操作场景
本文介绍如何通过创建自定义策略并授权绑定给对应子账号,授予子账号密钥用于多云管理所需的最小权限。
操作步骤
说明
2. 请参考 授权管理,将创建的策略关联子用户。
3. 请参考 添加密钥,将子账号密钥添加至多云平台。
4. 请参考 设置主密钥,将子账号密钥设置为主密钥。
此时,您已将多云平台所需的最小权限授予子账号,并将其密钥设置为主密钥。多云平台将使用该密钥访问及使用已授权的云资源。
附录
自定义策略内容
{"version": "2.0","statement": [{"action": ["cam:GetUserBasicInfo","organization:DescribeOrganization","cam:ListUsers","cam:DeleteUser","cam:UpdateUser","organization:DescribeOrganizationMembers","organization:CreateOrganizationMember","cam:AddUser","cam:DetachUserPolicy","cam:AttachUserPolicy","cam:ListPolicies","finance:DescribeBillDetail","cvm:DescribeInstances","cvm:StartInstances","cvm:StopInstances","cvm:RebootInstances","cvm:ModifyInstancesAttribute"],"resource": "*","effect": "allow"}]}
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["sts:GetCallerIdentity","organizations:DescribeOrganization","iam:ListUsers","iam:DeleteUser","iam:UpdateLoginProfile","organizations:ListAccounts","organizations:CreateAccount","organizations:DescribeCreateAccountStatus","iam:CreateUser","iam:CreateLoginProfile","iam:DetachUserPolicy","iam:AttachUserPolicy","iam:ListPolicies","ce:GetCostAndUsage","ce:GetDimensionValues","ec2:DescribeInstances","ec2:StartInstances","ec2:StopInstances","ec2:RebootInstances","ec2:DescribeRegions"],"Resource": "*"}]}