Deze pagina is nog niet beschikbaar in uw eigen taal. We werken er hard aan om meer taalversies toe te voegen. Bedankt voor uw steun.
- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Elastic IP
- EIP Billing
- Shared Bandwidth
- Monitoring
- Permissions Management
- Change History
- Best Practices
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- APIs
- API V3
- Native OpenStack Neutron APIs V2.0
- Application Examples
- Permissions Policies and Supported Actions
- Appendix
- Change History
- SDK Reference
-
FAQs
-
Product Consultation
- What Is a Quota?
- How Do I Assign or Retrieve a Specific EIP?
- Why Is an EIP Newly Assigned the Same as the One I Released?
- What Are the Differences Between EIP, Private IP Address, and Virtual IP Address?
- Can an EIP That Uses Dedicated Bandwidth Be Changed to Use Shared Bandwidth?
- Can I Bind an EIP to Multiple ECSs?
- What Are the Differences Between the Primary and Extension NICs of ECSs?
- What Is the EIP Assignment Policy?
- Can I Buy a Specific EIP?
- Does an EIP Change Over Time?
- How Do I Query the Region of My EIPs?
- Can a Bandwidth Be Used by Multiple Accounts?
- How Do I Unbind an EIP from an Instance and Bind a New EIP to the Instance?
- Why Can't I Find My Purchased EIP on the Management Console?
- Why My EIPs Are Frozen? How Do I Unfreeze My EIPs?
-
Billing and Payments
- How Is an EIP Billed?
- How Do I Change My EIP Billing Mode Between Pay-per-Use and Yearly/Monthly?
- How Do I Change the Billing Option of a Pay-per-Use EIP Between By Bandwidth and By Traffic?
- What Is Enhanced 95th Percentile Bandwidth Billing?
- Why Am I Still Being Billed After My EIP Has Been Unbound or Released?
- When Will I Be Billed for Reservation Price?
- EIP Binding and Unbinding
-
Bandwidth
- What Bandwidth Types Are Available?
- Is There a Limit to the Number of EIPs That Can Be Added to Each Shared Bandwidth?
- What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth?
- What Are Inbound Bandwidth and Outbound Bandwidth?
- How Do I Know If My EIP Bandwidth Limit Has Been Exceeded?
- What Is the Relationship Between Bandwidth and Upload/Download Rate?
- What Are the Differences Between Static BGP and Dynamic BGP?
-
Connectivity
- What Are the Priorities of the Custom Route and EIP If Both Are Configured for an ECS to Enable the ECS to Access the Internet?
- Why Can't My ECS Access the Internet Even After an EIP Is Bound?
- Why Can't an EIP Be Pinged?
- How Do I Unblock an EIP?
- Why Is There Network Jitter or Packet Loss During Cross-Border Communications?
- Why Does the Download Speed of My ECS Is Slow?
- Change History
-
Product Consultation
Creating a User and Granting EIP Permissions
Currently, the EIP service permissions are included in the VPC permissions. Permissions Management.
- Create IAM users for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing VPC resources.
- Grant users only the permissions required to perform a given task based on their job responsibilities.
- Entrust a cloud account or cloud service to perform efficient O&M on your VPC resources.
If your cloud account meets your permissions requirements, you can skip this section.
Figure 1 shows the process flow for granting permissions.
Prerequisites
Before granting permissions to user groups, learn about EIP Permissions for EIP.
To grant permissions for other services, learn about all system-defined permissions supported by IAM.
Process Flow
- and verify permissions.
In the authorized region, perform the following operations:
- Choose Service List > Elastic IP. Then click Buy EIP on the EIP console. If a message appears indicating that you have insufficient permissions to perform the operation, the EIP ReadOnlyAccess policy is in effect.
- Choose another service from Service List. If a message appears indicating that you have insufficient permissions to access the service, the EIP ReadOnlyAccess policy is in effect.
Example Custom Policies
- Example 1: Grant permissions to assign and view EIPs
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ " vpc:publicIps:create, vpc:publicIps:list " ] } ] }
- Example 2: Grant permission to deny EIP deletion.
A policy with only "Deny" permissions must be used together with other policies. If the permissions granted to an IAM user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.
Assume that you want to grant the permissions of the EIP FullAccess policy to a user but want to prevent them from releasing EIPs. You can create a custom policy for denying EIP release, and attach both policies to the user. As an explicit deny in any policy overrides any allows, the user can perform all operations on EIPs except releasing them. Example policy denying EIP release:
{ "Version": "1.1", "Statement": [ { "Effect": "Deny", "Action": [ "vpc:publicIps:delete" ] } ] }
- Example 3: Create a custom policy containing multiple actions.
A custom policy can contain the actions of one or multiple services that are of the same type (global or project-level). Example policy containing multiple actions:
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "vpc:publicIps:update", "vpc:publicIps:create" ] }, { "Effect": "Deny", "Action": [ "vpc:publicIps:delete" ] } ] }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.