- What's New
- Function Overview
- Service Overview
- Billing
- Getting Started
- User Guide
-
Best Practices
- Using Global Accelerator to Speed Up Cross-Border Access to Web Servers
- Using CDN and Global Accelerator to Speed Up Cross-Border Access
- Using Global Accelerator to Speed Up Cross-Border Access to Third-Party On-premises Servers
- Using Global Accelerator to Accelerate Communications Between Cloud and On-Premises Servers and Implement Multi-active DR
- Transferring the Source IP Address of a Client
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
- Global Accelerator
- Listener
- Endpoint Group
- Endpoint
- Health Check
-
IP Address Group
- Creating an IP Address Group
- Querying IP Address Groups
- Querying Details of an IP Address Group
- Updating an IP Address Group
- Deleting an IP Address Group
- Adding CIDR Blocks to an IP Address Group
- Removing CIDR Blocks from an IP Address Group
- Associating an IP Address Group with a Listener
- Disassociating an IP Address Group from a Listener
- Region
- Tag
- Log
- Permissions Policies and Supported Actions
- Appendix
- SDK Reference
-
FAQs
- Can I Use the Ping Command to Test Latency?
- How Will I Be Billed for Global Accelerator?
- How Can I Increase the Global Accelerator Quotas?
- How Can I Use Traffic Dial to Distribute Traffic?
- What Types of Endpoints Can Be Added to a Global Accelerator?
- Can I Use Global Accelerator in an Area That Is Not Listed Among the Acceleration Areas?
- What Are the Statuses and Health Check Results of Endpoints?
- What Should I Do If an Endpoint Is Unhealthy?
- Most Frequently Asked Questions
- Configuring the TOA Module
- How Can I Use Global Accelerator to Enable European Users to Access the Applications Deployed in or Outside the Chinese Mainland (Excluding Europe) Faster?
- General Reference
Show all
Copied.
Custom Policy
Custom policies can be created to supplement the system-defined policies of Global Accelerator.
You can create custom policies in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and request conditions. You do not need to have knowledge of the policy syntax.
- JSON: Create a policy in the JSON format from scratch or based on an existing policy template.
For details, see Creating a Custom Policy. The following are examples of custom policies created for Global Accelerator.
Example Custom Policies
- Example 1: Allowing users to update a global accelerator
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "ga:accelerator:update" ] } ] }
- Example 2: Denying users to delete a global accelerator
A deny policy must be used in conjunction with other policies to take effect. If the permissions granted to an IAM user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.
If you grant the system policy GA FullAccess to a user but do not want the user to have the permission to delete global accelerators, you can create a custom policy that denies the deletion of global accelerators. Then you can grant the GA FullAccess and deny policies to the user, so that the user can perform all operations on global accelerators except deleting them.
The following is an example deny policy:
{ "Version": "1.1", "Statement": [ { "Effect": "Deny", "Action": [ "ga:accelerator:delete" ] } ] }
- Example 3: Defining actions for multiple services in a policy
A custom policy can contain the actions of multiple services that are of the global or project-level type.
The following is an example policy containing actions of multiple services:
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "ga:listener:create", "ga:healthcheck:create", "ga:endpointgroup:create", "ga:endpoint:create" ] }, { "Effect": "Allow", "Action": [ "eps:enterpriseProjects:enable", "eps:enterpriseProjects:update", "eps:enterpriseProjects:create" ] } ] }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot