弹性云服务器 ECS
操作(Action)
- “资源类型”列指每个操作是否支持资源级权限。
关于ECS定义的资源类型的详细信息请参见#iam_11_0007/zh-cn_topic_0000002369808774_zh-cn_topic_0000001571869865_zh-cn_topic_0000001492517298_section37181412519。
- “条件键”列包括了可以在身份策略语句的Condition元素中支持指定的键值。
关于ECS定义的条件键的详细信息请参见条件(Condition)。
授权项 | 描述 | 访问级别 | 资源类型(*为必须) | 条件键 | 别名 |
|---|---|---|---|---|---|
ecs:cloudServers:createServers | 授予创建ECS云服务器的权限。 | write | - | ecs:cloudServers:create | |
ecs:cloudServers:deleteServers | 授予删除ECS云服务器的权限。 | write | instance * | ecs:cloudServers:delete | |
ecs:cloudServers:resize | 授予变更云服务器规格的权限。 | write | instance * | - | |
ecs:cloudServers:attachSharedVolume | 授予批量挂载指定共享盘的权限。 | write | instance * | - | |
ecs:cloudServers:showServer | 授予查询云服务器详情的权限。 | read | instance * | ecs:cloudServers:get | |
ecs:cloudServers:attach | 授予云服务器挂载磁盘的权限。 | write | instance * | - | |
ecs:cloudServers:showServerBlockDevice | 授予查询弹性云服务器单个磁盘信息的权限。 | read | instance * | ecs:cloudServers:get | |
ecs:cloudServers:updateServerBlockDevice | 授予修改云服务器挂载的单个磁盘信息的权限。 | write | instance * | ecs:cloudServers:put | |
ecs:cloudServers:changeOS | 授予切换弹性云服务器操作系统的权限。 | write | instance * | - | |
ecs:cloudServers:detachVolume | 授予弹性云服务器卸载磁盘的权限。 | write | instance * | - | |
ecs:cloudServers:updateMetadata | 授予更新云服务器元数据的权限。 | write | instance * | - | |
ecs:cloudServers:deleteMetadata | 授予删除云服务器指定元数据的权限。 | write | instance * | - | |
ecs:cloudServers:migrate | 授予冷迁移云服务器的权限。 | write | instance * | - | |
ecs:cloudServers:listServerInterfaces | 授予查询云服务器网卡信息的权限。 | list | instance * | ecs:cloudServers:get | |
ecs:cloudServers:showResetPasswordFlag | 授予查询是否支持一键重置密码的权限。 | read | instance * | ecs:cloudServers:get | |
ecs:cloudServers:showServerPassword | 授予云服务器获取密码的权限。 | read | instance * | ecs:cloudServers:get | |
ecs:cloudServers:deletePassword | 授予云服务器清除密码的权限。 | write | instance * | - | |
ecs:cloudServers:listServerVolumeAttachments | 授予查询弹性云服务器挂载磁盘信息的权限。 | list | instance * | ecs:cloudServers:get | |
ecs:cloudServers:rebuild | 授予重装弹性云服务器操作系统的权限。 | write | instance * | - | |
ecs:cloudServers:vnc | 授予获取VNC远程登录地址的权限。 | read | instance * | - | |
ecs:cloudServers:updateServer | 授予修改弹性云服务器的权限。 | write | instance * | ecs:cloudServers:put | |
ecs:cloudServers:setAutoTerminateTime | 授予设置弹性云服务器自动销毁时间的权限。 | write | instance * | - | |
ecs:cloudServers:addNics | 授予批量添加云服务器网卡的权限。 | write | instance * | - | |
ecs:cloudServerNics:delete | 授予批量删除云服务器网卡的权限。 | write | instance * | - | |
ecs:cloudServers:showServerTags | 授予查询云服务器标签的权限。 | list | instance * | ecs:cloudServers:get | |
ecs:cloudServers:batchCreateServerTags | 授予批量添加云服务器标签的权限。 | write | instance * |
| |
ecs:cloudServers:batchDeleteServerTags | 授予批量删除云服务器标签的权限。 | write | instance * |
| |
ecs:cloudServers:start | 授予批量启动云服务器的权限。 | write | instance * | - | |
ecs:cloudServers:stop | 授予批量关闭云服务器的权限。 | write | instance * | - | |
ecs:cloudServers:reboot | 授予批量重启云服务器的权限。 | write | instance * | - | |
ecs:cloudServers:batchUpdateServersName | 授予批量修改弹性云服务器信息的权限。 | write | instance * | ecs:cloudServers:put | |
ecs:cloudServers:listServersDetails | 授予查询云服务器详情列表的权限。 | list | - | ecs:cloudServers:list | |
ecs:cloudServerFlavors:get | 授予查询云服务器规格详情和扩展信息列表的权限。 | read | - | - | - |
ecs:cloudServerQuotas:get | 授予查询租户配额的权限。 | read | - | - | - |
ecs:cloudServers:updateServerInterface | 授予更新云服务器网卡挂载信息的权限。 | write | instance * | - | ecs:cloudServerNics:update |
ecs:cloudServers:resetServerPwd | 授予一键重置弹性云服务器密码的权限。 | write | instance * | - | |
ecs:cloudServers:listServerGroups | 授予查询云服务器组列表的权限。 | list | - | - | ecs:cloudServers:list |
ecs:cloudServers:createServerGroup | 授予创建云服务器组的权限。 | write | - | - | ecs:cloudServers:create |
ecs:cloudServers:showServerGroup | 授予查询云服务器组详情的权限。 | read | - | - | ecs:cloudServers:get |
ecs:cloudServers:deleteServerGroup | 授予删除云服务器组的权限。 | write | - | - | ecs:cloudServers:delete |
ecs:cloudServers:addServerGroupMember | 授予添加云服务器组成员的权限。 | write | - | - | ecs:cloudServers:create |
ecs:cloudServers:deleteServerGroupMember | 授予删除云服务器组成员的权限。 | write | - | - | ecs:cloudServers:delete |
ecs:cloudServers:listServersByTag | 授予按标签查询云服务器列表的权限。 | list | - | - | ecs:cloudServers:list |
ecs:cloudServers:listResizeFlavors | 授予查询云服务器规格变更支持列表的权限。 | list | - | - | ecs:cloudServers:list |
ecs:cloudServers:listServerTags | 授予查询项目标签的权限。 | list | - | - | ecs:cloudServers:list |
ecs:cloudServers:changeVpc | 授予切换云服务器的VPC的权限。 | write | instance * | - | |
ecs:cloudServers:changeChargeMode | 授予变更云服务器计费方式的权限。 | write | instance * | - | |
ecs:instanceScheduledEvents:list | 授予查询计划事件列表的权限。 | list | - | - | - |
ecs:instanceScheduledEvents:accept | 授予接受并授权执行计划事件操作的权限。 | write | - | - | - |
ecs:instanceScheduledEvents:update | 授予更新计划事件操作的权限。 | write | - | - | - |
ecs:launchTemplateVersions:list | 授予查询模板版本列表的权限。 | list | - | - | - |
ecs:launchTemplates:list | 授予查询模板列表的权限。 | list | - | - | - |
ecs:launchTemplates:delete | 授予删除模板的权限。 | write | - | - | - |
ecs:launchTemplates:create | 授予创建模板的权限。 | write | - | - | - |
ecs:cloudservers:redeploy | 授予重部署云服务器的权限。 | write | instance * | - | |
ecs:cloudServers:getAutoRecovery | 授予查询虚拟机是否配置了自动恢复的权限。 | read | instance * | - | |
ecs:cloudServers:setAutoRecovery | 授予配置虚拟机自动恢复的权限。 | write | instance * | - | |
ecs:cloudServers:triggerCrashDump | 授予触发故障转储的权限。 | write | instance * | - | |
ecs:recycleBin:updatePolicy | 授予更新回收站策略的权限。 | write | - | - | - |
ecs:recycleBin:update | 授予更新回收站配置的权限。 | write | - | - | - |
ecs:recycleBin:get | 授予查询回收站配置的权限。 | read | - | - | - |
ecs:recycleBin:listServers | 授予查询回收站中云服务器列表的权限。 | list | - | - | - |
ecs:recycleBin:revertServer | 授予恢复回收站中云服务器的权限。 | write | - | - | - |
ecs:recycleBin:deleteServer | 授予删除回收站中云服务器的权限。 | write | - | - | - |
ecs:metrics:use | 授予通过原生接口注册云服务器监控的权限。 | write | - | - | |
ecs:limits:manage | 授予通过原生接口查询租户配额限制的权限。 | write | - | - | |
ecs:cloudServers:showMetadataOptions | 授予获取云服务器元数据配置的权限 | read | - | - | |
ecs:cloudServers:updateMetadataOptions | 授予更新云服务器元数据配置的权限 | write | - | - | |
ecs:cloudServers:changeNetworkInterface | 授予更新云服务器指定网卡属性的权限 | write | instance * | - |
ECS的API通常对应着一个或多个授权项。表2展示了API与授权项的关系,以及该API需要依赖的授权项。
API | 对应的授权项 | 依赖的授权项 |
|---|---|---|
POST /v1.1/{project_id}/cloudservers | ecs:cloudServers:createServers |
|
POST /v1/{project_id}/cloudservers | ecs:cloudServers:createServers |
|
POST /v1/{project_id}/cloudservers/delete | ecs:cloudServers:deleteServers | - |
POST /v1.1/{project_id}/cloudservers/{server_id}/resize | ecs:cloudServers:resize | - |
POST /v1/{project_id}/batchaction/attachvolumes/{volume_id} | ecs:cloudServers:attachSharedVolume | evs:volumes:use |
GET /v1/{project_id}/cloudservers/{server_id} | ecs:cloudServers:showServer | - |
GET /v1/{project_id}/cloudservers/{server_id}/os-interface_extension | ecs:cloudServers:showServer | - |
GET /v1/{project_id}/cloudservers/{server_id}/appendvolumequota | ecs:cloudServers:showServer | - |
POST /v1/{project_id}/cloudservers/{server_id}/attachvolume | ecs:cloudServers:attach | evs:volumes:use |
GET /v1/{project_id}/cloudservers/{server_id}/block_device | ecs:cloudServers:listServerBlockDevices | - |
GET /v1/{project_id}/cloudservers/{server_id}/block_device/{volume_id} | ecs:cloudServers:showServerBlockDevice | - |
PUT /v1/{project_id}/cloudservers/{server_id}/block_device/{volume_id} | ecs:cloudServers:updateServerBlockDevice | - |
POST /v1/{project_id}/cloudservers/{server_id}/changeos | ecs:cloudServers:changeOS | - |
DELETE /v1/{project_id}/cloudservers/{server_id}/detachvolume/{volume_id} | ecs:cloudServers:detachVolume | - |
POST /v1/{project_id}/batchaction/detachvolumes/{volume_id} | ecs:cloudServers:detachVolume | - |
POST /v1/{project_id}/cloudservers/{server_id}/metadata | ecs:cloudServers:updateMetadata | iam:agencies:pass |
DELETE /v1/{project_id}/cloudservers/{server_id}/metadata/{key} | ecs:cloudServers:deleteMetadata | - |
POST /v1/{project_id}/cloudservers/{server_id}/migrate | ecs:cloudServers:migrate | - |
GET /v1/{project_id}/cloudservers/{server_id}/os-interface | ecs:cloudServers:listServerInterfaces | - |
PUT /v1/{project_id}/cloudservers/{server_id}/os-reset-password | ecs:cloudServers:resetServerPwd | - |
GET /v1/{project_id}/cloudservers/{server_id}/os-resetpwd-flag | ecs:cloudServers:showResetPasswordFlag | - |
GET /v1/{project_id}/cloudservers/{server_id}/os-server-password | ecs:cloudServers:showServerPassword | - |
DELETE /v1/{project_id}/cloudservers/{server_id}/os-server-password | ecs:cloudServers:deletePassword | - |
GET /v1/{project_id}/cloudservers/{server_id}/os-volume_attachments | ecs:cloudServers:listServerVolumeAttachments | - |
POST /v1/{project_id}/cloudservers/{server_id}/reinstallos | ecs:cloudServers:rebuild | - |
POST /v2/{project_id}/cloudservers/{server_id}/reinstallos | ecs:cloudServers:rebuild | - |
POST /v1/{project_id}/cloudservers/{server_id}/remote_console | ecs:cloudServers:vnc | - |
POST /v1/{project_id}/cloudservers/{server_id}/resize | ecs:cloudServers:resize | - |
POST /v1/{project_id}/cloudservers/batch-resize | ecs:cloudServers:resize | - |
GET /v1/{project_id}/cloudservers/detail?flavor={flavor}&name={name}&status={status}&limit={limit}&offset={offset}¬-tags={not-tags}&reservation_id={reservation_id}&enterprise_project_id={enterprise_project_id}&tags={tags}&ip={ip} | ecs:cloudServers:listServersDetails | - |
GET /v1.1/{project_id}/cloudservers/detail | ecs:cloudServers:listServersDetails | - |
GET /v1/{project_id}/availability-zones | ecs:cloudServers:listServersDetails | - |
PUT /v1/{project_id}/cloudservers/{server_id} | ecs:cloudServers:updateServer | - |
POST /v1/{project_id}/cloudservers/{server_id}/actions/update-auto-terminate-time | ecs:cloudServers:setAutoTerminateTime | - |
POST /v1/{project_id}/cloudservers/{server_id}/nics | ecs:cloudServers:addNics | - |
POST /v1/{project_id}/cloudservers/{server_id}/nics/delete | ecs:cloudServerNics:delete | - |
GET /v1/{project_id}/cloudservers/{server_id}/tags | ecs:cloudServers:showServerTags | - |
POST /v1/{project_id}/cloudservers/{server_id}/tags/action | ecs:cloudServers:batchCreateServerTags | - |
POST /v1/{project_id}/cloudservers/{server_id}/tags/action | ecs:cloudServers:batchDeleteServerTags | - |
POST /v1/{project_id}/cloudservers/action | ecs:cloudServers:start | - |
POST /v1/{project_id}/cloudservers/action | ecs:cloudServers:stop | - |
POST /v1/{project_id}/cloudservers/action | ecs:cloudServers:reboot | - |
GET /v1/{project_id}/cloudservers/flavors?availability_zone={availability_zone}&flavor_id={flavor_id}&limit={limit}&marker={marker} | ecs:cloudServerFlavors:get | - |
GET /v1/{project_id}/cloudservers/limits | ecs:cloudServerQuotas:get | - |
PUT /v1/{project_id}/cloudservers/os-reset-passwords | ecs:cloudServers:resetServerPwd | - |
GET /v1/{project_id}/cloudservers/os-server-groups?limit={limit}&marker={marker} | ecs:cloudServers:listServerGroups | - |
POST /v1/{project_id}/cloudservers/os-server-groups | ecs:cloudServers:createServerGroup | - |
GET /v1/{project_id}/cloudservers/os-server-groups/{server_group_id} | ecs:cloudServers:showServerGroup | - |
DELETE /v1/{project_id}/cloudservers/os-server-groups/{server_group_id} | ecs:cloudServers:deleteServerGroup | - |
POST /v1/{project_id}/cloudservers/os-server-groups/{server_group_id}/action | ecs:cloudServers:addServerGroupMember | - |
POST /v1/{project_id}/cloudservers/os-server-groups/{server_group_id}/action | ecs:cloudServers:deleteServerGroupMember | - |
GET /v1/{project_id}/cloudservers/resize_flavors?instance_uuid={instance_uuid}&source_flavor_id={source_flavor_id}&source_flavor_name={source_flavor_name} | ecs:cloudServers:listResizeFlavors | - |
GET /v1/{project_id}/cloudservers/tags | ecs:cloudServers:listServerTags | - |
POST /v2/{project_id}/cloudservers/{server_id}/changeos | ecs:cloudServers:changeOS | - |
PUT /v1/{project_id}/cloudservers/server-name | ecs:cloudServers:batchUpdateServersName | - |
POST /v1/{project_id}/cloudservers/resource_instances/action | ecs:cloudServers:listServersByTag | - |
PUT /v1/{project_id}/cloudservers/{server_id}/os-interface/{port_id} | ecs:cloudServers:updateServerInterface | - |
POST /v1/{project_id}/cloudservers/{server_id}/changevpc | ecs:cloudServers:changeVpc | - |
POST /v1/{project_id}/cloudservers/actions/change-charge-mode | ecs:cloudServers:changeChargeMode |
|
GET /v3/{project_id}/instance-scheduled-events | ecs:instanceScheduledEvents:list | - |
POST /v3/{project_id}/instance-scheduled-events/{id}/actions/accept | ecs:instanceScheduledEvents:accept | - |
PUT /v3/{project_id}/instance-scheduled-events/{id} | ecs:instanceScheduledEvents:update | - |
GET /v3/{project_id}/launch-template-versions | ecs:launchTemplateVersions:list | - |
GET /v3/{project_id}/launch-templates | ecs:launchTemplates:list | - |
DELETE /v2/{domain_id}/auto-launch-groups/{auto_launch_group_id} | ecs:launchTemplates:delete | - |
POST /v3/{project_id}/launch-templates | ecs:launchTemplates:create | - |
POST /v1/{project_id}/cloudservers/{server_id}/actions/redeploy | ecs:cloudservers:redeploy | - |
GET /v1/{project_id}/cloudservers/flavor-sell-policies?flavor_id={flavor_id} | ecs:cloudServerFlavors:get | - |
GET /v1/{project_id}/cloudservers/flavors/{flavor_id}/resources | ecs:cloudServerFlavors:get | - |
GET /v1/{project_id}/cloudservers/{server_id}/autorecovery | ecs:cloudServers:getAutoRecovery | - |
PUT /v1/{project_id}/cloudservers/{server_id}/autorecovery | ecs:cloudServers:setAutoRecovery | - |
POST /v1/{project_id}/cloudservers/{server_id}/actions/trigger-crash-dump | ecs:cloudServers:triggerCrashDump | - |
PUT /v1/{project_id}/recycle-bin/policy | ecs:recycleBin:updatePolicy | - |
PUT /v1/{project_id}/recycle-bin | ecs:recycleBin:update | - |
GET /v1/{project_id}/recycle-bin | ecs:recycleBin:get | - |
POST /v1/{project_id}/recycle-bin/cloudservers/{server_id}/actions/revert | ecs:recycleBin:revertServer | - |
DELETE /v1/{project_id}/recycle-bin/cloudservers/{server_id} | ecs:recycleBin:deleteServer | - |
GET /v1/{project_id}/recycle-bin/cloudservers | ecs:recycleBin:listServers | - |
GET /v1/{project_id}/cloudservers/{server_id}/metadata-options | ecs:cloudServers:showMetadataOptions | - |
PUT /v1/{project_id}/cloudservers/{server_id}/metadata-options | ecs:cloudServers:updateMetadataOptions | - |
GET /v2.1/{project_id}/limits?project_id={project_id} | ecs:limits:manage | - |
POST /v1.0/servers/{server_id}/action | ecs:metrics:use | - |
POST /v1/{project_id}/cloudservers/{server_id}/os-interface/{port_id}/change-network-interface | ecs:cloudServers:changeNetworkInterface | - |
条件(Condition)
- 条件键表示身份策略语句的Condition元素中的键值。根据适用范围,分为全局级条件键和服务级条件键。
- 服务级条件键(前缀通常为服务缩写,如ecs:)仅适用于对应服务的操作,详情请参见#iam_11_0007/zh-cn_topic_0000002369808774_zh-cn_topic_0000001571869865_table9823560490。
