Esta página aún no está disponible en su idioma local. Estamos trabajando arduamente para agregar más versiones de idiomas. Gracias por tu apoyo.
- What's New
- Function Overview
- Product Bulletin
- Service Overview
- Getting Started
- User Guide
- API Reference
-
Best Practices
- Direct Connect Best Practices
- Connecting an On-Premises Data Center to a VPC over a Single Connection and Using Static Routing to Route Traffic
- Connecting an On-Premises Data Center to a VPC over a Single Connection and Using BGP Routing to Route Traffic
- Connecting an On-Premises Data Center to a VPC over Two Connections in Load Balancing Mode (Virtual Gateway)
- Connecting an On-Premises Data Center to a VPC over Two Connections in an Active/Standby Pair (Virtual Gateway)
- Connecting an On-Premises Data Center to Multiple VPCs that Do Not Need to Communicate with Each Other
- Connecting an On-Premises Data Center to Multiple VPCs in the Same Region Using Direct Connect and VPC Peering
- Using a Public NAT Gateway and Direct Connect to Accelerate Internet Access
- Troubleshooting
-
FAQs
-
Popular Questions
- What Are the Network Requirements for Connections?
- How Do I Select a Carrier When Purchasing a Connection?
- How Will I Be Billed for Direct Connect?
- How Do I Submit a Service Ticket?
- How Do I Test the Network Connectivity Between a Location and the Cloud?
- What Do I Do If I Select the Wrong Carrier When Creating a Connection?
-
Product Consultation
- What Are the Network Requirements for Connections?
- What Are 1GE and 10GE?
- Is BGP Routing Supported in Direct Connect?
- How Do I Submit a Service Ticket?
- What Are the Network Latency and Packet Loss Rate of a Connection?
- Are the Uplink and Downlink Bandwidths of a Direct Connect Connection the Same?
- What Do I Do If I Select the Wrong Carrier When Creating a Connection?
- How Do I Plan the VPCs for a New Connection?
- What Are Local and Remote Gateways (Interconnection IP Addresses)?
- How Do I Configure BFD for a Connection?
- Leased Line
-
Interconnection with the Cloud
- Can I Access the Same VPC over Multiple Connections?
- How Do I Plan the CIDR Blocks for a Connection?
- What Should I Consider When I Use Direct Connect to Access the Cloud?
- Does Direct Connect Support NAT?
- Can the VLAN of the On-premises Network Be Used in the VPC Through Direct Connect?
- Can My On-Premises Data Center Access Multiple VPCs Through One Connection?
- Can Direct Connect Be Used with Similar Services of Other Cloud Service Providers?
-
Networking and Scenarios
- Can Multiple Connections Access the Same VPC?
- Can My On-Premises Data Center Access Multiple VPCs Through One Connection?
- Can Direct Connect Be Used with Similar Services of Other Cloud Service Providers?
- Can I Limit the Bandwidth Available on Each Hosted Connection?
- How Do I Plan the VPCs for a New Connection?
-
Related Console Operations
- How Do I Submit a Service Ticket?
- How Can I Unsubscribe from Direct Connect?
- What Parameters Can Be Modified After I Have Created a Virtual Interface?
- Do I Need to Delete the Virtual Gateway and Virtual Interface Before Deleting a Hosted Connection?
- How Do I Change the Routing Mode of a Connection?
- How Do I Delete a Hosted Connection?
- What Is the BGP ASN Used by Huawei Cloud?
- What Are Local and Remote Gateways (Interconnection IP Addresses)?
- Troubleshooting
- Billing
- Resource Monitoring
- Quota
-
Popular Questions
Show all
Example Custom Policies
Custom policies can be created to supplement the system-defined policies of Direct Connect.
You can create custom policies in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Edit JSON policies from scratch or based on an existing policy.
For details, see Creating a Custom Policy. The following are examples custom policies created for Direct Connect.
Example Custom Policies
- Example 1: Allowing users to update a virtual gateway
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "dcaas:vgw:update" ] } ] }
- Example 2: Denying users to delete a connection
A deny policy must be used together with other policies. If permissions assigned to a user contain both Allow and Deny actions, the Deny action takes precedence over the Allow action.
The following method can be used if you need to assign permissions of the DCAAS FullAccess policy to a user but also forbid the user from deleting connections. Create a custom policy for denying connection deletion, and assign both policies to the group the user belongs to. Then the user can perform all operations on Direct Connect except deleting connections.
The following is an example of a deny policy:
{ "Version": "1.1", "Statement": [ { "Effect": "Deny", "Action": [ "dcaas:directConnect:delete" ] } ] }
- Example 3: Defining permissions for multiple services in a policy
A custom policy can contain the actions of multiple services that are of the global or project-level type.
The following is an example policy containing actions of multiple services:
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "vpc:vpcs:list", "vpc:subnets:get", "vpc:routes:list" ] }, { "Effect": "Allow", "Action": [ "dcaas:vif:list", "dcaas:vgw:list", "dcaas:directConnect:list" ] } ] }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.