Action Change Notice

Description

From September 2024, if users use custom policies to access the following APIs, they need to create new or update existing custom policies.

Permission	API	New Action	Related Action	IAM Project	Enterprise Project
Querying SSL Certificates	GET /v2/{project_id}/apigw/certificates	apig:certificate:list	-	√	√
Adding an SSL certificate	POST /v2/{project_id}/apigw/certificates	apig:certificate:create	apig:instances:get	√	Supported only when the parameter instance_id is carried in the request.
Deleting an SSL certificate	DELETE /v2/{project_id}/apigw/certificates/{certificate_id}	apig:certificate:delete	-	√	×
Querying Certificate Details	GET /v2/{project_id}/apigw/certificates/{certificate_id}	apig:certificate:get	-	√	×
Modifying an SSL certificate	PUT /v2/{project_id}/apigw/certificates/{certificate_id}	apig:certificate:update	apig:instances:get	√	Supported only when the parameter instance_id is carried in the request.
Querying Domain Names of an SSL Certificate	GET /v2/{project_id}/apigw/certificates/{certificate_id}/attached-domains	apig:certificate:listBoundDomain	-	√	×
Binding an SSL Certificate to a Domain Name	POST /v2/{project_id}/apigw/certificates/{certificate_id}/domains/attach	apig:certificate:batchBindDomain	apig:certificate:get apig:groups:get	√	×
Unbinding an SSL certificate from a domain name	POST /v2/{project_id}/apigw/certificates/{certificate_id}/domains/detach	apig:certificate:batchUnbindDomain	apig:certificate:get apig:groups:get	√	×
Querying VPC Endpoint Connections	GET /v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/connections	apig:instance:listVpcEndpoint	apig:instances:get	√	√
Accepting or Rejecting a VPC Endpoint Connection	POST /v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/connections/action	apig:instance:acceptOrRejectVpcEndpointConnection	apig:instances:get	√	√
Querying Whitelist Records of a VPC Endpoint Service	GET /v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions	apig:instance:listVpcEndpointPermission	apig:instances:get	√	√
Adding Whitelist Records for a VPC Endpoint Service	POST/v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions/batch-add	apig:instance:batchAddVpcEndpointPermission	apig:instances:get	√	√
Deleting Whitelist Records of a VPC Endpoint Service	POST/v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions/batch-delete	apig:instance:batchDeleteVpcEndpointPermission	apig:instances:get	√	√
Creating a Parameter Orchestration Rule	POST /v2/{project_id}/apigw/instances/{instance_id}/orchestration	apig:orchestration:create	apig:instances:get	√	√
Viewing Orchestration Rules	GET /v2/{project_id}/apigw/instances/{instance_id}/orchestration	apig:orchestration:list	apig:instances:get	√	√
Querying Rule Details	GET /v2/{project_id}/apigw/instances/{instance_id}/orchestrations/{orchestration_id}	apig:orchestration:get	apig:instances:get	√	√
Updating an Orchestration Rule	PUT /v2/{project_id}/apigw/instances/{instance_id}/orchestrations/{orchestration_id}	apig:orchestration:update	apig:instances:get	√	√
Deleting an Orchestration Rule	DELETE /v2/{project_id}/apigw/instances/{instance_id}/orchestrations/{orchestration_id}	apig:orchestration:delete	apig:instances:get	√	√
Querying APIs to Which an Orchestration Rule Is Bound	GET /v2/{project_id}/apigw/instances/{instance_id}/orchestrations/{orchestration_id}/attached-apis	apig:orchestration:listBoundApis	apig:instances:get	√	√

Scope

All regions

Impact

If a custom policy does not contain the preceding actions, users assigned this policy cannot access these APIs.

Solution

Create or update custom policies, add the preceding new actions and related actions, and assign custom policies to user groups for fine-grained access control. For details about custom policies, see APIG Custom Policies.

Parent topic: Product Bulletin

Previous topic: Product Bulletin

Next topic: Vulnerability Notices