阿里云后台访问控制的权限管理,良心说这个权限分得真是细,细到一般人都看不懂。
非技术人员看帮助文档比较费劲,例子太少。
自己摸索也只是知道怎么给“实例”加team tag
然后通过tag筛选控制权限。安全组策略的等等也可以使用类似方法。
那些被分配权限的小号也有坑,登录后台不是aliyun.com,而是signin.aliyun.com
进到后台你会发现根本找不到被开放权限的主机,因为还需要选帐号全部资源》具体的服务器位置(美国硅谷之类的)。
全局标签,填好,键值,如此操作后就行了。还没有就多登录退出几次。也许就好了
一些规则,具体哪个靠谱我都忘了,试试就行了
+++++++++++++++++++++++++++++++++++
{
"Statement": [
{
"Action": "ecs:*",
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringEquals": {
"ecs:tag/team": "huixing"
}
}
},
{
"Action": "ecs:DescribeTag*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches"
],
"Resource": "*",
"Effect": "Allow"
}
],
"Version": "1"
}
++++++++++++++++++++++++++++++++++++++++
{
"Version": "1",
"Statement": [
{
"Action": "ecs:*",
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringEquals": {
"ecs:tag/*": "*"
}
}
},
{
"Action": "ecs:DescribeTag*",
"Effect": "Allow",
"Resource": "*"
}
]
}
++++++++++++++++++++++++++++++++++++
什么都允许
{
"Statement": [
{
"Action": "*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "1"
}
+++++++++++++++++++++++++++++++++
{
"Statement": [
{
"Action": "ecs:*",
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringEquals": {
"ecs:tag/team": "wuhan"
}
}
},
{
"Action": "ecs:DescribeTag*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches"
],
"Resource": "*",
"Effect": "Allow"
}
],
"Version": "1"
}