更新时间:2022-06-12 23:26:26
【RAM控制台】->【策略管理】->【自定义授权策略】->【新建授权策略】-> 【空白模板】
创建按量付费ECS自定义授权策略如下:
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecs:DescribeImages",
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches",
"ecs:DescribeSecurityGroups",
"ecs:DescribeKeyPairs",
"ecs:DescribeTags",
"ecs:RunInstances"
],
"Resource": "*"
}
]
}
创建包年包月 ECS 自定义授权策略如下(其中bss相关的为查看、支付订单等权限,可参考 AliyunBSSOrderAccess 系统策略):
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecs:DescribeImages",
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches",
"ecs:DescribeSecurityGroups",
"ecs:DescribeKeyPairs",
"ecs:DescribeTags",
"ecs:CreateInstance",
"bss:DescribeOrderList",
"bss:DescribeOrderDetail",
"bss:PayOrder",
"bss:CancelOrder"
],
"Resource": "*"
}
]
}
【用户管理】->【授权】-> 选择刚刚创建的 自定义策略进行授权
注:创建包年包月实例需要授权bss相关的权限用于查看和支付订单,可参考 AliyunBSSOrderAccess 系统策略。
ecs:DescribeInstances
、ecs:DescribeDisks
权限Describe
类权限太多太繁杂,也可以授 系统策略 AliyunECSReadOnlyAccess(只读访问云服务器服务ECS的权限)