- Introduction
- Purchase Guide
- Getting Started
- Advanced Guide
- Serverless Framework Component
- Operation Guide
- Practical Tutorial
- FAQs
- Framework Support
- Deploying Framework on Command Line
- Quickly Deploying Egg Framework
- Quickly Deploying Koa Framework
- Quickly Deploying Express Framework
- Quickly Deploying Next.js Framework
- Quickly Deploying Nuxt.js Framework
- Quickly Deploying Flask Framework
- Quickly Deploying Laravel Framework
- Quickly Deploying Nest.js Framework
- Quickly Deploying Django Framework
- Quickly Deploying Native WordPress Application
- Contact Us
- Introduction
- Purchase Guide
- Getting Started
- Advanced Guide
- Serverless Framework Component
- Operation Guide
- Practical Tutorial
- FAQs
- Framework Support
- Deploying Framework on Command Line
- Quickly Deploying Egg Framework
- Quickly Deploying Koa Framework
- Quickly Deploying Express Framework
- Quickly Deploying Next.js Framework
- Quickly Deploying Nuxt.js Framework
- Quickly Deploying Flask Framework
- Quickly Deploying Laravel Framework
- Quickly Deploying Nest.js Framework
- Quickly Deploying Django Framework
- Quickly Deploying Native WordPress Application
- Contact Us
CAM Overview
Cloud Access Management (CAM) is a web-based Tencent Cloud service that helps you securely manage and control access permissions, resources, and use permissions of your Tencent Cloud account. Using CAM, you can create, manage, and terminate users (groups), and control the Tencent Cloud resources that can be used by the specified user through identity and policy management.
Tencent Cloud SLS supports resource-level authorization. You can use policy syntax to grant sub-accounts permissions to manage individual resources. For more information, please see Authorization Scheme Examples.
Authorizable Resource Types
SLS supports resource-level authorization. You can grant a specified sub-account the API permission of a specified resource. APIs supporting resource-level authorization include:
| API Name | Description | Six-Segment Example of Resource |
|---|---|---|
| SaveInstance | Saves the instance information of component | qcs::sls:${Region}:uin/:appname/${AppName}/stagename/${StageName} |
| GetInstance | Gets the instance information of component | qcs::sls:${Region}:uin/:appname/${AppName}/stagename/${StageName} |
| ListInstances | Gets the instance list information of component | qcs::sls:${Region}:uin/:appname/${AppName}/stagename/${StageName} |
| RunComponent | Runs component instance | qcs::sls:${Region}:uin/:appname/${AppName}/stagename/${StageName} |
| RunFinishComponent | Finishes running component instance | qcs::sls:${Region}:uin/:appname/${AppName}/stagename/${StageName} |
Authorization Scheme Examples
Six-Segment resource description
| Parameter | Required | Description |
|---|---|---|
| qcs | Yes | Tencent Cloud service abbreviation, which indicates a resource of Tencent Cloud. |
| project_id | Yes | Project information description, which is only used to enable compatibility with legacy CAM logic. |
| service_type | Yes | Product abbreviation, which is sls for Serverless Framework. |
| region | Yes | Region information, such as bj. For more information, please see Region List. |
| account | No | Root account of resource owner, such as uin/164256472. If it is empty, it indicates the root account of the CAM user who creates the policy. |
| resource | Yes | Detailed resource information of each product, which is qcs::sls:${Region}:uin/:appname/${AppName}/stagename/${StageName} for Serverless Framework |
Sample
You can log in to the CAM console as a root account to configure and manage the permissions of Serverless Framework. Currently, Serverless Framework provides two preset policies for full access permission and read-only access permission:
Full access permission
- Grant a sub-account full access to Serverless Framework (SLS).
- Policy name: QcloudSLSFullAccess
{
"version": "2.0",
"statement": [
{
"action": [
"sls:*"
],
"resource": "*",
"effect": "allow"
}
]
}
Read-only access permission
- Grant a sub-account read-only access to Serverless SSR (SLS).
- Policy name: QcloudSLSReadOnlyAccess
{
"version": "2.0",
"statement": [
{
"action": [
"sls:Get*",
"sls:List*"
],
"resource": "*",
"effect": "allow"
}
]
}
Sub-account Resource Management
- The sub-account can access and manage the resources authorized to it by the root account.
- If the sub-account has the permission to create resources and pay bills, it can purchase resources by itself in the normal process, and the root account will be charged.
Yes
No
Was this page helpful?