Logical non-syntax (NotAction, etc.)--IAM-Volcengine

Docs

IAM

Policy Grammar

Logical non-syntax (NotAction, etc.)

grammar description

You can use logical nonsyntax when defining an action or resource to express "exclusion" semantics for some actions or resources. The specific keywords are as follows:

**NotAction: **Define the scope of the action to be excluded, which must be used with the Action , meaning that it contains the actions defined in the Action but excludes the actions defined in the NotAction .
**NotResource: **Define the scope of resources to be excluded and must be used with NotResource , meaning that it contains resources defined in Resource but excludes resources defined in NotResource .

For example, the following policy includes permissions to the Cloud as a Service except for the private network:

{ 
  "Statement": [ 
    { 
      "Effect": "Allow", 
      "Action": [ 
        "*" 
      ], 
      "NotAction":[ 
        "vpc:*" 
      ], 
      "Resource": [ 
        "*" 
      ] 
    } 
  ] 
}

The following policies contain permissions to operate on all VPC resources except the private network vpc-bp15zckdt37pq72zv**** :

{ 
  "Statement": [ 
    { 
      "Effect": "Allow", 
      "Action": [ 
        "vpc:*" 
      ], 
      "Resource": [ 
        "*" 
      ], 
      "NotResource": [ 
        "trn:vpc:cn-beijing:2000001234:vpc/vpc-bp15zckdt37pq72zv****" 
      ] 
    } 
  ] 
}

Cloud as a Service with NotAction and NotResource support

At present, only some Cloud as a Service support NotAction and NotResource syntax. For Cloud as a Service that is not supported, you cannot use NotAction or NotResource keywords in policies. Here is a list of supported services:

Product classification	Product Name (Volcano Engine)	ServiceCode	Support NotAction/NotResource
calculate	Cloud as a Service	ecs	Not supported
calculate	elastic stretching	auto_scaling	support
calculate	veLinux	velinux	support
calculate	Server Migration Center	smc	support
network	private network	vpc	support
network	Public IP	vpc	support
network	NAT gateway	natgateway	support
network	Cloud enterprise network	cen	support
network	Transit router	transitrouter	support
network	load balance	clb	support
network	Application Load Balancer	alb	support
network	NAT64 gateway	nat64gateway	support
network	private line connection	directconnect	support
network	VPN connection	vpn	support
network	private network connection	privatelink	support
network	cross-domain bandwidth packet	crb	support
network	Anycast Elastic Public IP	anycasteip	support
network	Internet Express	fasttrack	support
storage	object storage	tos	Not supported
storage	log service	TLS	Not supported
storage	Elastic Block Store	storage_ebs	support
storage	File Storage NAS	FileNAS	support
storage	File storage vePFS	vepfs	support
storage	Big data file storage	cfs	Not supported
storage	Storage Migration Service	dms	support
storage	data flash service	des	support
database	Cloud Database MySQL Edition	rds_mysql	support
database	Cloud Database PostgreSQL Edition	rds_postgresql	support
database	Cloud Database RDS SQL Server Edition	rds_mssql	support
database	Cloud database veDB MySQL edition	vedbm	support
database	Cloud Database MySQL Sharding Edition	mysql_sharding	support
database	Cloud Database NewSQL MySQL Edition	ndb	support
database	Cache Database Redis Edition	Redis	support
database	Document Database MongoDB Edition	mongodb	support
database	Table Database HBase Edition	hbase	support
database	graph database veGraph	graph	support
database	Time series database InfluxDB	influxdb	Not supported
database	Configuration Center	configcenter	support
database	Database Transfer Service	dts	support
database	Database Workbench	dbw	support
Containers and Middleware	container service	vke	support
Containers and Middleware	mirror warehouse	cr	Not supported
Containers and Middleware	Message queue Kafka version	Kafka	support
Containers and Middleware	Message queue RocketMQ version	RocketMQ	support
Containers and Middleware	Message queue RabbitMQ version	RabbitMQ	support
Containers and Middleware	Cloud monitoring	Volc_Observe	support
Containers and Middleware	application observability service	aos	support
Containers and Middleware	Application Performance Monitor Full Link Edition	apmplus_api	Not supported
Containers and Middleware	Application Performance Monitor Full Link Edition	apmplus_server	Not supported
Containers and Middleware	Hosting Prometheus	vmp	Not supported
Containers and Middleware	function service	vefaas	support
Containers and Middleware	Microservice Engine	mse	support
Containers and Middleware	API Gateway	apig	support
Containers and Middleware	Applied toughness enhancement	ares	support
Containers and Middleware	Service Mesh	ams	support
Containers and Middleware	Cloud search service	ESCloud	support
Containers and Middleware	Internet of Things Platform	iot	Not supported
Containers and Middleware	distributed cloud native platform	dcp	support
Containers and Middleware	Simple Queue Service	sqs	support
Containers and Middleware	cloud automated testing	cloud_detect	support
Containers and Middleware	Cloud Native SpendSmart	finops	support
Containers and Middleware	cloud native messaging engine	bmq	support
Containers and Middleware	product warehouse	artifacts	Not supported
Containers and Middleware	Continuous Delivery	cp	Not supported
Containers and Middleware	code hosting veCode	vecode	support
Big Data	Stream computing Flink	flink	support
Big Data	E-MapReduce	emr	support
Big Data	Lake and warehouse integrated analysis service LAS	las	Not supported
Big Data	Big Data R & D Governance Suite	dataleap	support
Big Data	E-MapReduce(EMR) Serverless	emr_serverless	Not supported
Big Data	Batch Computing Spark Edition	spark	support
Big Data	E-MapReduce OLAP	emr_olap	support
Big Data	Growth Marketing Platform	gmp	Not supported
Big Data	growth analysis	uba	Not supported
Big Data	A/B Testing	ab_test	Not supported
Big Data	ByteHouse	bytehouse	Not supported
Big Data	ByteHouse Enterprise Edition	bytehouse_ce	Not supported
Big Data	Global Data Transmission Service	datasail	Not supported
Big Data	Datawind	datawind	Not supported
Big Data	Customer Data Platform	cdp_saas	Not supported
Big Data	data elements	data_tob_rta	Not supported
Big Data	data elements	data_tob	Not supported
CDN and the Edge	Information delivery network	CDN	Not supported
CDN and the Edge	Edge Computing Node	veen_edge	support
CDN and the Edge	Edge Computing Node	veenedge	support
CDN and the Edge	site-wide acceleration	dcdn	Not supported
CDN and the Edge	Global acceleration	ga	support
CDN and the Edge	edge container	veecp_openapi	support
CDN and the Edge	Edge Intelligence	vei_api	support
CDN and the Edge	Edge rendering farm	verender	support
CDN and the Edge	marginal function	veefapi	support
CDN and the Edge	Video Network	aiotvideo	support
CDN and the Edge	Business Services	industry_commerce	support
CDN and the Edge	edge access	edx	support
CDN and the Edge	edge container	veecc	support
CDN and the Edge	Edge Access Gateway	eag	support
CDN and the Edge	Game Network Acceleration (GNA)	gna	support
CDN and the Edge	Multi-cloud CDN	mcdn	Not supported
Artificial intelligence and algorithms	Volcano Ark	ark	support
Artificial intelligence and algorithms	Intelligent Vision Service	cv	support
Artificial intelligence and algorithms	Intelligent Vision Service	cv_console	support
Artificial intelligence and algorithms	Machine learning platform	ml_platform	Not supported
Artificial intelligence and algorithms	machine translation	translate	Not supported
Artificial intelligence and algorithms	natural language processing	nlp_console	support
Artificial intelligence and algorithms	natural language processing	nlp_gateway	support
Artificial intelligence and algorithms	Voice Technology	speech_saas_prod	support
Artificial intelligence and algorithms	Wisdom Listening	igh	support
Artificial intelligence and algorithms	content customization	content_customization	support
		volc_torchlight_api	support
		content	support
Artificial intelligence and algorithms	Matrix Butler	CreativeManagementPlatform	support
Artificial intelligence and algorithms	Audio Intelligence	sami	support
Artificial intelligence and algorithms	International Translation Platform	i18n_console	support
Artificial intelligence and algorithms	Para Cloud Platform	para	support
Artificial intelligence and algorithms	Intelligent outbound call	bytebot	Not supported
Artificial intelligence and algorithms	Intelligent Creation Cloud	ic_iam	Not supported
Artificial intelligence and algorithms	Audio Content Creation Platform	accp	support
Artificial intelligence and algorithms	Content Management Platform	mp	support
		tcs	support
		volc_content_platform	support
Artificial intelligence and algorithms	Intelligent Video Analytics Platform	iva	Not supported
Artificial intelligence and algorithms	Large model platform maas	ml_maas	Not supported
Artificial intelligence and algorithms	Content Insights Platform	insight	support
Artificial intelligence and algorithms	manga	modelweb_api	support
Artificial intelligence and algorithms	Intelligent driving data	advc_data	support
Artificial intelligence and algorithms	Smart vlog	vlog	support
Artificial intelligence and algorithms	Intelligent advertising marketing platform	iad	Not supported
Artificial intelligence and algorithms	Smart Recommendation Platform	air	Not supported
Artificial intelligence and algorithms	Omniverse	ove	support
Video Cloud	live video	live	Not supported
Video Cloud	Video-On-Demand	vod	Not supported
Video Cloud	imagex	ImageX	support
Video Cloud	Live audio & video	rtc	Not supported
Video Cloud	Intelligent processing	imp	support
Video Cloud	Enterprise live broadcast	livesaas	Not supported
Video Cloud	Cloud phone	ACEP	support
Video Cloud	WTN	wtn	support
Video Cloud	Cloud phone ipaas	ipaas	support
Video Cloud	Cube proprietary computing platform	cube	support
Video Cloud	cloud editing	edit	support
Video Cloud	Cloud gaming	vegame	support
safety	Cloud bastion hosting	vbh	support
safety	Cloud Security Center	seccenter	support
safety	DDoS High Defense	AdvDefence	support
safety	DDoS Basic Protection	DDoS	support
safety	DDoS native protection	origin_defence	support
safety	Web Application Firewall	waf	support
safety	Advanced Cyber Threat Detection System	nta	support
safety	Cloud Firewall	fw_center	support
safety	Key Management System	kms	Not supported
safety	Cloud encryption machine	hsm	support
safety	Managed Security Services	sec_managed	support
safety	business risk identification	BusinessSecurity	support
safety	Attack Surface Management SaaS Edition	asm	support
safety	Multi-cloud security management platform	mcs	support
safety	Cloud Security Center	cspc	support
safety	Mobile game anti-plug	game_protect	support
safety	Advance Anti-DDoS Protection Global	advantiddos_global	support
safety	Online game anti-pull person	AdBlocker	support
safety	SealSuite	corplink	support
Enterprise Application	Cloud communication, SMS service	volcSMS	support
Enterprise Application	Cloud communication, voice services	vms	support
Enterprise Application	Domain Name Service	domain_service	support
Enterprise Application	Public Resolving PublicDNS	public_dns	support
Enterprise Application	Cloud resolution DNS	dns	support
Enterprise Application	Global Traffic Management	gtm	support
Enterprise Application	Private Network Analysis PrivateZone	private_zone	support
Enterprise Application	SSL certificate	certificate_service	support
Enterprise Application	Bio-OS	bio	Not supported
Enterprise Application	Edge Cloud Trademark Service	trademark	support
Enterprise Application	Mobile Parsing HTTPDNS	httpdns	support
Enterprise Application	Private CA	pca	support
Management and Governance	access control	iam	Not supported
Management and Governance	enterprise organization	organization	support
Management and Governance	expense center	bill_volcano_engine	Not supported
Management and Governance		bill	support
Management and Governance		billing	support
Management and Governance		volc_contract_process	support
Management and Governance	quota	quota	support
Management and Governance	label	tag	support
Management and Governance	Resource Center	resourcecenter	support
Management and Governance	resource sharing	resource_share	support
Management and Governance	Cloud Audit	cloud_trail	support
Management and Governance	security certificate service	sts	support
Management and Governance	Corporate Identity Center	cloudidentity	support
Management and Governance	News Center	consolemessage	support
Management and Governance	Account service	account	support
Management and Governance	real-name authentication service	account_verify	support
Management and Governance	News Center	cloud_message_volc	support
Management and Governance	ticket	ticket	support
Management and Governance	record	beian	Not supported
Management and Governance	application service	baf	support
Management and Governance	partner console	partner	Not supported
Management and Governance	Cloud Market	marketplace	support
Management and Governance	Cloud Market	marketplace_partner	Not supported

Last updated: 2025.06.23 19:21:30

IAM

grammar description #

Cloud as a Service with NotAction and NotResource support #

grammar description

Cloud as a Service with NotAction and NotResource support