弹性云服务器 ECS
操作(Action)
- “资源类型”列指每个操作是否支持资源级权限。
关于ECS定义的资源类型的详细信息请参见#iam_11_0007/zh-cn_topic_0000002369808774_zh-cn_topic_0000001571869865_zh-cn_topic_0000001492517298_section37181412519。
- “条件键”列包括了可以在身份策略语句的Condition元素中支持指定的键值。
关于ECS定义的条件键的详细信息请参见条件(Condition)。
|
授权项 |
描述 |
访问级别 |
资源类型(*为必须) |
条件键 |
别名 |
|---|---|---|---|---|---|
|
ecs:cloudServers:createServers |
授予创建ECS云服务器的权限。 |
write |
- |
ecs:cloudServers:create |
|
|
ecs:cloudServers:deleteServers |
授予删除ECS云服务器的权限。 |
write |
instance * |
- |
ecs:cloudServers:delete |
|
ecs:cloudServers:resize |
授予变更云服务器规格的权限。 |
write |
instance * |
- |
|
|
ecs:cloudServers:attachSharedVolume |
授予批量挂载指定共享盘的权限。 |
write |
instance * |
|
- |
|
ecs:cloudServers:showServer |
授予查询云服务器详情的权限。 |
read |
instance * |
ecs:cloudServers:get |
|
|
ecs:cloudServers:attach |
授予云服务器挂载磁盘的权限。 |
write |
instance * |
|
- |
|
ecs:cloudServers:showServerBlockDevice |
授予查询弹性云服务器单个磁盘信息的权限。 |
read |
instance * |
- |
ecs:cloudServers:get |
|
ecs:cloudServers:updateServerBlockDevice |
授予修改云服务器挂载的单个磁盘信息的权限。 |
write |
instance * |
- |
ecs:cloudServers:put |
|
ecs:cloudServers:changeOS |
授予切换弹性云服务器操作系统的权限。 |
write |
instance * |
- |
|
|
ecs:cloudServers:detachVolume |
授予弹性云服务器卸载磁盘的权限。 |
write |
instance * |
- |
|
|
ecs:cloudServers:updateMetadata |
授予更新云服务器元数据的权限。 |
write |
instance * |
- |
- |
|
ecs:cloudServers:deleteMetadata |
授予删除云服务器指定元数据的权限。 |
write |
instance * |
- |
- |
|
ecs:cloudServers:migrate |
授予冷迁移云服务器的权限。 |
write |
instance * |
- |
- |
|
ecs:cloudServers:listServerInterfaces |
授予查询云服务器网卡信息的权限。 |
list |
instance * |
- |
ecs:cloudServers:get |
|
ecs:cloudServers:showResetPasswordFlag |
授予查询是否支持一键重置密码的权限。 |
read |
instance * |
- |
ecs:cloudServers:get |
|
ecs:cloudServers:showServerPassword |
授予云服务器获取密码的权限。 |
read |
instance * |
- |
ecs:cloudServers:get |
|
ecs:cloudServers:deletePassword |
授予云服务器清除密码的权限。 |
write |
instance * |
- |
- |
|
ecs:cloudServers:listServerVolumeAttachments |
授予查询弹性云服务器挂载磁盘信息的权限。 |
list |
instance * |
- |
ecs:cloudServers:get |
|
ecs:cloudServers:rebuild |
授予重装弹性云服务器操作系统的权限。 |
write |
instance * |
|
- |
|
ecs:cloudServers:vnc |
授予获取VNC远程登录地址的权限。 |
read |
instance * |
- |
- |
|
ecs:cloudServers:updateServer |
授予修改弹性云服务器的权限。 |
write |
instance * |
- |
ecs:cloudServers:put |
|
ecs:cloudServers:setAutoTerminateTime |
授予设置弹性云服务器自动销毁时间的权限。 |
write |
instance * |
- |
- |
|
ecs:cloudServers:addNics |
授予批量添加云服务器网卡的权限。 |
write |
instance * |
- |
|
|
ecs:cloudServerNics:delete |
授予批量删除云服务器网卡的权限。 |
write |
instance * |
- |
- |
|
ecs:cloudServers:showServerTags |
授予查询云服务器标签的权限。 |
list |
instance * |
- |
ecs:cloudServers:get |
|
ecs:cloudServers:batchCreateServerTags |
授予批量添加云服务器标签的权限。 |
write |
instance * |
|
|
|
ecs:cloudServers:batchDeleteServerTags |
授予批量删除云服务器标签的权限。 |
write |
instance * |
|
|
|
ecs:cloudServers:start |
授予批量启动云服务器的权限。 |
write |
instance * |
- |
- |
|
ecs:cloudServers:stop |
授予批量关闭云服务器的权限。 |
write |
instance * |
- |
- |
|
ecs:cloudServers:reboot |
授予批量重启云服务器的权限。 |
write |
instance * |
- |
- |
|
ecs:cloudServers:batchUpdateServersName |
授予批量修改弹性云服务器信息的权限。 |
write |
instance * |
- |
ecs:cloudServers:put |
|
ecs:cloudServers:listServersDetails |
授予查询云服务器详情列表的权限。 |
list |
- |
ecs:cloudServers:list |
|
|
ecs:cloudServerFlavors:get |
授予查询云服务器规格详情和扩展信息列表的权限。 |
read |
- |
- |
- |
|
ecs:cloudServerQuotas:get |
授予查询租户配额的权限。 |
read |
- |
- |
- |
|
ecs:cloudServers:updateServerInterface |
授予更新云服务器网卡挂载信息的权限。 |
write |
instance * |
- |
ecs:cloudServerNics:update |
|
ecs:cloudServers:resetServerPwd |
授予一键重置弹性云服务器密码的权限。 |
write |
instance * |
- |
|
|
ecs:cloudServers:listServerGroups |
授予查询云服务器组列表的权限。 |
list |
- |
- |
ecs:cloudServers:list |
|
ecs:cloudServers:createServerGroup |
授予创建云服务器组的权限。 |
write |
- |
- |
ecs:cloudServers:create |
|
ecs:cloudServers:showServerGroup |
授予查询云服务器组详情的权限。 |
read |
- |
- |
ecs:cloudServers:get |
|
ecs:cloudServers:deleteServerGroup |
授予删除云服务器组的权限。 |
write |
- |
- |
ecs:cloudServers:delete |
|
ecs:cloudServers:addServerGroupMember |
授予添加云服务器组成员的权限。 |
write |
- |
- |
ecs:cloudServers:create |
|
ecs:cloudServers:deleteServerGroupMember |
授予删除云服务器组成员的权限。 |
write |
- |
- |
ecs:cloudServers:delete |
|
ecs:cloudServers:listServersByTag |
授予按标签查询云服务器列表的权限。 |
list |
- |
- |
ecs:cloudServers:list |
|
ecs:cloudServers:listResizeFlavors |
授予查询云服务器规格变更支持列表的权限。 |
list |
- |
- |
ecs:cloudServers:list |
|
ecs:cloudServers:listServerTags |
授予查询项目标签的权限。 |
list |
- |
- |
ecs:cloudServers:list |
|
ecs:cloudServers:changeVpc |
授予切换云服务器的VPC的权限。 |
write |
instance * |
- |
|
|
ecs:cloudServers:changeChargeMode |
授予变更云服务器计费方式的权限。 |
write |
instance * |
- |
- |
|
ecs:instanceScheduledEvents:list |
授予查询计划事件列表的权限。 |
list |
- |
- |
- |
|
ecs:instanceScheduledEvents:accept |
授予接受并授权执行计划事件操作的权限。 |
write |
- |
- |
- |
|
ecs:instanceScheduledEvents:update |
授予更新计划事件操作的权限。 |
write |
- |
- |
- |
|
ecs:launchTemplateVersions:list |
授予查询模板版本列表的权限。 |
list |
- |
- |
- |
|
ecs:launchTemplates:list |
授予查询模板列表的权限。 |
list |
- |
- |
- |
|
ecs:launchTemplates:delete |
授予删除模板的权限。 |
write |
- |
- |
- |
|
ecs:launchTemplates:create |
授予创建模板的权限。 |
write |
- |
- |
- |
|
ecs:cloudservers:redeploy |
授予重部署云服务器的权限。 |
write |
instance * |
- |
- |
|
ecs:cloudServers:getAutoRecovery |
授予查询虚拟机是否配置了自动恢复的权限。 |
read |
instance * |
- |
- |
|
ecs:cloudServers:setAutoRecovery |
授予配置虚拟机自动恢复的权限。 |
write |
instance * |
- |
- |
|
ecs:cloudServers:triggerCrashDump |
授予触发故障转储的权限。 |
write |
instance * |
- |
- |
|
ecs:recycleBin:updatePolicy |
授予更新回收站策略的权限。 |
write |
- |
- |
- |
|
ecs:recycleBin:update |
授予更新回收站配置的权限。 |
write |
- |
- |
- |
|
ecs:recycleBin:get |
授予查询回收站配置的权限。 |
read |
- |
- |
- |
|
ecs:recycleBin:listServers |
授予查询回收站中云服务器列表的权限。 |
list |
- |
- |
- |
|
ecs:recycleBin:revertServer |
授予恢复回收站中云服务器的权限。 |
write |
- |
- |
- |
|
ecs:recycleBin:deleteServer |
授予删除回收站中云服务器的权限。 |
write |
- |
- |
- |
|
ecs:metrics:use |
授予通过原生接口注册云服务器监控的权限。 |
write |
- |
- |
|
|
ecs:limits:manage |
授予通过原生接口查询租户配额限制的权限。 |
write |
- |
- |
|
|
ecs:cloudServers:showMetadataOptions |
授予获取云服务器元数据配置的权限 |
read |
- |
- |
|
|
ecs:cloudServers:updateMetadataOptions |
授予更新云服务器元数据配置的权限 |
write |
- |
- |
|
|
ecs:cloudServers:changeNetworkInterface |
授予更新云服务器指定网卡属性的权限 |
write |
instance * |
- |
ECS的API通常对应着一个或多个授权项。表2展示了API与授权项的关系,以及该API需要依赖的授权项。
|
API |
对应的授权项 |
依赖的授权项 |
|---|---|---|
|
POST /v1.1/{project_id}/cloudservers |
ecs:cloudServers:createServers |
|
|
POST /v1/{project_id}/cloudservers |
ecs:cloudServers:createServers |
|
|
POST /v1/{project_id}/cloudservers/delete |
ecs:cloudServers:deleteServers |
- |
|
POST /v1.1/{project_id}/cloudservers/{server_id}/resize |
ecs:cloudServers:resize |
- |
|
POST /v1/{project_id}/batchaction/attachvolumes/{volume_id} |
ecs:cloudServers:attachSharedVolume |
evs:volumes:use |
|
GET /v1/{project_id}/cloudservers/{server_id} |
ecs:cloudServers:showServer |
- |
|
GET /v1/{project_id}/cloudservers/{server_id}/os-interface_extension |
ecs:cloudServers:showServer |
- |
|
GET /v1/{project_id}/cloudservers/{server_id}/appendvolumequota |
ecs:cloudServers:showServer |
- |
|
POST /v1/{project_id}/cloudservers/{server_id}/attachvolume |
ecs:cloudServers:attach |
evs:volumes:use |
|
GET /v1/{project_id}/cloudservers/{server_id}/block_device |
ecs:cloudServers:listServerBlockDevices |
- |
|
GET /v1/{project_id}/cloudservers/{server_id}/block_device/{volume_id} |
ecs:cloudServers:showServerBlockDevice |
- |
|
PUT /v1/{project_id}/cloudservers/{server_id}/block_device/{volume_id} |
ecs:cloudServers:updateServerBlockDevice |
- |
|
POST /v1/{project_id}/cloudservers/{server_id}/changeos |
ecs:cloudServers:changeOS |
- |
|
DELETE /v1/{project_id}/cloudservers/{server_id}/detachvolume/{volume_id} |
ecs:cloudServers:detachVolume |
- |
|
POST /v1/{project_id}/batchaction/detachvolumes/{volume_id} |
ecs:cloudServers:detachVolume |
- |
|
POST /v1/{project_id}/cloudservers/{server_id}/metadata |
ecs:cloudServers:updateMetadata |
iam:agencies:pass |
|
DELETE /v1/{project_id}/cloudservers/{server_id}/metadata/{key} |
ecs:cloudServers:deleteMetadata |
- |
|
POST /v1/{project_id}/cloudservers/{server_id}/migrate |
ecs:cloudServers:migrate |
- |
|
GET /v1/{project_id}/cloudservers/{server_id}/os-interface |
ecs:cloudServers:listServerInterfaces |
- |
|
PUT /v1/{project_id}/cloudservers/{server_id}/os-reset-password |
ecs:cloudServers:resetServerPwd |
- |
|
GET /v1/{project_id}/cloudservers/{server_id}/os-resetpwd-flag |
ecs:cloudServers:showResetPasswordFlag |
- |
|
GET /v1/{project_id}/cloudservers/{server_id}/os-server-password |
ecs:cloudServers:showServerPassword |
- |
|
DELETE /v1/{project_id}/cloudservers/{server_id}/os-server-password |
ecs:cloudServers:deletePassword |
- |
|
GET /v1/{project_id}/cloudservers/{server_id}/os-volume_attachments |
ecs:cloudServers:listServerVolumeAttachments |
- |
|
POST /v1/{project_id}/cloudservers/{server_id}/reinstallos |
ecs:cloudServers:rebuild |
- |
|
POST /v2/{project_id}/cloudservers/{server_id}/reinstallos |
ecs:cloudServers:rebuild |
- |
|
POST /v1/{project_id}/cloudservers/{server_id}/remote_console |
ecs:cloudServers:vnc |
- |
|
POST /v1/{project_id}/cloudservers/{server_id}/resize |
ecs:cloudServers:resize |
- |
|
POST /v1/{project_id}/cloudservers/batch-resize |
ecs:cloudServers:resize |
- |
|
GET /v1/{project_id}/cloudservers/detail?flavor={flavor}&name={name}&status={status}&limit={limit}&offset={offset}¬-tags={not-tags}&reservation_id={reservation_id}&enterprise_project_id={enterprise_project_id}&tags={tags}&ip={ip} |
ecs:cloudServers:listServersDetails |
- |
|
GET /v1.1/{project_id}/cloudservers/detail |
ecs:cloudServers:listServersDetails |
- |
|
GET /v1/{project_id}/availability-zones |
ecs:cloudServers:listServersDetails |
- |
|
PUT /v1/{project_id}/cloudservers/{server_id} |
ecs:cloudServers:updateServer |
- |
|
POST /v1/{project_id}/cloudservers/{server_id}/actions/update-auto-terminate-time |
ecs:cloudServers:setAutoTerminateTime |
- |
|
POST /v1/{project_id}/cloudservers/{server_id}/nics |
ecs:cloudServers:addNics |
- |
|
POST /v1/{project_id}/cloudservers/{server_id}/nics/delete |
ecs:cloudServerNics:delete |
- |
|
GET /v1/{project_id}/cloudservers/{server_id}/tags |
ecs:cloudServers:showServerTags |
- |
|
POST /v1/{project_id}/cloudservers/{server_id}/tags/action |
ecs:cloudServers:batchCreateServerTags |
- |
|
POST /v1/{project_id}/cloudservers/{server_id}/tags/action |
ecs:cloudServers:batchDeleteServerTags |
- |
|
POST /v1/{project_id}/cloudservers/action |
ecs:cloudServers:start |
- |
|
POST /v1/{project_id}/cloudservers/action |
ecs:cloudServers:stop |
- |
|
POST /v1/{project_id}/cloudservers/action |
ecs:cloudServers:reboot |
- |
|
GET /v1/{project_id}/cloudservers/flavors?availability_zone={availability_zone}&flavor_id={flavor_id}&limit={limit}&marker={marker} |
ecs:cloudServerFlavors:get |
- |
|
GET /v1/{project_id}/cloudservers/limits |
ecs:cloudServerQuotas:get |
- |
|
PUT /v1/{project_id}/cloudservers/os-reset-passwords |
ecs:cloudServers:resetServerPwd |
- |
|
GET /v1/{project_id}/cloudservers/os-server-groups?limit={limit}&marker={marker} |
ecs:cloudServers:listServerGroups |
- |
|
POST /v1/{project_id}/cloudservers/os-server-groups |
ecs:cloudServers:createServerGroup |
- |
|
GET /v1/{project_id}/cloudservers/os-server-groups/{server_group_id} |
ecs:cloudServers:showServerGroup |
- |
|
DELETE /v1/{project_id}/cloudservers/os-server-groups/{server_group_id} |
ecs:cloudServers:deleteServerGroup |
- |
|
POST /v1/{project_id}/cloudservers/os-server-groups/{server_group_id}/action |
ecs:cloudServers:addServerGroupMember |
- |
|
POST /v1/{project_id}/cloudservers/os-server-groups/{server_group_id}/action |
ecs:cloudServers:deleteServerGroupMember |
- |
|
GET /v1/{project_id}/cloudservers/resize_flavors?instance_uuid={instance_uuid}&source_flavor_id={source_flavor_id}&source_flavor_name={source_flavor_name} |
ecs:cloudServers:listResizeFlavors |
- |
|
GET /v1/{project_id}/cloudservers/tags |
ecs:cloudServers:listServerTags |
- |
|
POST /v2/{project_id}/cloudservers/{server_id}/changeos |
ecs:cloudServers:changeOS |
- |
|
PUT /v1/{project_id}/cloudservers/server-name |
ecs:cloudServers:batchUpdateServersName |
- |
|
POST /v1/{project_id}/cloudservers/resource_instances/action |
ecs:cloudServers:listServersByTag |
- |
|
PUT /v1/{project_id}/cloudservers/{server_id}/os-interface/{port_id} |
ecs:cloudServers:updateServerInterface |
- |
|
POST /v1/{project_id}/cloudservers/{server_id}/changevpc |
ecs:cloudServers:changeVpc |
- |
|
POST /v1/{project_id}/cloudservers/actions/change-charge-mode |
ecs:cloudServers:changeChargeMode |
|
|
GET /v3/{project_id}/instance-scheduled-events |
ecs:instanceScheduledEvents:list |
- |
|
POST /v3/{project_id}/instance-scheduled-events/{id}/actions/accept |
ecs:instanceScheduledEvents:accept |
- |
|
PUT /v3/{project_id}/instance-scheduled-events/{id} |
ecs:instanceScheduledEvents:update |
- |
|
GET /v3/{project_id}/launch-template-versions |
ecs:launchTemplateVersions:list |
- |
|
GET /v3/{project_id}/launch-templates |
ecs:launchTemplates:list |
- |
|
DELETE /v2/{domain_id}/auto-launch-groups/{auto_launch_group_id} |
ecs:launchTemplates:delete |
- |
|
POST /v3/{project_id}/launch-templates |
ecs:launchTemplates:create |
- |
|
POST /v1/{project_id}/cloudservers/{server_id}/actions/redeploy |
ecs:cloudservers:redeploy |
- |
|
GET /v1/{project_id}/cloudservers/flavor-sell-policies?flavor_id={flavor_id} |
ecs:cloudServerFlavors:get |
- |
|
GET /v1/{project_id}/cloudservers/flavors/{flavor_id}/resources |
ecs:cloudServerFlavors:get |
- |
|
GET /v1/{project_id}/cloudservers/{server_id}/autorecovery |
ecs:cloudServers:getAutoRecovery |
- |
|
PUT /v1/{project_id}/cloudservers/{server_id}/autorecovery |
ecs:cloudServers:setAutoRecovery |
- |
|
POST /v1/{project_id}/cloudservers/{server_id}/actions/trigger-crash-dump |
ecs:cloudServers:triggerCrashDump |
- |
|
PUT /v1/{project_id}/recycle-bin/policy |
ecs:recycleBin:updatePolicy |
- |
|
PUT /v1/{project_id}/recycle-bin |
ecs:recycleBin:update |
- |
|
GET /v1/{project_id}/recycle-bin |
ecs:recycleBin:get |
- |
|
POST /v1/{project_id}/recycle-bin/cloudservers/{server_id}/actions/revert |
ecs:recycleBin:revertServer |
- |
|
DELETE /v1/{project_id}/recycle-bin/cloudservers/{server_id} |
ecs:recycleBin:deleteServer |
- |
|
GET /v1/{project_id}/recycle-bin/cloudservers |
ecs:recycleBin:listServers |
- |
|
GET /v1/{project_id}/cloudservers/{server_id}/metadata-options |
ecs:cloudServers:showMetadataOptions |
- |
|
PUT /v1/{project_id}/cloudservers/{server_id}/metadata-options |
ecs:cloudServers:updateMetadataOptions |
- |
|
GET /v2.1/{project_id}/limits?project_id={project_id} |
ecs:limits:manage |
- |
|
POST /v1.0/servers/{server_id}/action |
ecs:metrics:use |
- |
|
POST /v1/{project_id}/cloudservers/{server_id}/os-interface/{port_id}/change-network-interface |
ecs:cloudServers:changeNetworkInterface |
- |
条件(Condition)
- 条件键表示身份策略语句的Condition元素中的键值。根据适用范围,分为全局级条件键和服务级条件键。
- 服务级条件键(前缀通常为服务缩写,如ecs:)仅适用于对应服务的操作,详情请参见#iam_11_0007/zh-cn_topic_0000002369808774_zh-cn_topic_0000001571869865_table9823560490。
