After specifying action and resource to create a custom policy, you can directly call the API for operations on related resources. The mapping between console features and actions is explained below.
Note
Tencent Cloud CDN can authorize resources by domain name. Authorization does not distinguish between service regions in and outside the Chinese mainland under the same domain name.
When you migrate ECDN services to the CDN console, the ECDN API permission policies will be automatically mapped to corresponding CDN API permission policies. However for resource-level permission policies, you need to set them again in CDN after the migration.
Service Overview
Service overview can categorized as follows based on the displayed content:
Functional Module | Authorized Action | Must-Knows |
Service Usage Display | DescribeCdnData DescribeBillingData | If only part of the domains are authorized, you can only independently query the usage of each domain name. |
Domain name statistics | DescribeDomains | The total number of authorized domain names will be returned |
<Billing Status> | DescribePayType | The permission to change the billing mode cannot be granted to sub-accounts currently |
Traffic package statistics | DescribeTrafficPackages | Traffic package status is account-level data, and any associated resources can be queried |
Domain Management
Functional Module | Authorized Action | Must-Knows |
Domain name list and query | DescribeDomains | Query / Display / Download basic domain configuration Full detailed configuration requires authorization DescribeDomainsConfig |
Adding domain name | DescribeDomains | Domain names can be added in any acceleration service region |
Disabling domain name | StopCdnDomain | - |
Enabling domain name | StartCdnDomain | - |
Deleting a domain name | DeleteCdnDomain | - |
Modifying domain name project | UpdateDomainConfig | The domain's associated project is part of the domain configuration All configuration items of a domain name can be modified after authorization |
Domain name configuration management | UpdateDomainConfig DescribeDomainsConfig | All configuration items of a domain name can be viewed/modified after authorization |
Certificate Management
Functional Module | Authorized Action | Must-Knows |
Querying certificate list | DescribeDomainsConfig | All configuration items of a domain name can be viewed after authorization |
Configuring Certificates | UpdateDomainConfig | All configuration items of a domain name can be modified after authorization |
Batch configuring certificates | UpdateDomainsHttps | It is used to configure certificates in batches |
Statistical Analysis
Functional Module | Authorized Action | Must-Knows |
Querying detailed access data | DescribeCdnData | All access data metrics under a domain name can be queried after authorization |
Querying detailed origin-pull data | DescribeOriginData | All origin-pull data metrics under a domain name can be queried after authorization |
Top Traffic/Request Query Top Domain Ranking Query Domain Status Code Ranking Query Domestic Province Usage Ranking Query Domestic ISP Usage Ranking Query Overseas Region Usage Ranking | ListTopData | Rankings of different data metrics and dimensions can be queried after authorization |
Unique IP Count Query | DescribeIpVisit | - |
Purge and Prefetch
Functional Module | Authorized Action |
Submitting URL purge | PurgeUrlsCache |
Submitting directory refresh | PurgePathCache |
Query purge records | DescribePurgeTasks |
Submitting preheating task | PushUrlsCache |
Querying prefetch records | DescribePushTasks |
Cloud Log Service
Functional Module | Authorized Action |
Querying log download link | DescribeCdnDomainLogs |
Entire Network Status Monitoring
The console global network status monitoring page supports viewing by all sub-accounts without authorization.
Operational Report
Functional Module | Authorized Action | Must-Knows |
Querying detailed access data | DescribeCdnData | All access data metrics under a domain name can be queried after authorization |
Querying detailed origin-pull data | DescribeOriginData | All origin-pull data metrics under a domain name can be queried after authorization |
Top Traffic/Request Query Top Domain Ranking Query Domain Status Code Ranking Query Domestic Province Usage Ranking Query Domestic ISP Usage Ranking Query Overseas Region Usage Ranking | ListTopData | Rankings of different data metrics and dimensions can be queried after authorization |
Unique IP Count Query | DescribeIpVisit | - |
Traffic Package
Functional Module | Authorized Action | Must-Knows |
Querying traffic package list | DescribeTrafficPackages | The API response is unrelated to the Resource; any resource authorization can query |
Note
Currently, the traffic package renewal and renewal cancellation logics cannot be authorized.
IP Ownership Query
Functional Module | Authorized Action | Must-Knows |
Querying whether IP belongs to Tencent Cloud CDN | DescribeCdnIp | The API response is unrelated to the Resource; any resource authorization can query |
Self-Diagnostic Tool
Currently, the self-diagnosis tool cannot be authorized for sub-accounts.