检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Elastic Cloud Server (ECS) The Organizations service provides Service Control Policies (SCPs) to set access control policies. SCPs do not actually grant any permissions to an entity. They only set the permissions boundary for the entity.
Service Name Reference 1 Elastic Cloud Server (ECS) Elastic Cloud Server (ECS) 2 Bare Metal Server (BMS) Bare Metal Server (BMS) 3 Image Management Service (IMS) Image Management Service (IMS) 4 Auto Scaling Auto Scaling (AS) 5 FunctionGraph FunctionGraph Storage No.
If you want to restrict access in specific ways, you can modify the Action and Resource elements. { "Version": "5.0", "Statement": [ { "Effect": "Deny", "Action": [ "ecs:*:*" ], "Resource": [ "*" ], "Condition": {
cluster from which a node is migrated. cce:nodeTransferTargetCluster string Single-valued Obtains access permissions based on the ID of the destination cluster to which a node is migrated. cce:AssociatePublicIp string Single-valued Obtains access permissions based on whether the ECS
Grants permission to obtain the list of changed files. list - g:EnterpriseProjectId hss:keyfile:listFileHostEventDetails Grants permission to obtain details about change files on a server. list host * g:EnterpriseProjectId hss:keyfile:listFileHosts Grants permission to obtain the ECS
vpc:subnets:list vpc:subnets:get vpc:ports:create vpc:ports:update vpc:ports:delete vpc:ports:get POST /v1.0/{project_id}/clusters/{cluster_id}/flavor css:cluster:modifySpecifications ecs:cloudServerFlavors:get GET /v1.0/{project_id}/es-flavors css:cluster:listFlavors ecs:cloudServerFlavors
ID used for ECS creation. as:ImsDiskImageId String Multivalued Filters access by the disk image ID used for ECS creation. as:CbrDiskSnapshotId String Multivalued Filters access by the disk backup ID used for ECS creation. as:EcsServerGroupId String Single-valued Filters access by
Distributed Cache Service (DCS) The Organizations service provides Service Control Policies (SCPs) to set access control policies. SCPs do not actually grant any permissions to a principal. They only set the permissions boundary for the principal. When SCPs are attached to a member
Compute Elastic Cloud Server (ECS) Bare Metal Server (BMS) Image Management Service (IMS) Auto Scaling (AS) FunctionGraph Parent topic: Actions Supported by SCP-based Authorization
cluster:resize - dws:cluster:checkRestoreTable - dws:cluster:scaleIn - dws:cluster:checkSupportFineGrainedBackup - dws:cluster:configureNetwork - POST /v1.0/{project_id}/snapshots/{snapshot_id}/linked-copy dws:cluster:copySnapshot - POST /v1.0/{project_id}/clusters dws:cluster:create ecs
Enhanced datasource connections Elastic resource pools Jobs Queues Resources Distributed Message Service (DMS) Kafka instances RabbitMQ instances RocketMQ instances Domain Name Service (DNS) PTR Domain names Data Replication Service (DRS) Jobs Data Warehouse Service (DWS) Clusters Elastic
List - - - cbh::getEcsQuota Grants the permission to obtain the ECS quota. Read - - - cbh::getQuota Grants the permission to query the CBH instance quotas. Read - - - cbh::listSpecifications Queries protection specifications.
Example: "ecs:*:*:instance:*", representing all ECS instances. The following elements are not supported in SCPs: Principal NotPrincipal NotResource Condition Keys A condition key is a key in the Condition element of a statement.
/v3/tasks/{task_id} sms:server:deleteTask ecs:cloudServers:showServer ecs:cloudServers:attach evs:volumes:use ecs:cloudServers:stop ecs:cloudServers:start ecs:cloudServers:detachVolume evs:volumes:delete evs:snapshots:delete evs:volumes:get POST /v3/tasks/{task_id}/action sms:server
kps:SSHKeyPair:unbind ecs:cloudServers:createServers ecs:cloudServers:deleteServers ecs:cloudServers:showServer ecs:cloudServers:attach ecs:cloudServers:listServerBlockDevices ecs:cloudServers:showServerBlockDevice ecs:cloudServers:detachVolume ecs:cloudServers:listServerInterfaces
cloudServers:listServersDetails evs:volumes:list POST /v3/{project_id}/checkpoints/sync cbr:vaults:sync - POST /v3/{project_id}/vaults cbr:vaults:create ecs:cloudServers:listServersDetails evs:volumes:list POST /v3/{project_id}/vaults/order cbr:vaults:create ecs:cloudServers:listServersDetails
Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region.
apig:loadBalanceChannel:listBackendServerAddress apig:instance:get apig:loadBalanceChannel:get POST /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members apig:loadBalanceChannel:createBackendServerAddress apig:instance:get apig:loadBalanceChannel:get ecs
delete - GET /v2/{project_id}/access-policy/{access_policy_id}/objects workspace:accessPolicies:getTarget - PUT /v2/{project_id}/access-policy/{access_policy_id}/objects workspace:accessPolicies:updateTarget - GET /v2/{project_id}/products workspace:products:listDesktopProducts ecs
The following example is incorrect because it contains two JSON objects, with two outermost pairs of braces ({}): { "Version": "5.0", "Statement": [ { "Effect": "Allow", "Action": [ "ecs:*:*" ], "Resource": [ "*" ] } ] }
