Tencent Smart Advisor-Chaotic Fault Generator
- Purchase Guide
- Operation Guide
- Template Library
- Experiments
- Fault Action
- Guardrail Monitoring
- Fault Action Library
- Compute
- Database
- Container
- Big Data
- Cloud Load Balancer
- Message Queue
- Direct Connect
- Custom Actions
- Permission Management Guide
- API Documentation
- Making API Requests
- Task APIs
- Template Library APIs
- Related Protocol
DocumentationTencent Smart Advisor-Chaotic Fault GeneratorPermission Management GuideService Authorization and Role Permissions
Service Authorization and Role Permissions
Last updated: 2024-09-26 15:34:19
When using Tencent Smart Advisor-Chaotic Fault Generator (CFG), you may encounter various scenarios that require service authorization to access related cloud resources. Each scenario usually corresponds to the preset policies contained in different roles, mainly involving the CFG_QCSLinkedRoleInChaos role. This document will show the details of the authorization policy, authorization scenarios, and authorization steps.
Role Permissions (CFG_QCSLinkedRoleInChaos)
After you activate the CFG service, Tencent Cloud will grant your account CFG_QCSLinkedRoleInChaos role permission. This service role is associated with multiple preset policies by default. To obtain relevant permissions, it is necessary to execute the corresponding preset policy authorization operation in specific authorization scenarios. After the operation is completed, the corresponding policy will appear in the list of authorization policies for the role. The CFG_QCSLinkedRoleInChaos preset policy associated with the role includes the access permissions for the CFG service to cloud resources.
Preset Policies (QcloudAccessForCFGLinkedRoleInChaos)
Authorization Scenarios
After you register and log in to Tencent Cloud and log in to CFG Console for the first time, you need to go to Cloud Access Management page to grant current account the permissions for the CFG service to operate cloud resources such as Cloud Virtual Machine (CVM), Load Balancing (CLB), TencentCloud Automation Tools (TAT), Elastic Cache Redis (Redis), TencentDB for MySQL (CDB), Tencent Cloud Observability Platform (Monitor), and Virtual Private Cloud (VPC).
Authorization Steps
1. Log in to the CFG Console, select Experiment Management in the left sidebar, and the Service Authorization window will pop up.
2. Click Go to Authorize to enter the Role Management page.
3. Click Agree to Authorize, and after the identity verification is completed, the authorization will be successfully granted.
Permissions
Cloud Load Balancer (CLB)
Permission | Description |
clb:DescribeTargets | This permission is used to query the Cloud Load Balancer (CVM) list. |
clb:BatchModifyTargetWeight | This permission is used to batch modify the forwarding weights of the backend machines bound to the listener. |
clb:DescribeLoadBalancers | This permission is used to obtain the CLB instance list. |
clb:SetLoadBalancerSecurityGroups | This permission is used to bind load balancers with security groups. |
TencentCloud Automation Tools (TAT)
Permission | Description |
tat:DescribeAutomationAgentStatus | This permission is used to query the client status. |
tat:DescribeCommands | This permission is used to query commands. |
tat:InvokeCommand | This permission is used to trigger commands. |
tat:DescribeInvocations | This permission is used to query execution results. |
tat:RunCommand | This permission is used to execute temporary commands. |
tat:DescribeInvocationTasks | This permission is used to query execution tasks. |
Elastic Cache Redis (Redis)
Permission | Description |
redis:DescribeInstances | This permission is used to display instance contents. |
redis:KillMasterGroup | This permission is used to simulate failures. |
TencentDB for MySQL (CDB)
Permission | Description |
cdb:DescribeDBInstances | This permission is used to query the instance list. |
cdb:SwitchDBInstanceMasterSlave | This permission is used to support users to actively switch the primary-secondary instance roles. |
cdb:DescribeTasks | This permission is used to query the task list of CloudDB instances. |
cdb:ModifyInstanceParam | This permission is used to modify instance parameters. |
cdb:DescribeInstanceParams | This permission is used to query the list of configurable parameters for instances. |
cdb:DescribeInstanceParamRecords | This permission is used to query the parameter modification log of instances. |
Cloud Virtual Machine (CVM)
Permission | Description |
cvm:DescribeInstances | This permission is used to query CVM V3. |
cvm:RebootInstances | This permission is used to restart CVM V3. |
cvm:StopInstances | This permission is used to shut down CVM V3. |
cvm:StartInstances | This permission is used to start CVM V3. |
cvm:CreateSecurityGroup | This permission is used to create security groups. |
cvm:DeleteSecurityGroup | This permission is used to delete security groups. |
Cloud Monitoring (Monitor)
Permission | Description |
monitor:CreateAlarmNotice | This permission is used to create alarm notifications. |
monitor:DescribeAlarmHistories | This permission is used to query Alarm 2.0 records. |
monitor:DescribeAlarmPolicies | This permission is used to query the Alarm 2.0 policy list. |
monitor:DescribeBaseMetrics | This permission is used to pull the monitoring metric list. |
monitor:GetMonitorData | This permission is used to pull monitoring data. |
VPC
Permission | Description |
vpc:ResetNatGatewayConnection | This permission is used to adjust the maximum concurrency of the NAT gateway V3. |
vpc:DescribeNatGateways | This permission is used to query the NAT gateway V3. |
vpc:ModifyNatGatewayAttribute | This permission is used to modify the attributes of NAT gateway V3. |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No