- Product Overview
- Purchase Guide
- Quick Start
- Operation Guide
- Fault Action Library
- Compute
- JVM Process CPU at Full Load
- Cross-AZ Experiment in CVM
- CVM DNS Unavailability Experiment
- CVM Domain Name Parsing Tampering Experiment
- CVM System Time Skew
- CVM Disk IO Hang Fault Experiment
- CVM Memory OOM and Disk IO Load
- Experiments on CVM Intra-host Network Disorder
- CVM Kernel Faults
- Experiments on CVM Intra-host Network Latency
- High Utilization of CVM Resources (CPU, Memory, and Disk)
- Experiments on CVM Intra-host Network Corruption
- Experiments on CVM Intra-host Network Duplication
- Experiments on CVM Intra-host Network Occupation
- CVM Network Interruption
- CVM Ping Unreachable
- Cloud API Ban in CVM
- Database
- Primary-secondary Switch in TencentDB for PostgreSQL
- MySQL Instance Overall Unavailable
- Primary-secondary Switch in MySQL
- Setting Maximum Number of Connections in MySQL
- Primary Node Fault Experiment on TencentDB for MySQL
- TencentDB for MySQL Read-only Instance Group Unavailable
- Primary-secondary Switch in TDSQL for MySQM
- Primary-secondary Switch in MariaDB
- Primary-secondary Switch in TDSQL-C
- Practice of TencentDB for Redis Proxy Node Faults
- TencentDB for Redis Primary Node Fault
- Primary-secondary Nodes in TencentDB for Redis Instance Unavailable
- Simulating Primary-secondary Switch in Redis
- Simulating MongoDB Storage Node Fault
- Simulating Self-Built MySQL Crash Through Network Blocking
- Restarting TencentDB for MySQL
- Primary-secondary Switch in SQL Server
- Network
- Container
- Simulating Container Resource Network Faults
- Experiment on Container Resource Pod Operation Faults
- Experiment on Container Resource Node Faults
- Experiment on Container Resource Application Process Faults
- Standard Cluster and Serverless Cluster Super Node Faults
- Serverless Pod Fault Experiment Case
- Cluster Node Resource (CPU, Memory, Disk) Stress Test Faults
- Serverless Pod Virtual Node Shutdown Faults
- Simulating Serverless Cluster Pod Network Faults
- High Cluster Pod Resource (CPU, Memory, and Disk) Utilization Rate
- Cluster Pod TencentCloud API Ban
- Big Data
- Cloud Load Balancer
- Message Queue
- Direct Connect
- Custom Actions
- Cloud Streaming Services (CSS)
- Compute
- Permission Management Guide
- API Documentation
- FAQs
- Related Protocol
- Contact Us
- Product Overview
- Purchase Guide
- Quick Start
- Operation Guide
- Fault Action Library
- Compute
- JVM Process CPU at Full Load
- Cross-AZ Experiment in CVM
- CVM DNS Unavailability Experiment
- CVM Domain Name Parsing Tampering Experiment
- CVM System Time Skew
- CVM Disk IO Hang Fault Experiment
- CVM Memory OOM and Disk IO Load
- Experiments on CVM Intra-host Network Disorder
- CVM Kernel Faults
- Experiments on CVM Intra-host Network Latency
- High Utilization of CVM Resources (CPU, Memory, and Disk)
- Experiments on CVM Intra-host Network Corruption
- Experiments on CVM Intra-host Network Duplication
- Experiments on CVM Intra-host Network Occupation
- CVM Network Interruption
- CVM Ping Unreachable
- Cloud API Ban in CVM
- Database
- Primary-secondary Switch in TencentDB for PostgreSQL
- MySQL Instance Overall Unavailable
- Primary-secondary Switch in MySQL
- Setting Maximum Number of Connections in MySQL
- Primary Node Fault Experiment on TencentDB for MySQL
- TencentDB for MySQL Read-only Instance Group Unavailable
- Primary-secondary Switch in TDSQL for MySQM
- Primary-secondary Switch in MariaDB
- Primary-secondary Switch in TDSQL-C
- Practice of TencentDB for Redis Proxy Node Faults
- TencentDB for Redis Primary Node Fault
- Primary-secondary Nodes in TencentDB for Redis Instance Unavailable
- Simulating Primary-secondary Switch in Redis
- Simulating MongoDB Storage Node Fault
- Simulating Self-Built MySQL Crash Through Network Blocking
- Restarting TencentDB for MySQL
- Primary-secondary Switch in SQL Server
- Network
- Container
- Simulating Container Resource Network Faults
- Experiment on Container Resource Pod Operation Faults
- Experiment on Container Resource Node Faults
- Experiment on Container Resource Application Process Faults
- Standard Cluster and Serverless Cluster Super Node Faults
- Serverless Pod Fault Experiment Case
- Cluster Node Resource (CPU, Memory, Disk) Stress Test Faults
- Serverless Pod Virtual Node Shutdown Faults
- Simulating Serverless Cluster Pod Network Faults
- High Cluster Pod Resource (CPU, Memory, and Disk) Utilization Rate
- Cluster Pod TencentCloud API Ban
- Big Data
- Cloud Load Balancer
- Message Queue
- Direct Connect
- Custom Actions
- Cloud Streaming Services (CSS)
- Compute
- Permission Management Guide
- API Documentation
- FAQs
- Related Protocol
- Contact Us
Service Authorization and Role Permissions
Last updated: 2024-09-26 15:34:19
When using Tencent Smart Advisor-Chaotic Fault Generator (CFG), you may encounter various scenarios that require service authorization to access related cloud resources. Each scenario usually corresponds to the preset policies contained in different roles, mainly involving the CFG_QCSLinkedRoleInChaos role. This document will show the details of the authorization policy, authorization scenarios, and authorization steps.
Role Permissions (CFG_QCSLinkedRoleInChaos)
After you activate the CFG service, Tencent Cloud will grant your account CFG_QCSLinkedRoleInChaos role permission. This service role is associated with multiple preset policies by default. To obtain relevant permissions, it is necessary to execute the corresponding preset policy authorization operation in specific authorization scenarios. After the operation is completed, the corresponding policy will appear in the list of authorization policies for the role. The CFG_QCSLinkedRoleInChaos preset policy associated with the role includes the access permissions for the CFG service to cloud resources.
Preset Policies (QcloudAccessForCFGLinkedRoleInChaos)
Authorization Scenarios
After you register and log in to Tencent Cloud and log in to CFG Console for the first time, you need to go to Cloud Access Management page to grant current account the permissions for the CFG service to operate cloud resources such as Cloud Virtual Machine (CVM), Load Balancing (CLB), TencentCloud Automation Tools (TAT), Elastic Cache Redis (Redis), TencentDB for MySQL (CDB), Tencent Cloud Observability Platform (Monitor), and Virtual Private Cloud (VPC).
Authorization Steps
1. Log in to the CFG Console, select Experiment Management in the left sidebar, and the Service Authorization window will pop up.
2. Click Go to Authorize to enter the Role Management page.
3. Click Agree to Authorize, and after the identity verification is completed, the authorization will be successfully granted.
Permissions
Cloud Load Balancer (CLB)
Permission | Description |
clb:DescribeTargets | This permission is used to query the Cloud Load Balancer (CVM) list. |
clb:BatchModifyTargetWeight | This permission is used to batch modify the forwarding weights of the backend machines bound to the listener. |
clb:DescribeLoadBalancers | This permission is used to obtain the CLB instance list. |
clb:SetLoadBalancerSecurityGroups | This permission is used to bind load balancers with security groups. |
TencentCloud Automation Tools (TAT)
Permission | Description |
tat:DescribeAutomationAgentStatus | This permission is used to query the client status. |
tat:DescribeCommands | This permission is used to query commands. |
tat:InvokeCommand | This permission is used to trigger commands. |
tat:DescribeInvocations | This permission is used to query execution results. |
tat:RunCommand | This permission is used to execute temporary commands. |
tat:DescribeInvocationTasks | This permission is used to query execution tasks. |
Elastic Cache Redis (Redis)
Permission | Description |
redis:DescribeInstances | This permission is used to display instance contents. |
redis:KillMasterGroup | This permission is used to simulate failures. |
TencentDB for MySQL (CDB)
Permission | Description |
cdb:DescribeDBInstances | This permission is used to query the instance list. |
cdb:SwitchDBInstanceMasterSlave | This permission is used to support users to actively switch the primary-secondary instance roles. |
cdb:DescribeTasks | This permission is used to query the task list of CloudDB instances. |
cdb:ModifyInstanceParam | This permission is used to modify instance parameters. |
cdb:DescribeInstanceParams | This permission is used to query the list of configurable parameters for instances. |
cdb:DescribeInstanceParamRecords | This permission is used to query the parameter modification log of instances. |
Cloud Virtual Machine (CVM)
Permission | Description |
cvm:DescribeInstances | This permission is used to query CVM V3. |
cvm:RebootInstances | This permission is used to restart CVM V3. |
cvm:StopInstances | This permission is used to shut down CVM V3. |
cvm:StartInstances | This permission is used to start CVM V3. |
cvm:CreateSecurityGroup | This permission is used to create security groups. |
cvm:DeleteSecurityGroup | This permission is used to delete security groups. |
Cloud Monitoring (Monitor)
Permission | Description |
monitor:CreateAlarmNotice | This permission is used to create alarm notifications. |
monitor:DescribeAlarmHistories | This permission is used to query Alarm 2.0 records. |
monitor:DescribeAlarmPolicies | This permission is used to query the Alarm 2.0 policy list. |
monitor:DescribeBaseMetrics | This permission is used to pull the monitoring metric list. |
monitor:GetMonitorData | This permission is used to pull monitoring data. |
VPC
Permission | Description |
vpc:ResetNatGatewayConnection | This permission is used to adjust the maximum concurrency of the NAT gateway V3. |
vpc:DescribeNatGateways | This permission is used to query the NAT gateway V3. |
vpc:ModifyNatGatewayAttribute | This permission is used to modify the attributes of NAT gateway V3. |
Yes
No
Was this page helpful?