Actions Supported by Identity Policy-based Authorization
IAM provides system-defined identity policies to define typical cloud service permissions. You can also create custom identity policies using the actions supported by cloud services for more refined access control.
In addition to IAM, the Organizations service also provides Service Control Policies (SCPs) to set access control policies.
SCPs do not actually grant any permissions to an entity. They only set the permissions boundary for the entity. When SCPs are attached to an organizational unit (OU) or a member account, the SCPs do not directly grant permissions to that OU or member account. Instead, the SCPs only determine what permissions are available for that member account or those member accounts under that OU. The granted permissions can be applied only if they are allowed by the SCPs.
To learn more about how IAM is different from Organizations for access control, see How IAM Is Different from Organizations for Access Control?.
This section describes the elements used by IAM custom identity policies and Organizations SCPs. The elements include actions, resources, and conditions.
- For details about how to use these elements to edit an IAM custom identity policy, see Creating a Custom Identity Policy.
- For details about how to use these elements to edit a custom SCP, see Creating an SCP.
Actions
Actions are specific operations that are allowed or denied in an identity policy.
- The Access Level column describes how the action is classified (List, Read, or Write). This classification helps you understand the level of access that an action grants when you use it in an identity policy.
- The Resource Type column indicates whether the action supports resource-level permissions.
- You can use a wildcard (*) to indicate all resource types. If this column is empty (-), the action does not support resource-level permissions and you must specify all resources ("*") in your identity policy statements.
- If this column includes a resource type, you must specify the URN in the Resource element of your identity policy statements.
- Required resources are marked with asterisks (*) in the table. If you specify a resource in a statement using this action, then it must be of this type.
For details about the resource types defined by CSS, see Resources.
- The Condition Key column contains keys that you can specify in the Condition element of an identity policy statement.
- If the Resource Type column has values for an action, the condition key takes effect only for the listed resource types.
- If the Resource Type column is empty (-) for an action, the condition key takes effect for all resources that action supports.
- If the Condition Key column is empty (-) for an action, the action does not support any condition keys.
For details about the condition keys defined by CSS, see Conditions.
- The Alias column lists the policy actions that are configured in identity policies. With these actions, you can use APIs for policy-based authorization. For details, see Policies and Identity Policies.
The following table lists the actions that you can define in identity policy statements for CSS.
|
Action |
Description |
Access Level |
Resource Type (*: required) |
Condition Key |
Alias |
|---|---|---|---|---|---|
|
css:VPCEndpoint:updateWhitelist |
Grants permission to update the existing VPC endpoint trustlist. |
Write |
cluster * |
- |
|
|
css:log:updateBackupPolicy |
Grants permission to modify or delete log backups. |
Write |
cluster * |
- |
|
|
css:snapshot:setSnapshotPolicy |
Grants permission to operate the backup policy. |
Write |
cluster * |
- |
|
|
css:snapshot:getSnapshotPolicy |
Grants permission to query backup policies. |
Read |
cluster * |
- |
|
|
css:snapshot:restore |
Grants permission to restore the snapshot. |
Write |
cluster * |
- |
|
|
css:snapshot:create |
Grants permission to create a snapshot. |
Write |
cluster * |
- |
|
|
css:publicIPAddress:associates |
Grants permission to enable or disable public network access. |
Write |
cluster * |
- |
|
|
css:publicIPAddress:setAccessControl |
Grants permission to perform operations on the trustlist. |
Write |
cluster * |
- |
|
|
css:tag:get |
Grants permission to query resource tags. |
Read |
cluster * |
- |
|
|
css:publicIPAddress:modifyBandwidth |
Grants permission to change the bandwidth. |
Write |
cluster * |
- |
|
|
css:VPCEndpoint:enableOrDisable |
Grants permission to create or delete a VPCEP. |
Write |
cluster * |
- |
|
|
css:log:getBasicConfigurations |
Grants permission to query basic log configurations. |
Read |
cluster * |
- |
|
|
css:snapshot:list |
Grants permission to view the snapshot list. |
List |
cluster * |
- |
|
|
css:log:list |
Grants permission to view logs. |
List |
cluster * |
- |
|
|
css:snapshot:setSnapshotContiguration |
Grants permission to set basic snapshot configurations. |
Write |
cluster * |
- |
|
|
css:cluster:listFlavors |
Grants permission to query the specification ID list. |
List |
- |
- |
|
|
css:cluster:listDiskType |
Grants permission to list available disk types. |
List |
- |
- |
- |
|
css:tag:list |
Grants permission to query project tags. |
List |
cluster * |
- |
- |
|
css:VPCEndpoint:manageConnection |
Grants permission to the connection to the VPC endpoint. |
Write |
cluster * |
- |
|
|
css:log:listJob |
Grants permission to query the job list. |
List |
cluster * |
- |
|
|
css:cluster:downloadCert |
Grants permission to obtain the certificate content. |
Read |
- |
- |
- |
|
css:cluster:get |
Grants permission to query cluster details. |
Read |
cluster * |
|
|
|
css:snapshot:enableAtomaticSnapsot |
Grants permission to set basic configurations for automatic snapshot backup. |
Write |
cluster * |
- |
|
|
css:snapshot:delete |
Grants permission to delete a specified snapshot. |
Write |
cluster * |
- |
|
|
css:IKThesaurus:get |
Grants permission to view the customized word dictionary configuration. |
Read |
cluster * |
- |
|
|
css:cluster:restart |
Grants permission to restart the ElasticSearch cluster. |
Write |
cluster * |
- |
|
|
css:cluster:modifySecurityGroup |
Grants permission to modify the cluster security group. |
Write |
cluster * |
- |
|
|
css:configurations:list |
Grants permission to query the task operation list for obtaining parameter settings. |
List |
cluster * |
- |
|
|
css:cluster:delete |
Grants permission to delete a cluster. |
Write |
cluster * |
- |
|
|
css:cluster:modifySpecifications |
Grants permission to modify the cluster specifications. |
Write |
cluster * |
- |
|
|
css:cluster:list |
Grants permission to list cluster information. |
List |
cluster * |
- |
|
|
css:cluster:scaleOut |
Grants permission to expand the cluster. |
Write |
cluster * |
- |
|
|
css:IKThesaurus:load |
Grants permission to load a custom word dictionary. |
Write |
cluster * |
- |
|
|
css:configurations:modify |
Grants permission to update the number of entries. |
Write |
cluster * |
- |
|
|
css:configurations:get |
Grants permission to list parameters. |
List |
cluster * |
- |
|
|
css:IKThesaurus:delete |
Grants permission to delete the word dictionary. |
Write |
cluster * |
- |
|
|
css:cluster:expand |
Grants permission to expand the number of instances and storage capacity. |
Write |
cluster * |
- |
|
|
css:snapshot:disableSnapshotFuction |
Grants permission to disable the cluster snapshot function. |
Write |
cluster * |
- |
|
|
css:cluster:upgradeCluster |
Grants permission to upgrade cluster and replace nodes. |
Write |
cluster * |
- |
|
|
css:VPCEndpoint:listConnection |
Grants permission to query the VPCEP connection. |
List |
cluster * |
- |
|
|
css:cluster:scaleIn |
Grants permission to cluster scale-in. |
Write |
cluster * |
- |
|
|
css:log:setBasicConfigurations |
Grants permission to basic log configuration settings. |
Write |
cluster * |
- |
|
|
css:tag:addOrDelete |
Grants permission to add or delete resource tags in batches. |
Tagging |
cluster * |
- |
|
|
- |
|||||
|
css:publicKibana:close |
Grants permission to disable public network access. |
Write |
cluster * |
- |
|
|
css:tag:edit |
Grants permission to modify a cluster tag. |
Tagging |
cluster * |
- |
|
|
- |
|||||
|
css:cluster:create |
Grants permission to create a cluster. |
Write |
cluster * |
- |
- |
|
- |
|||||
|
css:cluster:toPeriod |
Grants permission to change cluster to period. |
Write |
cluster * |
- |
|
|
css:cluster:modifyName |
Grants permission to change the cluster name. |
Write |
cluster * |
- |
|
|
css:log:backup |
Grants permission to back up logs. |
Write |
cluster * |
- |
|
|
css:cluster:closeLogSetting |
Grants permission to enable the log function. |
Write |
cluster * |
|
|
|
css:cluster:openLogSetting |
Grants permission to open the log function. |
Write |
cluster * |
|
|
|
css:cluster:modifyPassword |
Grants permission to change the cluster password. |
Write |
cluster * |
- |
|
|
css:publicIPAddress:disassociates |
Grants permission to unbind the public network. |
Write |
cluster * |
- |
|
|
css:publicKibana:open |
Grants permission to the public network. |
Write |
cluster * |
- |
|
|
css:tag:delete |
Grants permission to delete a tag. |
Tagging |
cluster * |
- |
|
|
- |
|||||
|
css:cluster:shrinkNodes |
Grants permission to a specified node to be scaled in. |
Write |
cluster * |
- |
|
|
css:cluster:changeMode |
Grants permission to modify the security mode. |
Write |
cluster * |
- |
|
|
css:cluster:addIndependenceNodes |
Grants permission to add independent master and client. |
Write |
cluster * |
- |
|
|
css:cluster:rollingReboot |
Grants permission to restart the ElasticSearch cluster in rolling mode. |
Write |
cluster * |
|
|
|
css:logstash:listActions |
Grants permission to query operation records. |
Read |
cluster * |
- |
|
|
css:cluster:uploadCerts |
Grants permission to upload crets. |
Write |
cluster * |
- |
|
|
css:cluster:deleteCerts |
Grants permission to delete crets. |
Write |
cluster * |
- |
|
|
css:cluster:listCerts |
Grants permission to query certs list. |
List |
cluster * |
|
|
|
css:cluster:getCertsDetail |
Grants permission to query cert file information. |
Read |
cluster * |
- |
|
|
css:logstash:deleteConfTemplate |
Grants permission to delete a user-defined template. |
Write |
cluster * |
- |
|
|
css:logstash:listConfigTemplate |
Grants permission to query the template list. |
List |
- |
- |
|
|
css:logstash:confStop |
Grants permission to stop or hot stop the pipeline from migrating data. |
Write |
cluster * |
- |
|
|
css:logstash:checkConnection |
Grants permission to test connectivity. |
Write |
cluster * |
- |
|
|
css:logstash:confDelete |
Grants permission to delete the configuration file. |
Write |
cluster * |
- |
|
|
css:logstash:confStart |
Grants permission to start or hot start the pipeline to migrate data. |
Write |
cluster * |
- |
|
|
css:logstash:getConfDetail |
Grants permission to command is used to query the content of a configuration file. |
Read |
cluster * |
- |
|
|
css:cluster:azmigrate |
Grants permission to switch the AZs. |
Write |
cluster * |
- |
|
|
css:logstash:confUpdate |
Grants permission to update the configuration file. |
Write |
cluster * |
- |
|
|
css:logstash:listPipelines |
Grants permission to query the pipeline list. |
List |
cluster * |
- |
|
|
css:cluster:retryAction |
Grants permission to retry the task or terminate the impact of the task. |
Write |
cluster * |
- |
|
|
css:logstash:listConfs |
Grants permission to query the configuration file list. |
List |
cluster * |
- |
|
|
css:logstash:configFavorites |
Grants permission to add to the custom template. |
Write |
cluster * |
- |
|
|
css:cluster:listUpgradeCluster |
Grants permission to obtain the upgrade image ID and upgrade details. |
List |
cluster * |
- |
|
|
css:logstash:submitConf |
Grants permission to create a configuration file. |
Write |
cluster * |
- |
|
|
css:plugin:list |
Grants permission to query the cluster plug-in list. |
List |
cluster * |
- |
|
|
css:plugin:getOperationRecords |
Grants permission to query the operation records of the plug-in. |
Read |
cluster * |
- |
|
|
css:plugin:delete |
Grants permission to delete a plug-in. |
Write |
cluster * |
- |
|
|
css:plugin:installOrUninstall |
Grants permission to install or uninstall the plug-in. |
Write |
cluster * |
- |
|
|
css:plugin:upload |
Grants permission to upload the plug-in. |
Write |
cluster * |
- |
|
|
css:plugin:getDefault |
Grants permission to query the default plug-in. |
Read |
cluster * |
- |
|
|
css:cluster:getAgencies |
Grants permission to obtain the proxy. |
Read |
- |
- |
- |
|
css:cluster:modifyRoute |
Grants permission to modify the cluster route. |
Write |
cluster * |
- |
|
|
css:cluster:getRoutes |
Grants permission to obtain the cluster route. |
Read |
cluster * |
- |
|
|
css:logstash:actionList |
Grants permission to query the cluster task list. |
List |
cluster * |
- |
|
|
css:cluster:createUserInfo |
Grants permission to create user information. |
Write |
cluster * |
- |
- |
|
css:VPCEndpoint:modifyConnections |
Grants permission to modify the connection size. |
Write |
cluster * |
- |
|
|
css:cluster:queryNeedDeleteInstances |
Grants permission to obtain the node to be deleted. |
Write |
cluster * |
- |
|
|
css:cluster:queryKey |
Grants permission to obtain the key. |
Read |
- |
- |
- |
|
css:cluster:queryKeys |
Grants permission to obtain the key list. |
List |
- |
- |
- |
|
css:cluster:getPubliczonePice |
Grants permission to obtain the bandwidth price. |
Read |
cluster * |
- |
- |
|
css:datastore:get |
Grants permission to obtain the data engine. |
Read |
cluster * |
- |
- |
|
css:datastore:list |
Grants permission to obtain the data engine list. |
List |
cluster * |
- |
- |
|
css:publicIPAddress:enableOrDisableIPv6Function |
Grants permission to enable or disable IPv6. |
Write |
cluster * |
- |
|
|
css:cluster:getDiskUsage |
Grants permission to obtain the cluster storage capacity status. |
Read |
cluster * |
- |
- |
|
css:snapshot:showDetail |
Grants permission to obtain snapshot details. |
Read |
cluster * |
- |
- |
|
css:cluster:getAvailableBuckets |
Grants permission to obtain available OBS buckets. |
List |
- |
- |
- |
|
css:cluster:checkCssName |
Grants permission to check the cluster name. |
Write |
cluster * |
- |
- |
|
css:snapshot:deleteAllFailedTask |
Grants permission to delete all failed tasks. |
Write |
- |
- |
- |
|
css:snapshot:deleteSingleFailedTask |
Grants permission to delete a specified failed task. |
Write |
- |
- |
- |
|
css:snapshot:getAllFailedTask |
Grants permission to obtain failed backup tasks. |
List |
- |
- |
- |
|
css::createServiceAgency |
Grants permission to create an agency. |
Write |
- |
- |
- |
|
css:repository:create |
Grants permission to create a log repository. |
Write |
repository * |
- |
- |
|
css:cluster:createAiOps |
Grants permission to create detection tasks. |
Write |
cluster * |
- |
|
|
css:cluster:listAiOps |
Grants permission to obtain the detection task list. |
List |
cluster * |
- |
|
|
css:cluster:deleteAiOps |
Grants permission to delete a detection task. |
Write |
cluster * |
- |
|
|
css:cluster:listSmnTopics |
Grants permission to obtain the SMN Topic list. |
List |
cluster * |
- |
|
|
css:cluster:listElbs |
Grants permission to obtain the list of available ELB in the current cluster. |
List |
cluster * |
- |
|
|
css:cluster:elbSwitch |
Grants permission to enable or disable the ELB function . |
Write |
cluster * |
- |
|
|
css:cluster:createElbListener |
Grants permission to create listeners for the current cluster. |
Write |
cluster * |
- |
|
|
css:cluster:updateElbListener |
Grants permission to modify the listener of the current cluster. |
Write |
cluster * |
- |
|
|
css:cluster:getElbDetail |
Grants permission to query the ELB information used by the current cluster. |
Read |
cluster * |
- |
|
|
css:cluster:listElbCerts |
Grants permission to obtain the load balancer certificate list. |
List |
cluster * |
- |
|
|
css:repository:list |
Grants permission to query the log repository list. |
List |
repository * |
- |
- |
|
css:repository:get |
Grants permission to query the log repository. |
Read |
repository * |
- |
- |
|
css:repository:update |
Grants permission to update the log repository configuration. |
Write |
repository * |
- |
- |
|
css:repository:delete |
Grants permission to delete the log repository. |
Write |
repository * |
- |
- |
|
css:logstream:create |
Grants permission to create a logstream. |
Write |
repository * |
- |
- |
|
logstream * |
- |
||||
|
css:logstream:list |
Grants permission to query the logstream List. |
List |
repository * |
- |
- |
|
logstream * |
- |
||||
|
css:logstream:get |
Grants permission to query the logstream details. |
Read |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:update |
Grants permission to update the logstream. |
Write |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:delete |
Grants permission to delete a logstream. |
Write |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:read |
Grants permission to read logstream. |
Read |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:write |
Grants permission to write to logstream. |
Write |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:createImportTask |
Grants permission to create a log import task. |
Write |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:updateImportTask |
Grants permission to update the log import task. |
Write |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:showImportTask |
Grants permission to get the log import task details. |
Read |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:listImportTask |
Grants permission to query log import task list. |
List |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:deleteImportTask |
Grants permission to delete the log import task. |
Write |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:stopImportTask |
Grants permission to stop the log import task. |
Write |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:startImportTask |
Grants permission to start the log import task. |
Write |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:updateLogImportTaskCreation |
Grants permission to modify the creation status of a log import task. |
Write |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:showLogImportTaskConnection |
Grants permission to show the connectivity of the log import task. |
Read |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:getConsumeLogs |
Grants permission to consumption log. |
Read |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:flushLogs |
Grants permission to flush log. |
Write |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:pushLogs |
Grants permission to write log. |
Write |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:showCursors |
Grants permission to obtains cursors. |
Read |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:showCursorTime |
Grants permission to obtains the timestamp of the log consumption cursor. |
Read |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:listLogs |
Grants permission to list logs. |
List |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:showLogsHistogram |
Grants permission to querying log distribution. |
Read |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:listLogContext |
Grants permission to list log context. |
List |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:showLogsAnalytics |
Grants permission to obtaining logs for analysis. |
Read |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:createShipper |
Grants permission to create a shipper. |
Write |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:updateShipper |
Grants permission to update a shipper. |
Write |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:deleteShipper |
Grants permission to delete a shipper. |
Write |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:listShipper |
Grants permission to list shippers. |
List |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:showShipper |
Grants permission to obtain shipper details. |
Read |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:stopShipper |
Grants permission to stop a shipper. |
Write |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:startShipper |
Grants permission to start a shipper. |
Write |
logstream * |
- |
- |
|
repository * |
- |
||||
|
css:logstream:listLogByCursor |
Grants permission to obtain logs based on cursor. |
Read |
logstream * |
- |
- |
|
repository * |
- |
Each API of CSS usually supports one or more actions. Table 2 lists the supported actions and dependencies.
|
API |
Action |
Dependencies |
|---|---|---|
|
css:cluster:create |
|
|
|
css:cluster:create |
|
|
|
css:cluster:modifySecurityGroup |
|
|
|
css:cluster:list |
- |
|
|
css:cluster:get |
- |
|
|
css:cluster:delete |
- |
|
|
css:cluster:toPeriod |
- |
|
|
css:cluster:modifyName |
- |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/password/reset |
css:cluster:modifyPassword |
- |
|
css:cluster:restart |
- |
|
|
css:cluster:restart |
- |
|
|
css:cluster:restart |
- |
|
|
css:cluster:scaleOut |
|
|
|
css:cluster:expand |
|
|
|
css:cluster:modifySpecifications |
ecs:cloudServerFlavors:get |
|
|
css:cluster:listFlavors |
ecs:cloudServerFlavors:get |
|
|
css:tag:list |
- |
|
|
css:tag:get |
- |
|
|
css:tag:edit |
- |
|
|
DELETE /v1.0/{project_id}/{resource_type}/{cluster_id}/tags/{key} |
css:tag:delete |
- |
|
POST /v1.0/{project_id}/{resource_type}/{cluster_id}/tags/action |
css:tag:addOrDelete |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/{types}/flavor |
css:cluster:modifySpecifications |
ecs:cloudServerFlavors:get |
|
POST /v1.0/extend/{project_id}/clusters/{cluster_id}/role/shrink |
css:cluster:scaleIn |
|
|
css:cluster:downloadCert |
- |
|
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/instance/{instance_id}/replace |
css:cluster:upgradeCluster |
|
|
css:cluster:shrinkNodes |
|
|
|
css:cluster:changeMode |
- |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/type/{type}/independent |
css:cluster:addIndependenceNodes |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/inst-type/{inst_type}/image/upgrade |
css:cluster:upgradeCluster |
- |
|
- |
css:cluster:upgradeCluster |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/inst-type/{inst_type}/azmigrate |
css:cluster:azmigrate |
|
|
css:cluster:listUpgradeCluster |
- |
|
|
GET /v1.0/{project_id}/clusters/{cluster_id}/target/{upgrade_type}/images |
css:cluster:listUpgradeCluster |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/upgrade/{action_id}/retry |
css:cluster:retryAction |
- |
|
- |
css:cluster:listDiskType |
evs:types:get |
|
css:IKThesaurus:load |
|
|
|
css:IKThesaurus:get |
- |
|
|
css:IKThesaurus:delete |
- |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/publickibana/open |
css:publicKibana:open |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/publickibana/close |
css:publicKibana:close |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/publickibana/bandwidth |
css:publicIPAddress:modifyBandwidth |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/publickibana/whitelist/update |
css:publicIPAddress:setAccessControl |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/publickibana/whitelist/close |
css:publicIPAddress:setAccessControl |
- |
|
css:cluster:openLogSetting |
|
|
|
css:cluster:closeLogSetting |
- |
|
|
css:log:listJob |
- |
|
|
css:log:getBasicConfigurations |
- |
|
|
css:log:setBasicConfigurations |
|
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/logs/policy/update |
css:log:updateBackupPolicy |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/logs/policy/close |
css:log:updateBackupPolicy |
- |
|
css:log:backup |
- |
|
|
css:log:list |
- |
|
|
css:publicIPAddress:associates |
- |
|
|
css:publicIPAddress:disassociates |
- |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/public/bandwidth |
css:publicIPAddress:modifyBandwidth |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/public/whitelist/update |
css:publicIPAddress:setAccessControl |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/public/whitelist/close |
css:publicIPAddress:setAccessControl |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/index_snapshot/auto_setting |
css:snapshot:enableAtomaticSnapsot |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/index_snapshot/setting |
css:snapshot:setSnapshotContiguration |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/index_snapshot |
css:snapshot:create |
iam:agencies:pass |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/index_snapshot/{snapshot_id}/restore |
css:snapshot:restore |
- |
|
DELETE /v1.0/{project_id}/clusters/{cluster_id}/index_snapshot/{snapshot_id} |
css:snapshot:delete |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/index_snapshot/policy |
css:snapshot:setSnapshotPolicy |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/index_snapshot/policy |
css:snapshot:getSnapshotPolicy |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/index_snapshots |
css:snapshot:list |
- |
|
DELETE /v1.0/{project_id}/clusters/{cluster_id}/index_snapshots |
css:snapshot:disableSnapshotFuction |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/vpcepservice/open |
css:VPCEndpoint:enableOrDisable |
|
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/vpcepservice/close |
css:VPCEndpoint:enableOrDisable |
|
|
GET /v1.0/{project_id}/clusters/{cluster_id}/vpcepservice/connections |
css:VPCEndpoint:listConnection |
vpcep:endpoints:get |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/vpcepservice/connections |
css:VPCEndpoint:manageConnection |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/vpcepservice/permissions |
css:VPCEndpoint:updateWhitelist |
- |
|
css:configurations:modify |
- |
|
|
css:configurations:list |
- |
|
|
css:configurations:get |
- |
|
|
POST /v2.0/{project_id}/clusters/{cluster_id}/snapshots/policy/open |
css:snapshot:setSnapshotPolicy |
- |
|
PUT /v2.0/{project_id}/clusters/{cluster_id}/snapshots/policy/close |
css:snapshot:setSnapshotPolicy |
- |
|
POST /v2.0/{project_id}/clusters/{cluster_id}/rolling_restart |
css:cluster:rollingReboot |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/listactions |
css:logstash:listActions |
- |
|
css:logstash:deleteConfTemplate |
- |
|
|
css:logstash:confStop |
- |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/hot-stop |
css:logstash:confStop |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/checkconnection |
css:logstash:checkConnection |
- |
|
DELETE /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/delete |
css:logstash:confDelete |
- |
|
- |
css:logstash:confDelete |
- |
|
css:logstash:confStart |
- |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/hot-start |
css:logstash:confStart |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/confdetail |
css:logstash:getConfDetail |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/update |
css:logstash:confUpdate |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/listpipelines |
css:logstash:listPipelines |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/submit |
css:logstash:submitConf |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/favorite |
css:logstash:configFavorites |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/listconfs |
css:logstash:listConfs |
- |
|
- |
css:logstash:actionList |
- |
|
- |
css:logstash:listConfigTemplate |
- |
|
css:logstash:listConfigTemplate |
- |
|
|
css:cluster:uploadCerts |
- |
|
|
DELETE /v1.0/{project_id}/clusters/{cluster_id}/certs/{cert_id}/delete |
css:cluster:deleteCerts |
- |
|
css:cluster:listCerts |
- |
|
|
GET /v1.0/{project_id}/clusters/{cluster_id}/certs/{cert_id} |
css:cluster:getCertsDetail |
- |
|
- |
css:plugin:list |
- |
|
- |
css:plugin:getOperationRecords |
- |
|
- |
css:plugin:delete |
- |
|
- |
css:plugin:installOrUninstall |
- |
|
- |
css:plugin:upload |
|
|
- |
css:plugin:getDefault |
- |
|
- |
css:cluster:getAgencies |
|
|
css:cluster:modifyRoute |
- |
|
|
css:cluster:getRoutes |
- |
|
|
- |
css:cluster:createUserInfo |
- |
|
- |
css:VPCEndpoint:modifyConnections |
- |
|
- |
css:cluster:queryNeedDeleteInstances |
- |
|
- |
css:cluster:queryKey |
- |
|
- |
css:cluster:queryKeys |
- |
|
- |
css:cluster:getPubliczonePice |
- |
|
- |
css:datastore:get |
- |
|
- |
css:datastore:list |
- |
|
- |
css:publicIPAddress:enableOrDisableIPv6Function |
- |
|
- |
css:cluster:getDiskUsage |
- |
|
- |
css:snapshot:showDetail |
- |
|
- |
css:cluster:getAvailableBuckets |
|
|
- |
css:cluster:checkCssName |
- |
|
- |
css:snapshot:deleteAllFailedTask |
- |
|
- |
css:snapshot:deleteSingleFailedTask |
- |
|
- |
css:snapshot:getAllFailedTask |
- |
|
css::createServiceAgency |
|
|
|
- |
css:repository:create |
- |
|
- |
css:repository:list |
- |
|
- |
css:repository:get |
- |
|
- |
css:repository:update |
- |
|
- |
css:repository:delete |
- |
|
- |
css:logstream:create |
- |
|
- |
css:logstream:list |
- |
|
- |
css:logstream:get |
- |
|
- |
css:logstream:update |
- |
|
- |
css:logstream:delete |
- |
|
- |
css:logstream:read |
- |
|
- |
css:logstream:write |
- |
|
- |
css:logstream:createImportTask |
|
|
- |
css:logstream:updateImportTask |
|
|
- |
css:logstream:showImportTask |
- |
|
- |
css:logstream:listImportTask |
- |
|
- |
css:logstream:deleteImportTask |
- |
|
- |
css:logstream:stopImportTask |
- |
|
- |
css:logstream:startImportTask |
|
|
- |
css:logstream:updateLogImportTaskCreation |
- |
|
- |
css:logstream:showLogImportTaskConnection |
- |
|
- |
css:logstream:getConsumeLogs |
- |
|
- |
css:logstream:pushLogs |
- |
|
- |
css:logstream:flushLogs |
- |
|
- |
css:logstream:showCursors |
- |
|
- |
css:logstream:showCursorTime |
- |
|
- |
css:logstream:listLogs |
- |
|
- |
css:logstream:showLogsHistogram |
- |
|
- |
css:logstream:listLogContext |
- |
|
- |
css:logstream:showLogsAnalytics |
- |
|
- |
css:logstream:createShipper |
|
|
- |
css:logstream:updateShipper |
|
|
- |
css:logstream:deleteShipper |
- |
|
- |
css:logstream:listShipper |
- |
|
- |
css:logstream:showShipper |
- |
|
- |
css:logstream:stopShipper |
- |
|
- |
css:logstream:startShipper |
|
|
- |
css:logstream:listLogByCursor |
- |
|
css:cluster:createAiOps |
- |
|
|
css:cluster:listAiOps |
- |
|
|
DELETE /v1.0/{project_id}/clusters/{cluster_id}/ai-ops/{aiops_id} |
css:cluster:deleteAiOps |
- |
|
GET /v1.0/{project_id}/domains/{domain_id}/ai-ops/smn-topics |
css:cluster:listSmnTopics |
|
|
css:cluster:listElbs |
elb:loadbalancers:list |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/loadbalancers/es-switch |
css:cluster:elbSwitch |
|
|
css:cluster:createElbListener |
- |
|
|
- |
css:cluster:updateElbListener |
- |
|
css:cluster:getElbDetail |
- |
|
|
GET /v1.0/{project_id}/clusters/{cluster_id}/elb/certificates |
css:cluster:listElbCerts |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/es-listeners/{listener_id} |
css:cluster:updateElbListener |
- |
|
- |
css:plugin:installOrUninstall |
- |
|
- |
css:cluster:listDiskType |
- |
|
- |
css:cluster:getDiskUsage |
- |
Resources
A resource type indicates the resources that an identity policy applies to. If you specify a resource type for any action in Table 3, the resource URN must be specified in the identity policy statements using that action, and the identity policy applies only to resources of this type. If no resource type is specified, the Resource element is marked with an asterisk (*) and the identity policy applies to all resources. You can also set condition keys in an identity policy to define resource types.
The following table lists the resource types that you can define in identity policy statements for CSS.
Conditions
CSS does not support service-specific condition keys in identity policies.It can only use global condition keys applicable to all services. For details, see Global Condition Keys.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
