Updated on 2025-06-12 GMT+08:00

FunctionGraph

The Organizations service provides Service Control Policies (SCPs) to set access control policies.

SCPs do not actually grant any permissions to a principal. They only set the permissions boundary for the principal. When SCPs are attached to a member account or an organizational unit (OU), they do not directly grant permissions to that member account or OU. Instead, the SCPs just determine what permissions are available for that member account or the member accounts under that OU.

This section describes the elements used by IAM custom identity policies and Organizations SCPs. The elements include actions, resources, and conditions.

For details about how to use these elements to create a custom SCP, see Creating an SCP.

Actions

Actions are specific operations that are allowed or denied in an SCP.

  • The Access Level column describes how the action is classified (List, Read, or Write). This classification helps you understand the level of access that an action grants when you use it in an SCP.
  • The Resource Type column indicates whether the action supports resource-level permissions.
    • You can use a wildcard (*) to indicate all resource types. If this column is empty (-), the action does not support resource-level permissions, and you must specify all resources ("*") in your SCP statements.
    • If this column includes a resource type, you must specify the URN in the Resource element of your statements.
    • Required resources are marked with asterisks (*) in the table. If you specify a resource in a statement using this action, then it must be of this type.

    For details about the resource types defined by FunctionGraph, see Resources.

  • The Condition Key column includes keys that you can specify in the Condition element of an SCP statement.
    • If the Resource Type column has values for an action, the condition key takes effect only for the listed resource types.
    • If the Resource Type column is empty (-) for an action, the condition key takes effect for all resources that action supports.
    • If the Condition Key column is empty (-) for an action, the action does not support any condition keys.

    For details about condition keys defined by FunctionGraph, see Conditions.

The following table lists the actions that you can define in SCP statements for FunctionGraph.

Table 1 Supported actions

Action

Description

Access Level

Resource Type (*: required)

Condition Key

Alias

functiongraph:function:createFunction

Grants permission to create a function.

Write

function *

functiongraph:function:create

-

functiongraph:function:deleteFunction

Grants permission to delete a function.

Write

function *

functiongraph:function:delete

-

functiongraph:function:listFunctions

Grants permission to list functions.

List

function *

functiongraph:function:list

-

functiongraph:function:getFunctionCode

Grants permission to get the code of a function.

Read

function *

functiongraph:function:getCode

-

functiongraph:function:updateFunctionCode

Grants permission to modify the code of a function.

Write

function *

functiongraph:function:updateCode

-

functiongraph:function:getFunctionConfig

Grants permission to get the metadata of a function.

Read

function *

functiongraph:function:getConfig

-

functiongraph:function:updateFunctionConfig

Grants permission to modify the metadata of a function.

Write

function *

functiongraph:function:updateConfig

-

functiongraph:function:updateMaxInstanceConfig

Grants permission to update the maximum number of instances of a function.

Write

function *

functiongraph:function:updateConfig

-

functiongraph:function:updateSnapshot

Grants permission to enable or disable snapshot for a function.

Write

function *

g:EnterpriseProjectId

functiongraph:function:updateConfig

functiongraph:function:getSnapshotState

Grants permission to query the snapshot status of a function.

Read

function *

g:EnterpriseProjectId

functiongraph:function:updateConfig

functiongraph:function:createUrl

Grants permission to create a function URL.

Write

function *

g:EnterpriseProjectId

functiongraph:function:updateConfig

functiongraph:function:deleteUrl

Grants permission to delete a function URL.

Write

function *

g:EnterpriseProjectId

functiongraph:function:updateConfig

functiongraph:function:updateUrl

Grants permission to update a function URL.

Write

function *

g:EnterpriseProjectId

functiongraph:function:updateConfig

functiongraph:function:getUrl

Grants permission to get the URL of a function.

Read

function *

g:EnterpriseProjectId

functiongraph:function:updateConfig

functiongraph::getResourceInstance

Grants permission to get resources.

Read

-

g:EnterpriseProjectId

functiongraph:function:updateConfig

functiongraph::createTag

Grants permission to create resource tags.

Tagging

-

functiongraph:function:updateConfig

functiongraph::deleteTag

Grants permission to delete resource tags.

Tagging

-

g:EnterpriseProjectId

functiongraph:function:updateConfig

functiongraph::listTags

Grants permission to list resource tags.

List

-

g:EnterpriseProjectId

functiongraph:function:updateConfig

functiongraph::createFunctionApp

Grants permission to create an application.

Write

-

g:EnterpriseProjectId

functiongraph:function:list

functiongraph::deleteFunctionApp

Grants permission to delete an application.

Write

-

g:EnterpriseProjectId

functiongraph:function:delete

functiongraph::getFunctionApp

Grants permission to get details about an application.

Read

-

g:EnterpriseProjectId

functiongraph:function:list

functiongraph::listFunctionApps

Grants permission to list applications.

List

-

g:EnterpriseProjectId

functiongraph:function:list

functiongraph::listFunctionAppTemplates

Grants permission to list application templates.

List

-

g:EnterpriseProjectId

functiongraph:function:list

functiongraph::createVpcEndpoint

Grants permission to create a VPC endpoint.

Write

-

g:EnterpriseProjectId

functiongraph:function:updateConfig

functiongraph::deleteVpcEndpoint

Grants permission to delete a VPC endpoint.

Write

-

g:EnterpriseProjectId

functiongraph:function:delete

functiongraph:function:export

Grants permission to export a function.

Read

function *

g:EnterpriseProjectId

functiongraph:function:getconfig

functiongraph:function:import

Grants permission to import a function.

Write

function *

g:EnterpriseProjectId

functiongraph:function:create

functiongraph::exportPackage

Grants permission to export a function application.

Read

-

g:EnterpriseProjectId

functiongraph:function:list

functiongraph::importPackage

Grants permission to import a function application.

Write

-

g:EnterpriseProjectId

functiongraph:function:create

functiongraph:function:createVersion

Grants permission to publish a function version.

Write

function *

g:EnterpriseProjectId

-

functiongraph:function:listVersion

Grants permission to list the versions of a function.

List

function *

g:EnterpriseProjectId

-

functiongraph:function:createAlias

Grants permission to create an alias for a function's additional version.

Write

function *

g:EnterpriseProjectId

-

functiongraph:function:deleteAlias

Grants permission to delete an alias of a function version.

Write

function *

g:EnterpriseProjectId

-

functiongraph:function:listAlias

Grants permission to list the versions and aliases of a function.

List

function *

g:EnterpriseProjectId

-

functiongraph:function:getAlias

Grants permission to get an alias of a function version.

Read

function *

g:EnterpriseProjectId

-

functiongraph:function:updateAlias

Grants permission to modify an alias of a function version.

Write

function *

g:EnterpriseProjectId

-

functiongraph::listQuota

Grants permission to get tenant quotas.

List

-

-

functiongraph:function:list

functiongraph:dependency:createDependency

Grants permission to create a dependency.

Write

-

-

functiongraph:function:create

functiongraph:dependency:deleteDependency

Grants permission to delete a dependency.

Write

-

-

functiongraph:function:delete

functiongraph:dependency:listDependencies

Grants permission to list the dependencies.

List

-

-

functiongraph:function:list

functiongraph:dependency:getDependency

Grants permission to get a dependency.

Read

-

-

functiongraph:function:getcode

functiongraph:dependency:updateDependency

Grants permission to update a dependency.

Write

-

-

functiongraph:function:updatecode

functiongraph:dependency:createDependencyVersion

Grants permission to create a dependency version.

Write

-

-

functiongraph:function:create

functiongraph:dependency:deleteDependencyVersion

Grants permission to delete a dependency version.

Write

-

-

functiongraph:function:delete

functiongraph:dependency:listDependencyVersion

Grants permission to list the versions of a dependency.

List

-

-

functiongraph:function:list

functiongraph:dependency:getDependencyVersion

Grants permission to get details about a dependency version.

Read

-

-

functiongraph:function:getcode

functiongraph:function:createEvent

Grants permission to create a test event.

Write

function *

g:EnterpriseProjectId

functiongraph:function:invoke

functiongraph:function:deleteEvent

Grants permission to delete a test event.

Write

function *

g:EnterpriseProjectId

functiongraph:function:invoke

functiongraph:function:updateEvent

Grants permission to update a test event.

Write

function *

g:EnterpriseProjectId

functiongraph:function:invoke

functiongraph:function:listEvent

Grants permission to list the test events of a function.

List

function *

g:EnterpriseProjectId

functiongraph:function:list

functiongraph:function:getEvent

Grants permission to get details about a test event of a function.

Read

function *

g:EnterpriseProjectId

functiongraph:function:invoke

functiongraph:function:getTracing

Grants permission to get the tracing configurations of a function.

Read

function *

g:EnterpriseProjectId

functiongraph:function:create

functiongraph:function:updateTracing

Grants permission to update the tracing configurations of a function.

Write

function *

g:EnterpriseProjectId

functiongraph:function:create

functiongraph::listFunctionByMetric

Grants permission to get functions for a specified metric.

List

-

-

functiongraph:function:list

functiongraph:function:listFunctionStatistics

Grants permission to get metrics of a function in a specified period.

List

function *

g:EnterpriseProjectId

functiongraph:function:getconfig

functiongraph::listStatistics

Grants permission to get function statistics.

List

-

-

functiongraph:function:getconfig

functiongraph:function:getReservedInstanceMetrics

Grants permission to get the reserved instance usage of a function.

Read

function *

g:EnterpriseProjectId

functiongraph:function:getconfig

functiongraph::enableLtsLogs

Grants permission to enable log reporting to LTS.

Write

-

-

functiongraph:function:create

functiongraph:function:getLtsLogConfiguration

Grants permission to get the LTS log group and stream settings of a function.

Read

function *

g:EnterpriseProjectId

functiongraph:function:getconfig

functiongraph:function:updateReservedInstanceCount

Grants permission to change the number of reserved instances of a function.

Write

function *

g:EnterpriseProjectId

functiongraph:function:updateconfig

functiongraph::listReservedInstanceCount

Grants permission to get the number of reserved instances of a function.

List

-

-

functiongraph:function:getconfig

functiongraph::listReservedInstanceConfig

Grants permission to get the reserved instance configurations of a function.

List

function

g:EnterpriseProjectId

functiongraph:function:getconfig

functiongraph::getReservedInstanceState

Grants permission to get the status of reserved instances of a function.

Read

-

-

functiongraph:function:getconfig

functiongraph:function:invokeAsync

Grants permission to execute a function asynchronously.

Write

function *

g:EnterpriseProjectId

-

functiongraph:function:invokeSync

Grants permission to execute a function synchronously.

Write

function *

g:EnterpriseProjectId

functiongraph:function:invoke

functiongraph:function:invokeReservedFunctionAsync

Grants permission to execute a function asynchronously and return reserved instance IDs.

Write

function *

g:EnterpriseProjectId

functiongraph:function:invokeasync

functiongraph:function:stopAsyncInvoke

Grants permission to stop an asynchronous invocation request of a function.

Write

function *

g:EnterpriseProjectId

functiongraph:function:invokeasync

functiongraph:function:listAsyncInvocation

Grants permission to get asynchronous invocation requests of a function.

List

function *

g:EnterpriseProjectId

functiongraph:function:list

functiongraph:function:deleteAsyncInvokeConfig

Grants permission to delete the asynchronous invocation settings of a function.

Write

function *

g:EnterpriseProjectId

functiongraph:function:delete

functiongraph:function:updateAsyncInvokeConfig

Grants permission to configure asynchronous invocation settings for a function.

Write

function *

g:EnterpriseProjectId

functiongraph:function:updateconfig

functiongraph:function:listAsyncInvokeConfig

Grants permission to get the asynchronous invocation settings of a function's all versions.

List

function *

g:EnterpriseProjectId

functiongraph:function:list

functiongraph:function:getAsyncInvokeConfig

Grants permission to get the asynchronous invocation setting of a function version.

Read

function *

g:EnterpriseProjectId

functiongraph:function:getconfig

functiongraph::updateAsyncStatusLog

Grants permission to enable asynchronous notification.

Write

-

-

functiongraph:function:create

functiongraph::getAsyncStatusLogInfo

Grants permission to get details about asynchronous invocation logs.

Read

-

-

functiongraph:function:getConfig

functiongraph:function:listActiveAsyncInvocations

Grants permission to get active asynchronous invocation requests of a function.

List

function *

g:EnterpriseProjectId

functiongraph:function:list

functiongraph:trigger:createTrigger

Grants permission to create a trigger.

Write

function *

g:EnterpriseProjectId

functiongraph:trigger:create

functiongraph:trigger:delete

Grants permission to delete a trigger.

Write

trigger *

g:EnterpriseProjectId

-

functiongraph:trigger:update

Grants permission to update a trigger.

Write

function *

g:EnterpriseProjectId

functiongraph:trigger:create

functiongraph:trigger:list

Grants permission to list all triggers of a function.

List

function *

g:EnterpriseProjectId

functiongraph:trigger:listSpecifiedFunctionTriggers

functiongraph:trigger:get

Grants permission to get a trigger.

Read

trigger *

g:EnterpriseProjectId

-

functiongraph:trigger:batchDelete

Grants permission to delete all triggers of a function.

Write

function *

g:EnterpriseProjectId

functiongraph:trigger:deleteSpecifiedFunctionTriggers

functiongraph::listObsNotifications

Grants permission to get all notification settings of an OBS bucket.

Read

-

-

functiongraph:trigger:create

functiongraph::listObsBucket

Grants permission to list the OBS buckets.

List

-

-

functiongraph:trigger:listSpecifiedFunctionTriggers

functiongraph:workflow:create

Grants permission to create a function flow.

Write

workflow *

g:EnterpriseProjectId

functiongraph:function:create

functiongraph:workflow:delete

Grants permission to delete a function flow.

Write

workflow *

g:EnterpriseProjectId

functiongraph:function:delete

functiongraph:workflow:update

Grants permission to modify the instance metadata of a function flow.

Write

workflow *

g:EnterpriseProjectId

functiongraph:function:create

functiongraph:workflow:list

Grants permission to get a function flow.

List

workflow *

g:EnterpriseProjectId

functiongraph:function:list

functiongraph:workflow:getConfig

Grants permission to get the instance metadata of a function flow.

Read

workflow *

g:EnterpriseProjectId

functiongraph:function:getConfig

functiongraph:workflow:invoke

Grants permission to execute a function flow asynchronously.

Write

workflow *

g:EnterpriseProjectId

functiongraph:function:invoke

functiongraph:workflow:invokeSync

Grants permission to execute a function flow synchronously.

Write

workflow *

g:EnterpriseProjectId

functiongraph:function:invoke

functiongraph:workflow:terminate

Grants permission to stop a function flow.

Write

workflow *

g:EnterpriseProjectId

functiongraph:function:invoke

functiongraph:workflow:retry

Grants permission to retry a function flow.

Write

workflow *

g:EnterpriseProjectId

functiongraph:function:invoke

functiongraph:workflow:listExecutions

Grants permission to list the instances of a function flow.

List

workflow *

g:EnterpriseProjectId

functiongraph:function:list

functiongraph:workflow:getExecutionDetail

Grants permission to get a function flow instance.

Read

workflow *

g:EnterpriseProjectId

functiongraph:function:getConfig

functiongraph:workflow:getMetric

Grants permission to get the metrics of a function flow.

Read

workflow *

g:EnterpriseProjectId

functiongraph:function:getConfig

functiongraph:workflow:listMetrics

Grants permission to get function flow metrics.

List

-

-

functiongraph:function:getConfig

functiongraph:workflow:downloadOutput

Grants permission to download the node execution results of a function flow.

Write

workflow *

g:EnterpriseProjectId

functiongraph:function:getConfig

functiongraph:workflow:cancel

Grants permission to stop executing a function flow.

Write

workflow *

g:EnterpriseProjectId

functiongraph:function:invoke

functiongraph:workflow:metadata

Grants permission to get the metadata of a function flow.

List

-

-

functiongraph:function:list

Each API of FunctionGraph usually supports one or more actions. Table 2 lists the supported actions and dependencies.

Table 2 Actions and dependencies supported by FunctionGraph APIs

API

Action

Dependency

POST /v2/{project_id}/fgs/functions

functiongraph:function:createFunction

  • lts:groups:list
  • lts:groups:create
  • lts:logstreams:list
  • lts:structConfig:create
  • obs:object:GetObject

DELETE /v2/{project_id}/fgs/functions/{function_urn}

functiongraph:function:deleteFunction

  • functiongraph:trigger:batchDelete
  • lts:groups:list
  • lts:logstreams:list
  • lts:logstreams:delete

PUT /v2/{project_id}/fgs/functions/{function_urn}/config

functiongraph:function:updateFunctionConfig

  • lts:groups:list
  • lts:groups:create
  • lts:logstreams:list
  • lts:structConfig:create

PUT /v2/{project_id}/fgs/functions/{function_urn}/code

functiongraph:function:updateFunctionCode

obs:object:GetObject

GET /v2/{project_id}/fgs/functions

functiongraph:function:listFunctions

-

GET /v2/{project_id}/fgs/functions/{function_urn}/config

functiongraph:function:getFunctionConfig

-

GET /v2/{project_id}/fgs/functions/{function_urn}/code

functiongraph:function:getFunctionCode

-

GET /v2/{project_id}/fgs/public-network-bandwidth

functiongraph::getPublicNetworkBandwidth

-

-

functiongraph::updatePublicNetworkBandwidth

-

GET /v2/{project_id}/fgs/resource-usage

functiongraph::getTenantResourceUsage

-

PUT /v2/{project_id}/fgs/functions/{function_urn}/config-max-instance

functiongraph:function:updateMaxInstanceConfig

-

POST /v2/{project_id}/fgs/functions/{function_urn}/snapshots/{action}

functiongraph:function:updateSnapshot

-

-

functiongraph:function:getSnapshotState

-

POST /v2/{project_id}/fgs/functions/{function_urn}/function-url

functiongraph:function:createUrl

-

DELETE /v2/{project_id}/fgs/functions/{function_urn}/function-url

functiongraph:function:deleteUrl

-

PUT /v2/{project_id}/fgs/functions/{function_urn}/function-url

functiongraph:function:updateUrl

-

GET /v2/{project_id}/fgs/functions/{function_urn}/function-url

functiongraph:function:getUrl

-

POST /v2/{project_id}/{resource_type}/resource-instances/{action}

functiongraph::getResourceInstance

-

POST /v2/{project_id}/{resource_type}/{resource_id}/tags/create

functiongraph::createTag

-

DELETE /v2/{project_id}/{resource_type}/{resource_id}/tags/delete

functiongraph::deleteTag

-

GET /v2/{project_id}/{resource_type}/tags

functiongraph::listTags

-

POST /v2/{project_id}/fgs/applications

functiongraph::createFunctionApp

-

DELETE /v2/{project_id}/fgs/applications/{id}

functiongraph::deleteFunctionApp

-

GET /v2/{project_id}/fgs/applications/{id}

functiongraph::getFunctionApp

-

GET /v2/{project_id}/fgs/applications

functiongraph::listFunctionApps

-

GET /v2/{project_id}/fgs/application/templates

functiongraph::listFunctionAppTemplates

-

POST /v2/{project_id}/fgs/vpc-endpoint

functiongraph::createVpcEndpoint

-

DELETE /v2/{project_id}/fgs/vpc-endpoint/{vpc_id}/{subnet_id}

functiongraph::deleteVpcEndpoint

-

GET /v2/{project_id}/fgs/functions/{func_urn}/download

functiongraph:function:getFunctionCode

-

GET /v2/{project_id}/fgs/admins/sysconfig

functiongraph:function:getFunctionConfig

-

GET /v2/{project_id}/fgs/domainname/vpc/{vpc_id}

functiongraph:function:getFunctionConfig

dns:zone:list

GET /v2/{project_id}/fgs/functions/{function_urn}/servicebridge/relation

functiongraph:function:listFunctions

-

POST /v2/{project_id}/fgs/packages

functiongraph:function:createFunction

-

DELETE /v2/{project_id}/fgs/packages/{package_name}

functiongraph:function:deleteFunction

-

PUT /v2/{project_id}/fgs/packages/{package_name}

functiongraph:function:createFunction

-

GET /v2/{project_id}/fgs/packages

functiongraph:function:listFunctions

-

PUT /v2/{project_id}/fgs/functions/{func_urn}/collect/{state}

functiongraph:function:updateFunctionConfig

-

GET /v2/{project_id}/fgs/template-labels

functiongraph:function:listFunctions

-

GET /v2/fgs/template-labels

functiongraph:function:listFunctions

-

GET /v2/{project_id}/fgs/templates

functiongraph:function:listFunctions

-

GET /v2/{project_id}/fgs/templates/{template_id}

functiongraph:function:listFunctions

-

GET /v2/fgs/runtimetypes

functiongraph:function:listFunctions

-

GET /v2/fgs/service-trusted-agencies

functiongraph:function:getFunctionConfig

-

GET /v2/{project_id}/fgs/feature

functiongraph:function:getFunctionConfig

-

POST /v2/{project_id}/fgs/agc/agency/{agency_name}

functiongraph:function:createFunction

-

POST /v2/{project_id}/fgs/functions/enable-async-status-logs

functiongraph::updateAsyncStatusLog

  • lts:groups:list
  • lts:groups:create
  • lts:logstreams:list
  • lts:structConfig:create

GET /v2/{project_id}/fgs/functions/async-status-log-detail

functiongraph::getAsyncStatusLogInfo

-

GET /v2/{project_id}/fgs/functions/{function_urn}/active-async-invocations

functiongraph:function:listActiveAsyncInvocations

-

GET /v2/{project_id}/fgs/functions/{function_urn}/export

functiongraph:function:export

-

POST /v2/{project_id}/fgs/functions/import

functiongraph:function:import

-

GET /v2/{project_id}/fgs/packages/{package_name}/export

functiongraph::exportPackage

-

POST /v2/{project_id}/fgs/packages/import

functiongraph::importPackage

-

POST /v2/{project_id}/fgs/functions/{function_urn}/versions

functiongraph:function:createVersion

-

GET /v2/{project_id}/fgs/functions/{function_urn}/versions

functiongraph:function:listVersion

-

POST /v2/{project_id}/fgs/functions/{function_urn}/aliases

functiongraph:function:createAlias

-

DELETE /v2/{project_id}/fgs/functions/{function_urn}/aliases/{alias_name}

functiongraph:function:deleteAlias

functiongraph:trigger:list

PUT /v2/{project_id}/fgs/functions/{function_urn}/aliases/{alias_name}

functiongraph:function:updateAlias

-

GET /v2/{project_id}/fgs/functions/{function_urn}/aliases

functiongraph:function:listAlias

-

GET /v2/{project_id}/fgs/functions/{function_urn}/aliases/{alias_name}

functiongraph:function:getAlias

-

-

functiongraph::listQuota

-

POST /v2/{project_id}/fgs/dependencies

functiongraph:dependency:createDependency

obs:object:GetObject

DELETE /v2/{project_id}/fgs/dependencies/{depend_id}

functiongraph:dependency:deleteDependency

-

PUT /v2/{project_id}/fgs/dependencies/{depend_id}

functiongraph:dependency:updateDependency

obs:object:GetObject

GET /v2/{project_id}/fgs/dependencies

functiongraph:dependency:listDependencies

-

GET /v2/{project_id}/fgs/dependencies/{depend_id}

functiongraph:dependency:getDependency

-

POST /v2/{project_id}/fgs/dependencies/version

functiongraph:dependency:createDependencyVersion

obs:object:GetObject

DELETE /v2/{project_id}/fgs/dependencies/{depend_id}/version/{version}

functiongraph:dependency:deleteDependencyVersion

-

GET /v2/{project_id}/fgs/dependencies/{depend_id}/version

functiongraph:dependency:listDependencyVersion

-

GET /v2/{project_id}/fgs/dependencies/{depend_id}/version/{version}

functiongraph:dependency:getDependencyVersion

-

POST /v2/{project_id}/fgs/functions/{function_urn}/events

functiongraph:function:createEvent

-

DELETE /v2/{project_id}/fgs/functions/{function_urn}/events/{event_id}

functiongraph:function:deleteEvent

-

PUT /v2/{project_id}/fgs/functions/{function_urn}/events/{event_id}

functiongraph:function:updateEvent

-

GET /v2/{project_id}/fgs/functions/{function_urn}/events

functiongraph:function:listEvent

-

GET /v2/{project_id}/fgs/functions/{function_urn}/events/{event_id}

functiongraph:function:getEvent

-

PUT /v2/{project_id}/fgs/functions/{function_urn}/tracing

functiongraph:function:updateTracing

-

GET /v2/{project_id}/fgs/functions/{function_urn}/tracing

functiongraph:function:getTracing

-

GET /v2/{project_id}/fgs/function/report

functiongraph::listFunctionByMetric

  • aom:metric:get
  • aom:metric:list

-

functiongraph:function:listFunctionStatistics

-

GET /v2/{project_id}/fgs/functions/statistics

functiongraph::listStatistics

aom:metric:get

-

functiongraph:function:getReservedInstanceMetrics

  • aom:metric:get
  • aom:metric:list

POST /v2/{project_id}/fgs/functions/enable-lts-logs

functiongraph::enableLtsLogs

  • lts:groups:list
  • lts:groups:create
  • lts:logstreams:list
  • lts:structConfig:create

GET /v2/{project_id}/fgs/functions/{function_urn}/lts-log-detail

functiongraph:function:getLtsLogConfiguration

-

PUT /v2/{project_id}/fgs/functions/{function_urn}/reservedinstances

functiongraph:function:updateReservedInstanceCount

-

GET /v2/{project_id}/fgs/functions/reservedinstances

functiongraph::listReservedInstanceCount

-

GET /v2/{project_id}/fgs/functions/reservedinstanceconfigs

functiongraph::listReservedInstanceConfig

-

GET /v2/{project_id}/fgs/functions/reservedinstances/state

functiongraph::getReservedInstanceState

-

-

functiongraph:function:invokeAsync

-

-

functiongraph:function:invokeSync

-

-

functiongraph:function:invokeReservedFunctionAsync

-

POST /v2/{project_id}/fgs/functions/{function_urn}/cancel

functiongraph:function:stopAsyncInvoke

lts:structConfig:get

GET /v2/{project_id}/fgs/functions/{function_urn}/async-invocations

functiongraph:function:listAsyncInvocation

  • lts:structConfig:get
  • lts:logStream:searchStructLog

DELETE /v2/{project_id}/fgs/functions/{function_urn}/async-invoke-config

functiongraph:function:deleteAsyncInvokeConfig

-

PUT /v2/{project_id}/fgs/functions/{function_urn}/async-invoke-config

functiongraph:function:updateAsyncInvokeConfig

-

GET /v2/{project_id}/fgs/functions/{function_urn}/async-invoke-configs

functiongraph:function:listAsyncInvokeConfig

-

GET /v2/{project_id}/fgs/functions/{function_urn}/async-invoke-config

functiongraph:function:getAsyncInvokeConfig

-

-

functiongraph:trigger:createTrigger

  • apig:groups:get
  • apig:apis:get
  • apig:apis:create
  • apig:apis:update
  • apig:apis:publish
  • apig:instances:get
  • apig:instances:create
  • apig:instances:update
  • cts:notification:create
  • dds:instance:get
  • dds:instance:list
  • dis:streams:list
  • dms:instance:get
  • dms:instance:list
  • eg:agency:create
  • eg:sources:create
  • eg:subscriptions:create
  • iotda:routingrules:create
  • iotda:routingactions:create
  • iotda:rules:modifyStatus
  • lts:topics:get
  • lts:subscriptions:create
  • obs:bucket:GetBucketLocation
  • obs:bucket:GetBucketNotification
  • obs:bucket:PutBucketNotification
  • smn:topic:list
  • smn:topic:update

-

functiongraph:trigger:delete

  • apig:apis:get
  • apig:apis:offline
  • apig:instances:get
  • cts:notification:delete
  • eg:subscriptions:get
  • eg:subscriptions:delete
  • iotda:routingactions:query
  • iotda:routingactions:delete
  • iotda:routingrules:delete
  • lts:subscriptions:delete
  • obs:bucket:GetBucketNotification
  • obs:bucket:PutBucketNotification
  • smn:topic:update

-

functiongraph:trigger:update

  • cts:notification:update
  • dds:instance:get
  • dds:instance:list
  • dis:streams:list
  • dms:instance:get
  • dms:instance:list
  • eg:subscriptions:update
  • iotda:rules:modifyStatus
  • lts:subscriptions:put

-

functiongraph:trigger:list

  • apig:apis:list
  • apig:instances:list
  • eg:subscriptions:list
  • iotda:subscriptions:queryList
  • iotda:routingactions:queryList
  • iotda:routingrules:queryList
  • obs:bucket:GetBucketNotification
  • smn:topic:list

-

functiongraph:trigger:get

  • apig:apis:get
  • apig:instances:get
  • eg:subscriptions:get
  • iotda:routingrules:query
  • smn:topic:list

-

functiongraph:trigger:batchDelete

  • apig:apis:get
  • apig:apis:offline
  • apig:instances:get
  • cts:notification:delete
  • eg:subscriptions:list
  • eg:subscriptions:delete
  • lts:subscriptions:delete
  • iotda:routingactions:query
  • iotda:routingactions:queryList
  • iotda:routingactions:delete
  • iotda:routingrules:delete
  • obs:bucket:GetBucketNotification
  • obs:bucket:PutBucketNotification
  • smn:topic:update

-

functiongraph::listObsNotifications

obs:bucket:GetBucketNotification

-

functiongraph::listObsBucket

obs:bucket:ListBucket

-

functiongraph:trigger:list

-

-

functiongraph:trigger:createTrigger

-

-

functiongraph:trigger:createTrigger

-

-

functiongraph:workflow:create

  • eg:subscriptions:create
  • eg:sources:list
  • eg:channels:list
  • eg:channels:putEvents
  • lts:logGroup:createLogGroup
  • lts:logStream:createLogStream
  • lts:logGroup:listLogGroup
  • smn:topic:listTopic
  • smn:topic:subscribe
  • smn:topic:listSubscriptionsByTopic
  • apig:apis:create
  • apig:apis:publish
  • apig:envs:list
  • apig:apps:list
  • apig:instances:list
  • apig:groups:list
  • apig:sharedInstance:operate
  • functiongraph:function:getFunctionConfig
  • functiongraph:function:listFunctions
  • functiongraph::listFunctionApps
  • functiongraph:function:listVersion

-

functiongraph:workflow:delete

  • eg:subscriptions:delete
  • lts:groups:put
  • lts:logStream:deleteLogStream
  • smn:topic:deleteSubscription
  • apig:apis:offline
  • apig:apis:delete
  • apig:sharedInstance:operate

-

functiongraph:workflow:update

  • eg:subscriptions:create
  • eg:sources:list
  • eg:channels:list
  • eg:channels:putEvents
  • lts:logGroup:createLogGroup
  • lts:logStream:createLogStream
  • lts:logGroup:listLogGroup
  • smn:topic:listTopic
  • smn:topic:subscribe
  • smn:topic:listSubscriptionsByTopic
  • apig:apis:create
  • apig:apis:publish
  • apig:envs:list
  • apig:apps:list
  • apig:instances:list
  • apig:groups:list
  • apig:sharedInstance:operate
  • functiongraph:function:getFunctionConfig
  • functiongraph:function:listFunctions
  • functiongraph::listFunctionApps
  • functiongraph:function:listVersion

-

functiongraph:workflow:list

-

-

functiongraph:workflow:listExecutions

-

-

functiongraph:workflow:getExecutionDetail

-

-

functiongraph:workflow:getConfig

-

-

functiongraph:workflow:listMetrics

aom:metric:list

-

functiongraph:workflow:getMetric

  • aom:metric:list
  • aom:metric:get

-

functiongraph:workflow:retry

eg:channels:putEvents

-

functiongraph:workflow:terminate

-

-

functiongraph:workflow:listExecutions

-

-

functiongraph:workflow:invokeSync

eg:channels:putEvents

-

functiongraph:workflow:invoke

eg:channels:putEvents

-

functiongraph:workflow:invoke

eg:channels:putEvents

-

functiongraph:workflow:invoke

eg:channels:putEvents

-

functiongraph:workflow:invoke

eg:channels:putEvents

-

functiongraph:workflow:listExecutions

-

-

functiongraph:workflow:getExecutionDetail

-

-

functiongraph:workflow:downloadOutput

-

-

functiongraph:workflow:cancel

-

-

functiongraph:workflow:list

-

-

functiongraph:workflow:create

  • eg:subscriptions:create
  • eg:sources:list
  • eg:channels:list
  • eg:channels:putEvents
  • lts:logGroup:createLogGroup
  • lts:logStream:createLogStream
  • lts:logGroup:listLogGroup
  • smn:topic:listTopic
  • smn:topic:subscribe
  • smn:topic:listSubscriptionsByTopic
  • apig:apis:create
  • apig:apis:publish
  • apig:envs:list
  • apig:apps:list
  • apig:instances:list
  • apig:groups:list
  • apig:sharedInstance:operate
  • functiongraph:function:getFunctionConfig
  • functiongraph:function:listFunctions
  • functiongraph::listFunctionApps
  • functiongraph:function:listVersion

-

functiongraph:workflow:delete

  • eg:subscriptions:delete
  • lts:groups:put
  • lts:logStream:deleteLogStream
  • smn:topic:deleteSubscription
  • apig:apis:offline
  • apig:apis:delete
  • apig:sharedInstance:operate

-

functiongraph:workflow:getConfig

-

-

functiongraph:workflow:update

  • eg:subscriptions:create
  • eg:sources:list
  • eg:channels:list
  • eg:channels:putEvents
  • lts:logGroup:createLogGroup
  • lts:logStream:createLogStream
  • lts:logGroup:listLogGroup
  • smn:topic:listTopic
  • smn:topic:subscribe
  • smn:topic:listSubscriptionsByTopic
  • apig:apis:create
  • apig:apis:publish
  • apig:envs:list
  • apig:apps:list
  • apig:instances:list
  • apig:groups:list
  • apig:sharedInstance:operate
  • functiongraph:function:getFunctionConfig
  • functiongraph:function:listFunctions
  • functiongraph::listFunctionApps
  • functiongraph:function:listVersion

-

functiongraph:workflow:metadata

-

-

functiongraph:workflow:metadata

-

-

functiongraph:workflow:metadata

-

-

functiongraph:workflow:metadata

-

-

functiongraph:workflow:list

-

-

functiongraph:workflow:getConfig

-

POST /v2/{project_id}/fgs/servicebridge

functiongraph:bridge:createServiceBridge

-

DELETE /v2/{project_id}/fgs/servicebridge/{bridge_name}

functiongraph:bridge:deleteServiceBridge

-

PUT /v2/{project_id}/fgs/servicebridge/{bridge_name}/config

functiongraph:bridge:updateServiceBridgeConfig

-

GET /v2/{project_id}/fgs/servicebridge

functiongraph:bridge:listServiceBridges

-

GET /v2/{project_id}/fgs/servicebridge/{bridge_name}/config

functiongraph:bridge:getServiceBridgeConfig

-

Resources

A resource type indicates the resources that an SCP policy applies to. If you specify a resource type for any action in Table 3, the resource URN must be specified in the SCP statements using that action, and the SCP applies only to resources of this type. If no resource type is specified, the Resource element is marked with an asterisk (*) and the SCP applies to all resources. You can also set condition keys in an SCP to define resource types.

The following table lists the resource types that you can define in SCP statements for FunctionGraph.

Table 3 Supported resource types

Resource Type

URN

workflow

functiongraph:<region>:<account-id>:workflow:<workflow-id>

function

functiongraph:<region>:<account-id>:function:<package-name>/<function-name>

trigger

functiongraph:<region>:<account-id>:trigger:<trigger-id>

Conditions

FunctionGraph does not support service-specific condition keys in SCPs.

It can only use global condition keys applicable to all services. For details, see Global Condition Keys.