- What's New
- Service Overview
- User Guide
- Template Reference
-
API Reference
- Before You Start
-
API
- Calling APIs
-
Stacks
- Listing Events of a Stack
- Obtaining Stack Metadata
- Listing Stacks
- Creating a Stack
- Obtaining a Stack Template
- Listing Stack Resources
- Listing Stack Outputs
- Continuing to Deploy a Stack
- Deploying a Stack
- Deleting a Stack
- Updating a Stack
- Deleting a Stack with Conditions
- Continuing to Roll Back a Stack
- Execution Plans
- Template Analysis
- Template Management
-
Stack Sets
- Listing Stack Sets
- Creating a Stack Set
- Obtaining a Stack Set Template
- Listing Stack Set Operations
- Obtaining Metadata of a Stack Set
- Listing Stack Instances
- Creating Stack Instances
- Deleting Stack Instance Deprecated
- Updating Stack Instances
- Deleting Stack Instances
- Deploying a Stack Set
- Deleting a Stack Set
- Updating a Stack Set
- Obtaining Metadata of a Stack Set Operation
- Obtaining a Stack Instance
- Customized Providers
- Resource Formation - Hook
- Resource Formation - Module Management
- Permissions and Supported Actions
- Appendix
- Change History
- FAQs
- Videos
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- Stack Management
- CTS
-
Template Reference
- Template Introduction
-
List of Elements
- Resource Indexes
- AOS.Stack
- CCE.Addon.AutoScaler
- CCE.Cluster
- CCE.HelmRelease
- CCE.NodePool
- CCE.Pod
- CCE.Storage.OBS
- CCE.Storage.SFS
- DCS.Redis
- ECS.CloudServer
- ECS.KeyPair
- NAT.Instance
- NAT.SNatRule
- OBS.Bucket
- RDS.MySQL
- SFS.FileSystem
- ULB.Healthmonitor
- ULB.Listener
- ULB.LoadBalancer
- ULB.Member
- ULB.Pool
- VPC.EIP
- VPC.SecurityGroup
- VPC.SecurityGroupRule
- VPC.Subnet
- VPC.VPC
-
Data Structure
- AOS.BatchItem
- Basic.KeyValuePair
- Basic.Label
- Basic.LabelSelector
- Basic.NameAndSecretValue
- Basic.NameKeyPair
- Basic.NameValuePair
- CCE.Addon.AutoScaler.Node
- CCE.DataVolume
- CCE.HelmChart
- CCE.Labels
- CCE.NodePool
- CCE.PublicIP
- DCS.InstanceBackupPolicy
- DCS.PeriodicalBackupPlan
- ECS.DataVolume
- ECS.EIP
- ECS.ExtendParam
- ECS.MountedVolumes
- ECS.NICS
- ECS.Personality
- ECS.PublicIP
- ECS.RootVolume
- ECS.SecurityGroup
- ECS.ServerTags
- ECS.VolumeExtendParam
- K8S.PodSecurityContext
- K8S.SecurityContext.SeLinuxOptions
- MySQL.DBUser
- MySQL.DataBase
- MySQL.DataStore
- RDS.BackupStrategy
- RDS.HA.Mysql
- RDS.Volume
- ULB.StickySession
- VPC.BandWidth
- VPC.PublicIP
- Appendix
- FAQs
- Change History
-
API Reference (ME-Abu Dhabi Region)
- Before You Start
- API Overview
- Calling APIs
-
API
- Creating a Template
- Querying a Template List
- Updating a Template
- Deleting a Template
- Downloading a Template
- Querying a Template
- Querying the Input Parameters of a Template
- Creating a Stack
- Deleting a Stack
- Executing a Stack Lifecycle
- Querying a Stack List
- Querying a Stack
- Querying a Stack Element List
- Querying a Stack Element
- Querying a Stack Output
- Querying Stack Input
- Querying the Execution Record of a Stack
- Querying a Stack Execution Record List
- Appendix
- Change History
-
API Reference (Kuala Lumpur Region)
- Before You Start
-
API
- Calling APIs
-
Stacks
- Listing Events of a Stack
- Obtaining Stack Metadata
- Listing Stacks
- Creating a Stack
- Obtaining a Stack Template
- Listing Stack Resources
- Listing Stack Outputs
- Continuing to Deploy a Stack
- Deploying a Stack
- Deleting a Stack
- Updating a Stack
- Deleting a Stack with Conditions
- Continuing to Roll Back a Stack
- Execution Plans
- Template Analysis
- Template Management
-
Stack Sets
- Listing Stack Sets
- Creating a Stack Set
- Obtaining a Stack Set Template
- Listing Stack Set Operations
- Obtaining Metadata of a Stack Set
- Listing Stack Instances
- Creating Stack Instances
- Deleting Stack Instance Deprecated
- Updating Stack Instances
- Deploying a Stack Set
- Deleting Stack Instances
- Deleting a Stack Set
- Updating a Stack Set
- Obtaining Metadata of a Stack Set Operation
- Obtaining a Stack Instance
- Appendix
- Change History
- User Guide (Kuala Lumpur Region)
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Show all
Copied.
Using a Stack Set
Set up required permissions to create a stack set with service-managed permissions.
To create a stack set with self-managed permissions, create IAM roles in each account to establish a trust relationship between the administrator and target accounts.
- Determine which Huawei Cloud account is the administrator account.
Stack sets are created in this administrator account. A target account is an account into which you create stacks in a stack set.
- Determine how to configure permissions for the stack set.
The easiest (and most lenient) permissions setup is to allow all users within the administrator account to create and update the stack sets managed through that account. If you need finer-grained control, you can set up permissions to manage required resources through IAM agencies. For details, see Creating an Agency.
- Set up permissions for users of the administrator account to perform stack set operations in all target accounts.
In the administrator account, create an agency named Administrator_account (custom) that entrusts RFS. Add the iam:tokens:assume and Tenant Administrator permissions to the agency.
In the target account, create an agency named Target_Account (custom) that entrusts the administrator account, and grant the Tenant Administrator permission.
- Set up advanced permissions for stack set operations.
In the administrator account, create an agency named Administrator_account (custom) that entrusts RFS. Use fine-grained authorization to add iam:tokens:assume and required operation permissions to the agency.
In the target account, create an agency named Target_Account (custom) that entrusts the administrator account, and grant the target account the permissions to perform operations on resources.
- Set up permissions for users of the administrator account to perform stack set operations in all target accounts.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot