示例1:授权RAM用户管理2台指定的ECS实例。
假设您的账号购买了多个实例,而作为RAM管理员,您希望仅授权其中的2个实例给某个RAM用户。实例ID分别为i-001、i-002。
Tip: RAM子用户还是可以看到全部服务器
{
"Statement": [
{
"Action": "ecs:*",
"Effect": "Allow",
"Resource": [
"acs:ecs:*:*:instance/i-001",
"acs:ecs:*:*:instance/i-002"
]
},
{
"Action": "ecs:Describe*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "1"
}
利用标签对ECS实例进行分组授权
Tip: 其中5个实例绑定一对标签,标签键是team,标签值是dev
{
"Statement": [
{
"Action": "ecs:*",
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringEquals": {
"ecs:tag/team": "dev"
}
}
},
{
"Action": "ecs:DescribeTag*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "1"
}