检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Cloud Server (ECS) instance ECS Elastic Volume Service (EVS) volume EVS disk FunctionGraph function Function trigger Trigger Graph Engine Service (GES) graphName GES graph name backupName GES backup name metadataName Metadata name Intelligent EdgeFabric (IEF) product Product node
This example shows how to create an agency and delegate permissions to Huawei Cloud Elastic Cloud Server (ECS), a scalable, on-demand provisioning cloud server.
ECS Admin ECS FullAccess ECS Viewer ECS ReadOnlyAccess ECS User ECS CommonOperations ELB ELB Admin ELB FullAccess ELB Viewer ELB ReadOnlyAccess EPS EPS Admin EPS FullAccess EPS Viewer EPS ReadOnlyAccess EVS EVS Admin EVS FullAccess EVS Viewer EVS ReadOnlyAccess GES GES Admin GES
cloudServers:reboot", "ecs:cloudServers:start", "ecs:cloudServers:get", "ecs:cloudServers:list", "ecs:cloudServers:stop" ] } ] } Example 2: Only allowing users to stop and delete ECSs in batches
If an IAM user has the ECS ReadOnlyAccess permission for all resources and enterprise project A, the user can view all ECS resources. Modify the permissions of the user on the IAM console.
Computing O&M team ECS FullAccess Full permissions for Elastic Cloud Server (ECS), including permissions for purchasing ECS resources.
When you start an ECS, you can specify an agency for the ECS as a startup parameter. Applications running on the ECS can access Huawei Cloud resources by providing the temporary access key obtained using the agency.
FullAccess Full permissions for Elastic Cloud Server (ECS) OBS FullAccess Full permissions for Object Storage Service (OBS) ELB FullAccess Full permissions for Elastic Load Balance (ELB) Security maintenance team Security O&M of the project ECS CommonOperations Permissions for basic
FullAccess Full permissions for Elastic Cloud Server (ECS) OBS FullAccess Full permissions for Object Storage Service (OBS) ELB FullAccess Full permissions for Elastic Load Balance (ELB) Security maintenance team Security O&M of the project ECS CommonOperations Permissions for basic
"ecs:*:*", "evs:*:*", "vpc:*:*", "elb:*:*", "aom:*:*" ] } ] } The following is an example policy that allows
Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region.
Table 1 Required permissions Cloud Service Application Scope Permissions ECS Region-specific projects ECS FullAccess OBS Global regions OBS OperateAccess In the user group list, click Authorize in the row containing the developer user group.
Region-specific projects Computing O&M ECS FullAccess Administrator permissions for Elastic Cloud Server (ECS). Region-specific projects CCE FullAccess Administrator permissions for Cloud Container Engine (CCE).
For example, you can add an Elastic Cloud Server (ECS) to an enterprise project, and assign permissions to a user for managing the ECS in the project. The user then can manage only this ECS.
Table 1 Critical operations defined by cloud services Service Category Service Critical Operation Compute Elastic Cloud Server (ECS) Stopping, restarting, or deleting an ECS Resetting the password for logging in to an ECS Detaching a disk Unbinding an EIP Changing specifications without
Delegating Other Accounts or Cloud Services for Resource Management Delegating Permissions Across Accounts with Agencies Accessing Other Cloud Services from ECS Using Temporary Access Keys of an Agency
Choose Elastic Cloud Server from the service list to go to the ECS console. If the IAM user can perform all operations such as creating and managing ECSs, the ECS FullAccess permissions have been configured successfully. Choose Object Storage Service from the service list.
For example, you can add an Elastic Cloud Server (ECS) to an enterprise project, and assign permissions to a user for managing the ECS in the project. The user then can manage only this ECS. You cannot create projects in IAM after enabling Enterprise Management.
", "catalog": "CUSTOMED", "policy": { "Version": "1.1", "Statement": [ { "Action": [ "ecs:*:get*", "ecs:*:list*", "ecs:blockDevice:use", "ecs:serverGroups:
", "catalog" : "CUSTOMED", "policy" : { "Version" : "1.1", "Statement" : [ { "Action" : [ "ecs:*:get*", "ecs:*:list*", "ecs:blockDevice:use", "ecs:serverGroups:manage", "ecs:serverVolumes:use", "evs:*:get*", "evs:*:list*", "vpc:*:get*", "vpc:*:list*", "
