子账号权限管理


可授权VPC Action和对应资源


Action描述ActionResource
创建VPCCreateVpccomb:vpc:${region}:*:vpc/*
删除VPCDeleteVpccomb:vpc:${region}:*:vpc/vpc-id
设置VPCSetVpccomb:vpc:${region}:*:vpc/vpc-id
获取VPC详情GetVpccomb:vpc:${region}:*:vpc/vpc-id
查看VPC列表ListVpccomb:vpc:${region}:*:vpc/*
获取VPC内实例列表ListVpcInstancecomb:vpc:${region}:*:vpc/vpc-id
创建子网CreateSubnetcomb:vpc:${region}:*:vpc/vpc-id comb:vpc:${region}:*:routetable/routetable-id(可选参数)
删除子网DeleteSubnetcomb:vpc:${region}:*:subnet/subnet-id
设置子网SetSubnetcomb:vpc:${region}:*:subnet/subnet-id
获取子网列表ListSubnetcomb:vpc:${region}:*:vpc/vpc-id
获取子网详情GetSubnetcomb:vpc:${region}:*:subnet/subnet-id
创建路由表CreateRouteTablecomb:vpc:${region}:*:vpc/vpc-id
删除路由表DeleteRouteTablecomb:vpc:${region}:*:routetable/routetable-id
获取路由表详情GetRouteTablecomb:vpc:${region}:*:routetable/routetable-id
获取路由表列表ListRouteTablecomb:vpc:${region}:*:vpc/vpc-id
将路由表关联到子网AttachSubnetcomb:vpc:${region}:*:subnet/subnet-id comb:vpc:${region}:*:routetable/routetable-id
创建路由CreateRoutecomb:vpc:${region}:*:routetable/routetable-id
删除路由DleteRoutecomb:vpc:${region}:*:route/route-id
获取某个路由表路由列表ListRoutecomb:vpc:${region}:*:routetable/routetable-id
创建安全组CreateSecurityGroupcomb:vpc:${region}:*:vpc/vpc-id
删除安全组DeleteSecurityGroupcomb:vpc:${region}:*:securitygroup/securitygroup-id
获取安全组详情GetSecurityGroupcomb:vpc:${region}:*:securitygroup/securitygroup-id
获取安全组列表ListSecurityGroupcomb:vpc:${region}:*:vpc/vpc-id
更新安全组信息UpdateSecurityGroupcomb:vpc:${region}:*:securitygroup/securitygroup-id
将实例加入安全组JoinSecurityGroupcomb:vpc:${region}:*:securitygroup/*
将实例移除安全组LeaveSecurityGroupcomb:vpc:${region}:*:securitygroup/*
获取某个安全组实例数量GetInstanceCountcomb:vpc:${region}:*:securitygroup/securitygroup-id
获取安全组实例列表ListSecurityGroupInstancecomb:vpc:${region}:*:securitygroup/securitygroup-id
获取实例加入的安全组列表ListInstanceSecurityGroupscomb:vpc:${region}:*:securitygroup/*
创建安全组规则CreateSecurityGroupRulecomb:vpc:${region}:*:securitygroup/securitygroup-id
删除安全组规则DeleteSecurityGroupRulecomb:vpc:${region}:*:securitygrouprule/securitygrouprule-id
获取安全组规则列表ListSecurityGroupRulecomb:vpc:${region}:*:securitygroup/securitygroup-id
获取安全组规则详情GetSecurityGroupRulecomb:vpc:${region}:*:securitygrouprule/securitygrouprule-id
设置子网DHCP规则ModifyDhcpOptionscomb:vpc:${region}:*:subnet/subnet-id
获取子网DHCP规则GetDhcpOptionscomb:vpc:${region}:*:subnet/subnet-id
创建公网SNAT网关CreateSnatGatewaycomb:vpc:${region}:*:vpc/vpc-id
删除公网SNAT网关DeleteSnatGatewaycomb:vpc:${region}:*:snatgateway/snatgateway-id
获取公网SNAT网关详情GetSnatGatewaycomb:vpc:${region}:*:snatgateway/snatgateway-id
获取公网SNAT网关列表ListSnatGatewaycomb:vpc:${region}:*:snatgateway/*
变更公网SNAT网关ChangeSnatGatewaycomb:vpc:${region}:*:snatgateway/snatgateway-id

策略管理

VPC管理权限(VpcFullAccess)包括如下Action

  • CreateVpc
  • DeleteVpc
  • SetVpc
  • GetVpc
  • ListVpc
  • ListVpcInstance
  • CreateSubnet
  • DeleteSubnet
  • SetSubnet
  • ListSubnet
  • GetSubnet
  • CreateRouteTable
  • DeleteRouteTable
  • GetRouteTable
  • ListRouteTable
  • AttachSubnet
  • CreateRoute
  • DleteRoute
  • ListRoute
  • CreateSecurityGroup
  • DeleteSecurityGroup
  • GetSecurityGroup
  • ListSecurityGroup
  • UpdateSecurityGroup
  • JoinSecurityGroup
  • LeaveSecurityGroup
  • GetInstanceCount
  • ListSecurityGroupInstance
  • ListInstanceSecurityGroups
  • CreateSecurityGroupRule
  • DeleteSecurityGroupRule
  • ListSecurityGroupRule
  • GetSecurityGroupRule
  • ModifyDhcpOptions
  • GetDhcpOptions
  • CreateSnatGateway
  • DeleteSnatGateway
  • GetSnatGateway
  • ListSnatGateway
  • ChangeSnatGateway

VPC只读权限包(VpcReadOnlyAccess)包括如下Action

  • GetVpc
  • ListVpc
  • ListVpcInstance
  • ListSubnet
  • GetSubnet
  • GetRouteTable
  • ListRouteTable
  • ListRoute
  • GetSecurityGroup
  • ListSecurityGroup
  • GetInstanceCount
  • ListSecurityGroupInstance
  • ListInstanceSecurityGroups
  • ListSecurityGroupRule
  • GetSecurityGroupRule
  • GetDhcpOptions
  • GetSnatGateway
  • ListSnatGateway