公网IP策略示例
当您需要授权某个子用户“云主机绑定/解绑公网IP”的操作权限时,您可以这样编辑策略:
例1:公网IP绑定默认私网下的云主机
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"vpc:DescribeEip*",
"vpc:*ssociateEip*",
"cec:DescribeInstance*",
"vpc:AssociateEip",
"vpc:DescribeNetworks"
],
"Resource": [
"ccs:vpc:cn-test-suzhou1:*:eip-rv180h4obpg13u",
"ccs:cec:cn-test-suzhou1:*:i-ay180h4ob3k20t",
"ccs:vpc:cn-test-suzhou1:*:n-sc180h4nfc348e"
]
},
{
"Effect": "Allow",
"Action": [
"vpc:DescribeEips",
"cec:DescribeInstance*"
],
"Resource": [
"ccs:vpc:cn-test-suzhou1:*:eip-1",
"ccs:cec:cn-test-suzhou1:*:-1"
]
}
]
}
例2:公网IP绑定自定义私网下的云主机(此时需要把自定义私网连接的路由器的相关权限也给到子用户)
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"vpc:*ssociateEip*",
"cec:DescribeInstance*"
],
"Resource": [
"ccs:vpc:cn-test-suzhou1:*:eip-rv180h4obpg13u",
"ccs:vpc:cn-test-suzhou1:*:n-3u180h4h9wa89",
"ccs:vpc:cn-test-suzhou1:*:r-g5180h4h9tv93x",
"ccs:cec:cn-test-suzhou1:*:-1"
]
},
{
"Effect": "Allow",
"Action": [
"vpc:DescribeEip*",
"vpc:*ssociateEip*",
"vpc:DescribeNetworks",
"vpc:DescribeRouter*"
],
"Resource": [
"ccs:vpc:cn-test-suzhou1:*:eip-rv180h4obpg13u",
"ccs:vpc:cn-test-suzhou1:*:n-3u180h4h9wa89",
"ccs:vpc:cn-test-suzhou1:*:r-g5180h4h9tv93x",
"ccs:vpc:cn-test-suzhou1:*:eip-1",
"ccs:vpc:cn-test-suzhou1:*:r-1"
]
}
]
}