主机迁移服务 SMS-配置权限:创建IAM自定义策略并为用户组IAM项目授权

时间:2024-08-29 11:24:44

创建 IAM 自定义策略并为用户组IAM项目授权

  1. 参考创建自定义策略中的“JSON视图配置自定义策略”,创建IAM自定义策略“ SMS Custom Policy For EPS At IAM”。

    JSON视图策略内容如下:(将如下内容复制到策略内容中)
    {
        "Version": "1.1",
        "Statement": [
            {
                "Action": [
                    "ecs:availabilityZones:list",
                    "ecs:servers:list",
                    "ecs:servers:unlock",
                    "ecs:servers:lock",
                    "ecs:servers:reboot",
                    "ecs:serverPasswords:manage",
                    "ecs:diskConfigs:use",
                    "ecs:servers:setMetadata",
                    "ecs:serverVolumes:use",
                    "ecs:serverKeypairs:create",
                    "ecs:serverKeypairs:get",
                    "ecs:serverKeypairs:delete",
                    "ecs:serverInterfaces:use",
                    "ecs:serverGroups:manage",
                    "ecs:securityGroups:use",
                    "vpc:securityGroupRules:create",
                    "vpc:securityGroupRules:delete",
                    "vpc:securityGroupRules:get",
                    "vpc:securityGroupRules:update",
                    "vpc:networks:get",
                    "vpc:ports:get",
                    "vpc:vpcTags:get",
                    "vpc:subnetTags:get",
                    "vpc:routers:get",
                    "vpc:securityGroups:get",
                    "evs:volumes:list",
                    "evs:types:get"
                ],
                "Effect": "Allow"
            }
        ]
    }

  2. 统一身份认证 服务,左侧导航窗格中,选择“用户组”,进入用户组列表页面。
  3. 单击创建的用户组Test_EPS名称,进入“授权记录”页签。
  4. 单击“授权”,勾选“SMS Custom Policy For EPS At IAM”策略,单击“下一步”。
  5. 授权范围选择“所有资源”,单击“确定”。

support.huaweicloud.com/bestpractice-sms/sms_05_0042.html