeTagsDescribeTagsget
    全部资源
    *
    ecs:ReActivateInstancesReActivateInstancesupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DeleteSecurityGroupDeleteSecurityGroupdelete
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:ModifySecurityGroupAttributeModifySecurityGroupAttributeupdate
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:GetInstanceConsoleOutputGetInstanceConsoleOutputget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeCloudAssistantSettingsDescribeCloudAssistantSettingslist
    ServiceSettings
    acs:ecs:{#regionId}:{#accountId}:servicesettings/{#servicesettingId}
    ecs:DescribeAccountAttributesDescribeAccountAttributesget
    全部资源
    *
    ecs:ModifySecurityGroupPolicyModifySecurityGroupPolicyupdate
    SecurityGroup
    acs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    ecs:DeleteDiskDeleteDiskdelete
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:ModifyStorageSetAttributeModifyStorageSetAttributeupdate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:DescribeImageFromFamilyDescribeImageFromFamilyget
    全部资源
    *
    ecs:CreateDiagnosticReportCreateDiagnosticReportcreate
    全部资源
    *
    ecs:ModifyInstanceMaintenanceAttributesModifyInstanceMaintenanceAttributesupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:CreatePrefixListCreatePrefixListcreate
    全部资源
    *
    ecs:DescribeDiagnosticReportAttributesDescribeDiagnosticReportAttributesget
    全部资源
    *
    ecs:RebootInstanceRebootInstanceupdate
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeDedicatedHostClustersDescribeDedicatedHostClustersget
    DedicatedHostCluster
    acs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}
    DedicatedHostCluster
    acs:ecs:{#regionId}:{#accountId}:ddhcluster/*
    ecs:DescribeActivationsDescribeActivationsget
    Activation
    acs:ecs:{#regionId}:{#accountId}:activation/*
    Activation
    acs:ecs:{#regionId}:{#accountId}:activation/{#activationId}
    ecs:DescribeManagedInstancesDescribeManagedInstancesget
    全部资源
    *
    ecs:DescribeDiskMonitorDataDescribeDiskMonitorDataget
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    ecs:DescribeImagePipelineExecutionsDescribeImagePipelineExecutionsget
    全部资源
    *
    ecs:ListTagResourcesListTagResourcesget
    全部资源
    *
    ecs:CreateDiskCreateDiskcreate
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/*
    Disk
    acs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    Snapshot
    acs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    ecs:IsDiskEncrypted
    ecs:CreateInstanceCreateInstancecreate
    全部资源
    *
    vpc:VPC
    vpc:IsDefaultVSwitch
    vpc:IsDefaultVpc
    ecs:IsDiskEncrypted
    ecs:InstanceType
    ecs:InstanceTypeFamily
    ecs:ImageOwnerId
    ecs:ImageSource
    ecs:NotSpecifySecurityGroupId
    ecs:DescribeImageSharePermissionDescribeImageSharePermissionget
    Image
    acs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    ecs:RenewReservedInstancesRenewReservedInstancescreate
    ReservedInstance
    acs:ecs:{#regionId}:{#accountId}:reservedinstance/{#ReservedInstanceId}
    ecs:DescribeDeploymentSetsDescribeDeploymentSetsget
    DeploymentSet
    acs:ecs:{#regionId}:{#accountId}:deploymentset/*
    ecs:CreateDeploymentSetCreateDeploymentSetcreate
    全部资源
    *
    ecs:DescribeInstanceAutoRenewAttributeDescribeInstanceAutoRenewAttributeget
    全部资源
    *
    ecs:AttachInstanceRamRoleAttachInstanceRamRoleupdate
    全部资源
    *
    ecs:DescribeBandwidthLimitationDescribeBandwidthLimitationget
    Instance
    acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    ecs:DescribeAutoProvisioningGroupHistoryDescribeAutoProvisioningGroupHistoryget
    全部资源
    *
    vpc:RecoverVirtualBorderRouterRecoverVirtualBorderRouterupdate
    VirtualBorderRouter
    acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}
    vpc:ModifyBandwidthPackageSpecModifyBandwidthPackageSpecupdate
    BandwidthPackage
    acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}
    vpc:CreateForwardEntryCreateForwardEntrycreate
    ForwardTable
    acs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId}
    vpc:DeleteNatGatewayDeleteNatGatewaydelete
    NatGateway
    acs:vpc:{#regionId}:{#accountId}:natgateway/{#natgatewayid}
    vpc:DescribeForwardTableEntriesDescribeForwardTableEntriesget
    ForwardTable
    acs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId}
    vpc:ModifyVRouterAttributeModifyVRouterAttributeupdate
    VRouter
    acs:vpc:{#regionId}:{#accountId}:vrouter/{#VRouterId}
    vpc:TerminatePhysicalConnectionTerminatePhysicalConnectionupdate
    PhysicalConnection
    acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}
    vpc:UnassociateEipAddressUnassociateEipAddressupdate
    全部资源
    *
    vpc:DescribeNatGatewaysDescribeNatGatewaysget
    全部资源
    *
    vpc:UnassociateHaVipUnassociateHaVipdelete
    Instance
    acs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId}
    HaVip
    acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}
    vpc:DescribeVSwitchesDescribeVSwitchesget
    全部资源
    *
    vpc:VPC
    vpc:ReleaseEipAddressReleaseEipAddressupdate
    Address
    acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}
    vpc:tag
    vpc:DescribeEipMonitorDataDescribeEipMonitorDataget
    Address
    acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}
    vpc:ModifyVpcAttributeModifyVpcAttributeupdate
    VPC
    acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}
    vpc:tag
    vpc:ModifyVSwitchAttributeModifyVSwitchAttributeupdate
    VSwitch
    acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}
    vpc:CreateVpcCreateVpccreate
    全部资源
    *
    vpc:CreateVirtualBorderRouterCreateVirtualBorderRoutercreate
    全部资源
    *
    vpc:DeleteBandwidthPackageDeleteBandwidthPackagedelete
    BandwidthPackage
    acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}
    vpc:ConnectRouterInterfaceConnectRouterInterfaceupdate
    RouterInterface
    acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}
    vpc:DeleteRouterInterfaceDeleteRouterInterfacedelete
    RouterInterface
    acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}
    vpc:DeleteVirtualBorderRouterDeleteVirtualBorderRouterdelete
    VirtualBorderRouter
    acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}
    vpc:ModifyVirtualBorderRouterAttributeModifyVirtualBorderRouterAttributeupdate
    VirtualBorderRouter
    acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}
    vpc:RemoveBandwidthPackageIpsRemoveBandwidthPackageIpsdelete
    BandwidthPackage
    acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}
    vpc:TerminateVirtualBorderRouterTerminateVirtualBorderRouterupdate
    VirtualBorderRouter
    acs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}
    vpc:DeleteVpcDeleteVpcdelete
    VPC
    acs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}
    vpc:tag
    vpc:ModifyRouterInterfaceAttributeModifyRouterInterfaceAttributeupdate
    RouterInterface
    acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}
    vpc:TargetAccountRDId
    vpc:AssociateEipAddressAssociateEipAddressupdate
    全部资源
    *
    vpc:DescribeNewProjectEipMonitorDataDescribeNewProjectEipMonitorDataget
    全部资源
    *
    vpc:CancelPhysicalConnectionCancelPhysicalConnectionupdate
    PhysicalConnection
    acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}
    vpc:DescribeBandwidthPackagesDescribeBandwidthPackagesget
    全部资源
    *
    vpc:ModifyHaVipAttributeModifyHaVipAttributeupdate
    HaVip
    acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}
    vpc:AssociateHaVipAssociateHaVipupdate
    Instance
    acs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId}
    HaVip
    acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}
    vpc:CreateRouteEntryCreateRouteEntrycreate
    RouteTable
    acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}
    vpc:ActivateRouterInterfaceActivateRouterInterfaceupdate
    RouterInterface
    acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}
    vpc:CreateHaVipCreateHaVipcreate
    全部资源
    *
    vpc:DescribeVRoutersDescribeVRoutersget
    全部资源
    *
    vpc:VPC
    vpc:DeleteVSwitchDeleteVSwitchdelete
    VSwitch
    acs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}
    vpc:DescribeVirtualBorderRoutersDescribeVirtualBorderRoutersget
    全部资源
    *
    vpc:DescribeVirtualBorderRoutersForPhysicalConnectionDescribeVirtualBorderRoutersForPhysicalConnectionget
    PhysicalConnection
    acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}
    vpc:PhysicalConnection
    vpc:DeleteRouteEntryDeleteRouteEntrydelete
    RouteTable
    acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}
    vpc:CreatePhysicalConnectionCreatePhysicalConnectioncreate
    全部资源
    *
    vpc:DeleteHaVipDeleteHaVipdelete
    HaVip
    acs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}
    vpc:ModifyForwardEntryModifyForwardEntryupdate
    ForwardTable
    acs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId}
    vpc:DescribeRouteTablesDescribeRouteTablesget
    RouteTable
    acs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}
    vpc:VBR
    vpc:VRouter
    vpc:ModifyPhysicalConnectionAttributeModifyPhysicalConnectionAttributeupdate
    PhysicalConnection
    acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}
    vpc:AddBandwidthPackageIpsAddBandwidthPackageIpscreate
    BandwidthPackage
    acs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}
    vpc:CreateRouterInterfaceCreateRouterInterfacecreate
    全部资源
    *
    vpc:TargetAccountRDId
    vpc:ModifyEipAddressAttributeModifyEipAddressAttributeupdate
    Address
    acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}
    vpc:EnablePhysicalConnectionEnablePhysicalConnectionupdate
    PhysicalConnection
    acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}
    vpc:CreateVSwitchCreateVSwitchcreate
    全部资源
    *
    vpc:tag
    vpc:DescribeRouterInterfacesDescribeRouterInterfacesget
    全部资源
    *
    vpc:DeletePhysicalConnectionDeletePhysicalConnectiondelete
    PhysicalConnection
    acs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}
    vpc:AllocateEipAddressAllocateEipAddressupdate
    全部资源
    *
    vpc:CreateNatGatewayCreateNatGatewaycreate
    全部资源
    *
    vpc:DescribeAccessPointsDescribeAccessPointsget
    全部资源
    *
    vpc:DeleteForwardEntryDeleteForwardEntrydelete
    ForwardTable
    acs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId}
    vpc:DescribeEipAddressesDescribeEipAddressesget
    Address
    acs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}
    vpc:DescribePhysicalConnectionsDescribePhysicalConnectionsget
    全部资源
    *
    vpc:DescribeVpcsDescribeVpcsget
    全部资源
    *
    vpc:tag
    vpc:ModifyRouterInterfaceSpecModifyRouterInterfaceSpecupdate
    RouterInterface
    acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}
    vpc:DescribeHaVipsDescribeHaVipsget
    全部资源
    *
    vpc:DeactivateRouterInterfaceDeactivateRouterInterfaceupdate
    RouterInterface
    acs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}

    资源(Resource)

    下表是ECS定义的资源,这些资源可以在RAM权限策略语句的Resource元素中使用,用来授予对该资源执行具体操作的权限。 其中,资源ARN是资源在阿里云上的唯一标识。具体说明如下:
    • {#}为变量标识,需要您替换为实际值。例如:{#ramcode}需要您替换为实际的云服务RAM代码。
    • *表示全部。例如:
      • {#resourceType}*时:表示全部资源。
      • {#regionId}*时:表示全部地域。
      • {#accountId}*时:表示全部阿里云账号。
    资源类型资源ARN
    Instanceacs:ecs:{#regionId}:{#accountId}:instance/*
    Instanceacs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}
    Diskacs:ecs:{#regionId}:{#accountId}:disk/*
    Diskacs:ecs:{#regionId}:{#accountId}:disk/{#diskId}
    DedicatedHostacs:ecs:{#regionId}:{#accountId}:ddh/*
    NetworkInterfaceacs:ecs:{#regionId}:{#accountId}:eni/*
    Imageacs:ecs:{#regionId}:{#accountId}:image/*
    KeyPairacs:ecs:{#regionId}:{#accountId}:keypair/*
    LaunchTemplateacs:ecs:{#regionId}:{#accountId}:launchtemplate/*
    SecurityGroupacs:ecs:{#regionId}:{#accountId}:securitygroup/*
    Snapshotacs:ecs:{#regionId}:{#accountId}:snapshot/*
    AutoProvisioningGroupacs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId}
    DedicatedHostClusteracs:ecs:{#regionId}:{#accountId}:ddhcluster/*
    AutoSnapshotPolicyacs:ecs:{#regionId}:{#accountId}:snapshotpolicy/*
    StorageCapacityUnitacs:ecs:{#regionId}:{#accountId}:scu/*
    StorageCapacityUnitacs:ecs:{#regionId}:{#accountId}:scu/{#scuId}
    Imageacs:ecs:{#regionId}:{#accountId}:image/{#imageId}
    DedicatedHostacs:ecs:{#regionId}:{#accountId}:ddh/{#ddhId}
    NetworkInterfaceacs:ecs:{#regionId}:{#accountId}:eni/{#eniId}
    KeyPairacs:ecs:{#regionId}:{#accountId}:keypair/{#keypairId}
    LaunchTemplateacs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}
    SecurityGroupacs:ecs:{#regionId}:{#accountId}:securitygroup/{#securitygroupId}
    Snapshotacs:ecs:{#regionId}:{#accountId}:snapshot/{#SnapshotId}
    Volumeacs:ecs:{#regionId}:{#accountId}:volume/{#volumeId}
    ReservedInstanceacs:ecs:{#regionId}:{#accountId}:reservedinstance/{#reservedinstanceId}
    Roleacs:ram:*:{#accountId}:role/{#roleName}
    PrefixListacs:ecs:{#regionId}:{#accountId}:prefixlist/{#PrefixListId}
    Instanceacs:ecs:{#regionId}:{#accountId}:instance/{#InstanceId}
    VPCacs:vpc:{#regionId}:{#accountId}:vpc/{#vpcId}
    AutoSnapshotPolicyacs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#SnapshotPolicyId}
    Snapshotacs:ecs:{#regionId}:{#accountId}:snapshot/{#snapshotId}
    AutoProvisioningGroupacs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/*
    AutoSnapshotPolicyacs:ecs:{#regionId}:{#accountId}:autosnapshotpolicy/*
    SnapshotGroupacs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#snapshotgroupId}
    Commandacs:ecs:{#regionId}:{#accountId}:command/*
    Commandacs:ecs:{#regionId}:{#accountId}:command/{#commandId}
    KeyPairacs:ecs:{#regionId}:{#accountId}:keypair/{#keypairName}
    DeploymentSetacs:ecs:{#regionid}:{#accountId}:deploymentset/{#deploymentSetId}
    HpcClusteracs:ecs:{#regionId}:{#accountId}:hpc/*
    ImagePipelineacs:ecs:{#regionId}:{#accountId}:imagepipeline/*
    ReservedInstanceacs:ecs:{#regionId}:{#accountId}:reservedinstance/{#ReservedInstanceId}
    ImagePipelineacs:ecs:{#regionId}:{#accountId}:imagepipeline/{#imagepipelineId}
    ddhclusteracs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}
    Fleetacs:ecs:{#regionId}:{#accountId}:fleet/*
    DedicatedHostClusteracs:ecs:{#regionId}:{#accountId}:ddhcluster/{#ddhclusterId}
    SnapshotGroupacs:ecs:{#regionId}:{#accountId}:snapshotgroup/{#SnapshotGroupId}
    snapshotpolicyacs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId}
    Volumeacs:ecs:{#regionId}:{#accountId}:volume/*
    AutoSnapshotPolicyacs:ecs:{#regionId}:{#accountId}:snapshotpolicy/{#snapshotpolicyId}
    ReservedInstanceacs:ecs:{#regionId}:{#accountId}:reservedinstance/*
    CapacityReservationacs:ecs:{#regionId}:{#accountId}:capacityreservation/*
    ImageComponentacs:ecs:{#regionId}:{#accountId}:imagecomponent/*
    ImageComponentacs:ecs:{#regionId}:{#accountId}:imagecomponent/{#imagecomponentId}
    Commandacs:ecs:{#regionId}:{#accountId}:command/{#CommandId}
    DeploymentSetacs:ecs:{#regionId}:{#accountId}:deploymentset/{#DeploymentSetId}
    SecurityGroupacs:ecs:{#regionId}:{#accountId}:securitygroup/{#SecurityGroupId}
    Activationacs:ecs:{#regionId}:{#accountId}:activation/*
    activationacs:ecs:{#regionId}:{#accountId}:activation/{#activationId}
    autoprovisioninggroupacs:ecs:{#regionId}:{#accountId}:autoprovisioninggroup/{#autoprovisioninggroupId}
    ServiceSettingsacs:ecs:{#regionId}:{#accountId}:servicesettings/{#servicesettingId}
    ElasticityAssuranceacs:ecs:{#regionId}:{#accountId}:elasticityassurance/*
    Invocationacs:ecs:{#regionId}:{#accountId}:invocation/{#InvocationId}
    ddhclusteracs:ecs:{#regionId}:{#accountId}:ddhcluster/*
    SnapshotGroupacs:ecs:{#regionId}:{#accountId}:snapshotgroup/*
    VSwitchacs:vpc:{#regionId}:{#accountId}:vswitch/{#vswitchId}
    Demandacs:ecs:{#regionId}:{#accountId}:ecsdemand/*
    Activationacs:ecs:{#regionId}:{#accountId}:activation/{#ActivationId}
    ElasticityAssuranceacs:ecs:{#regionId}:{#accountId}:elasticityassurance/{#ElasticityAssuranceId}
    VSwitchacs:vpc:{#regionId}:{#accountId}:vswitch/*
    Demandacs:ecs:*:{#accountId}:*
    Activationacs:ecs:{#regionId}:{#accountId}:activation/{#activationId}
    DeploymentSetacs:ecs:{#regionId}:{#accountId}:deploymentset/*
    VirtualBorderRouteracs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VirtualBorderRouterId}
    BandwidthPackageacs:vpc:{#regionId}:{#accountId}:bandwidthpackage/{#BandwidthPackageId}
    ForwardTableacs:vpc:{#regionId}:{#accountId}:forwardtable/{#ForwardTableId}
    NatGatewayacs:vpc:{#regionId}:{#accountId}:natgateway/{#natgatewayid}
    VRouteracs:vpc:{#regionId}:{#accountId}:vrouter/{#VRouterId}
    PhysicalConnectionacs:vpc:{#regionId}:{#accountId}:physicalconnection/{#PhysicalConnectionId}
    Addressacs:vpc:{#regionId}:{#accountId}:eip/{#AllocationId}
    HaVipacs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}
    NatGatewayacs:vpc:{#regionId}:{#accountId}:natgateway/*
    NatGatewayacs:vpc:{#regionId}:{#accountId}:natgateway/{#NatGatewayId}
    Instanceacs:vpc:{#regionId}:{#accountId}:instance/{#InstanceId}
    VPCacs:vpc:{#regionId}:{#accountId}:vpc/{#VpcId}
    VSwitchacs:vpc:{#regionId}:{#accountId}:vswitch/{#VSwitchId}
    VPCacs:vpc:{#regionId}:{#accountId}:vpc/*
    VirtualBorderRouteracs:vpc:{#regionId}:{#AccountId}:virtualborderrouter/*
    RouterInterfaceacs:vpc:{#regionId}:{#accountId}:routerinterface/{#RouterInterfaceId}
    Associationacs:vpc:{#regionId}:{#accountId}:havip/{#HaVipId}
    BandwidthPackageacs:vpc:{#regionId}:{#accountId}:bandwidthpackage/*
    RouteTableacs:vpc:{#regionId}:{#accountId}:routetable/{#RouteTableId}
    HaVipacs:vpc:{#regionId}:{#accountId}:havip/*
    VRouteracs:vpc:{#regionId}:{#accountId}:vrouter/*
    VirtualBorderRouteracs:vpc:{#regionId}:{#AccountId}:virtualborderrouter/{#VbrId}
    PhysicalConnectionacs:vpc:{#regionId}:{#accountId}:physicalconnection/*
    VirtualBorderRouteracs:vpc:{#regionId}:{#accountId}:virtualborderrouter/{#VbrId}
    RouterInterfaceacs:vpc:{#regionId}:{#accountId}:routerinterface/*
    Addressacs:vpc:{#regionId}:{#accountId}:eip/*
    VPCacs:vpc:{#regionId}:{#accountId}:vpc/{#VPCId}

    条件(Condition)

    下表是ECS定义的产品级条件关键字,这些条件关键字可以在RAM权限策略语句的Condition元素中使用,用来描述授予权限的条件。以下仅列举产品级的条件关键字,阿里云定义的ECS也同样适用通用条件关键字
    其中,数据类型决定了您可以使用哪些条件运算符将请求中的值与权限策略语句中的值进行比较。您必须使用与数据类型匹配的条件运算符,否则无法匹配策略语句,授权行为无效。数据类型与条件运算符的对应关系,请参见条件操作类型
    条件关键字描述类型
    vpc:VPCVPC InformationString
    vpc:IsDefaultVSwitchWhether it is the default VSwitch and whether the default VSwitch can be usedBoolean
    vpc:IsDefaultVpcWhether it is the default VPCBoolean
    ecs:IsDiskEncryptedWhether it is an encrypted data diskString
    ecs:InstanceTypeInstance specificationsString
    ecs:InstanceTypeFamilyinstance specification familyString
    ecs:ImagePlatformOperating system type of the imageString
    ecs:ImageSourceImage SourceString
    ecs:CommandRunAsUser in the operating system that executes cloud assistant commandsString
    ecs:IsSystemDiskEncryptedWhether it is an encryption system diskString
    ecs:ImageOwnerIdOwner UID of the image.String
    ecs:AssociatePublicIpAddressWhether to support the allocation of public network IP in the process of resource creation and change, that is, whether to allow the operation of resources to make the public network bandwidth greater than 0.Boolean
    ecs:PasswordCustomizedWhether a custom password is usedBoolean
    ecs:PasswordInheritWhether the instance inherits the image password.Boolean
    ecs:SecurityEnhancementStrategyWhether to open security reinforcement.String
    ecs:SecurityHardeningModeWhether to enforce hardened mode (IMDSv2) when accessing instance metadataBoolean
    vpc:CreateDefaultVpcWhether a default VPC can be createdBoolean
    ecs:SecurityGroupIpProtocolsTransport layer protocol with security group openString
    ecs:SecurityGroupSourceCidrIpsThe source IPv4 CIDR segment of the security group that sets access permissionsString
    ecs:NotSpecifySecurityGroupIdWhether the security group ID is not specifiedBoolean

    相关操作

    您可以创建自定义权限策略,并将权限策略授予RAM用户、RAM用户组或RAM角色。具体操作如下: