阿里云根据标签限制RAM用户使用

/ 0评 / 2

遇到问题,新建的一批ECS,怕别的子账号误操作,取消这些账号权限
创建自定义权限策略管理,然后把需要限制的ram账号应用这个权限

下面自定义权限是禁止操作标签aaa,值bbb的ECS,并且不允许操作标签相关的接口权限

{
"Statement": [
{
"Effect": "Deny",
"Action": "ecs:*",
"Resource": "*",
"Condition": {
"StringEquals": {
"ecs:tag/aaa": "bbb"
}
}
},
{
"Action": "ecs:DescribeTag*",
"Effect": "Allow",
"Resource": "*"
},
{
"Effect": "Deny",
"Action": [
"ecs:DeleteTags",
"ecs:UntagResources",
"ecs:CreateTags",
"ecs:TagResources"
],
"Resource": "*"
}
],
"Version": "1"
}

参考
https://www.alibabacloud.com/help/zh/doc-detail/58900.htm
https://www.alibabacloud.com/help/zh/doc-detail/67912.htm?spm=a2c63.p38356.b99.150.4a832a95Jh9PIF
https://antchain.antgroup.com/docs/2/148890

"ecs:tag/aso": "dev"

aaa是标签 建值
bbb是标签 值

发表评论

邮箱地址不会被公开。 必填项已用*标注