访问管理 CAM-角色组件

最近更新时间:2019-11-25 13:03:34

操作场景

访问管理 CAM-角色(CAM-role)组件是 serverless-tencent 组件库中的基础组件之一。通过 CAM-role 组件,您可以快速且方便地创建、配置和管理腾讯云的 CAM 角色。

操作步骤

通过 CAM-role 组件,对一个 CAM 的角色进行完整的创建、配置、部署和删除等操作。支持命令如下:

安装

通过 npm 安装 Serverless:

$ npm install -g serverless

创建

本地创建 serverless.yml.env 两个文件:

$ touch serverless.yml
$ touch .env # 腾讯云的配置信息

.env 文件中配置腾讯云的 APPID、SecretId 和 SecretKey 信息并保存。

# .env
TENCENT_SECRET_ID=123
TENCENT_SECRET_KEY=123
TENCENT_APP_ID=123
说明:

配置

在 serverless.yml 中进行如下配置:

# serverless.yml

# serverless.yml

myRole:
  component: "@serverless/tencent-cam-role"
  inputs:
    roleName: QCS_SCFExcuteRole
    service:
      - scf.qcloud.com
      - cos.qcloud.com
    policy:      
      policyName:
        - QCloudResourceFullAccess
        - QcloudAccessForCDNRole

查看详细配置文档>>

部署

通过如下命令进行部署,并查看部署过程中的信息:

$ sls --debug

  DEBUG ─ Resolving the template's static variables.
  DEBUG ─ Collecting components from the template.
  DEBUG ─ Downloading any NPM components found in the template.
  DEBUG ─ Analyzing the template's components dependencies.
  DEBUG ─ Creating the template's components graph.
  DEBUG ─ Syncing template state.
  DEBUG ─ Executing the template's components graph.
  DEBUG ─ Syncing role c0hhdv-qt9mh6xj in region ap-guangzhou.
  DEBUG ─ Updating policy for role c0hhdv-qt9mh6xj.
  DEBUG ─ Saved state for role c0hhdv-qt9mh6xj.
  DEBUG ─ Role c0hhdv-qt9mh6xj was successfully deployed to region ap-guangzhou.
  DEBUG ─ Deployed role roleId is 4611686018427945536.

  myRole: 
    roleName:    QCS_SCFExcuteRole
    description: This is tencent-cam-role component.
    roleId:      4611686018427945536
    service: 
      - cos.qcloud.com
      - scf.qcloud.com
    policy: 
      policyId: 
        - 16313162
        - 2
      policyName: 
        - QCloudResourceFullAccess
        - QcloudAccessForCDNRole

  17s › myRole › done

移除

$ sls remove --debug

  DEBUG ─ Flushing template state and removing all components.
  DEBUG ─ Removing role c0hhdv-qt9mh6xj from region ap-guangzhou.
  DEBUG ─ Role c0hhdv-qt9mh6xj successfully removed from region ap-guangzhou.

  1s › myRole › done