- Release Notes and Announcements
- CLB Release Notes
- [April 15, 2024] Domain Name Upgrade for Domain Name-based Public Network CLB
- [July 25, 2023] Adding Rate Limits on Shared CLB Instances
- [July 3, 2023] CLB API Authentication Upgrade
- [June 9, 2023] Adjusting the Grace Period for Pay-as-you-go CLB Instances
- [March 6, 2023] Launching Domain Name-Based Public CLBs
- [Feb. 24, 2023] Changing Health Check Source IP to 100.64.0.0/10 IP Range
- Product Introduction
- Purchase Guide
- Getting Started
- Directions
- CLB Instance
- Directions for Upgrading to Domain Name-Based CLB
- Creating CLB Instances
- Creating an IPv6 CLB Instance
- Creating IPv6 NAT64 CLB Instances
- Configure CLB Forwarding Domain Name
- Configuring CLB Security Group
- Binding Private Network CLB to EIP
- Enabling or Disabling a CLB Instance
- Cloning CLB Instances
- Exporting CLB Instances
- Upgrade to a LCU-supported instances
- Adjusting Specification of LCU-supported CLBs
- Deleting CLB Instances
- Releasing Idle CLB Instances
- Configuring Deletion Protection
- Adjusting Instance Public Network Configurations
- CLB Listener
- CLB Listener Overview
- Configuring TCP Listener
- Configuring a UDP Listener
- Configuring TCP SSL Listener
- Configuring a QUIC Listener
- Configuring an HTTP Listener
- Configuring HTTPS Listener
- Load Balancing Methods
- Session Persistence
- Layer-7 Redirection Configuration
- Layer-7 Custom Configuration
- Layer-7 Domain Name Forwarding and URL Rules
- Using QUIC Protocol on CLB
- SNI Support for Binding Multiple Certificates to a CLB Instance
- Configuring gRPC Support for Layer-7 Protocols
- Real Server
- Health Check
- Certificate Management
- Log Management
- Monitoring and Alarm
- Cloud Access Management
- Classic CLB
- CLB Instance
- Practical Tutorial
- Enabling Gzip Compression & Testing
- HTTPS Forwarding Configurations
- Obtaining Real Client IPs
- Best Practices for Configuring Load Balancing Monitoring Alerts
- Implementing HA Across Multiple AZs
- Load Balancing Algorithm Selection and Weight Configuration Examples
- Configuring WAF protection for CLB listening domain names
- Configure IAP to authenticate web access to the CLB domain and path
- Configure IAP to authenticate programmatic access to CLB's domain and path
- Ops Guide
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Instance APIs
- Listener APIs
- Backend Service APIs
- Target Group APIs
- Redirection APIs
- Other APIs
- DescribeClsLogSet
- CreateLoadBalancerSnatIps
- DeleteLoadBalancerSnatIps
- DescribeLoadBalancerListByCertId
- DescribeQuota
- ModifyLoadBalancersProject
- ReplaceCertForLoadBalancers
- SetLoadBalancerClsLog
- SetLoadBalancerSecurityGroups
- SetLoadBalancerStartStatus
- SetSecurityGroupForLoadbalancers
- CreateClsLogSet
- CreateTopic
- DescribeLoadBalancerTraffic
- DescribeResources
- DescribeTaskStatus
- InquiryPriceCreateLoadBalancer
- InquiryPriceModifyLoadBalancer
- InquiryPriceRenewLoadBalancer
- Classic CLB APIs
- Making API Requests
- Load Balancing APIs
- Data Types
- Error Codes
- CLB API 2017
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
- Release Notes and Announcements
- CLB Release Notes
- [April 15, 2024] Domain Name Upgrade for Domain Name-based Public Network CLB
- [July 25, 2023] Adding Rate Limits on Shared CLB Instances
- [July 3, 2023] CLB API Authentication Upgrade
- [June 9, 2023] Adjusting the Grace Period for Pay-as-you-go CLB Instances
- [March 6, 2023] Launching Domain Name-Based Public CLBs
- [Feb. 24, 2023] Changing Health Check Source IP to 100.64.0.0/10 IP Range
- Product Introduction
- Purchase Guide
- Getting Started
- Directions
- CLB Instance
- Directions for Upgrading to Domain Name-Based CLB
- Creating CLB Instances
- Creating an IPv6 CLB Instance
- Creating IPv6 NAT64 CLB Instances
- Configure CLB Forwarding Domain Name
- Configuring CLB Security Group
- Binding Private Network CLB to EIP
- Enabling or Disabling a CLB Instance
- Cloning CLB Instances
- Exporting CLB Instances
- Upgrade to a LCU-supported instances
- Adjusting Specification of LCU-supported CLBs
- Deleting CLB Instances
- Releasing Idle CLB Instances
- Configuring Deletion Protection
- Adjusting Instance Public Network Configurations
- CLB Listener
- CLB Listener Overview
- Configuring TCP Listener
- Configuring a UDP Listener
- Configuring TCP SSL Listener
- Configuring a QUIC Listener
- Configuring an HTTP Listener
- Configuring HTTPS Listener
- Load Balancing Methods
- Session Persistence
- Layer-7 Redirection Configuration
- Layer-7 Custom Configuration
- Layer-7 Domain Name Forwarding and URL Rules
- Using QUIC Protocol on CLB
- SNI Support for Binding Multiple Certificates to a CLB Instance
- Configuring gRPC Support for Layer-7 Protocols
- Real Server
- Health Check
- Certificate Management
- Log Management
- Monitoring and Alarm
- Cloud Access Management
- Classic CLB
- CLB Instance
- Practical Tutorial
- Enabling Gzip Compression & Testing
- HTTPS Forwarding Configurations
- Obtaining Real Client IPs
- Best Practices for Configuring Load Balancing Monitoring Alerts
- Implementing HA Across Multiple AZs
- Load Balancing Algorithm Selection and Weight Configuration Examples
- Configuring WAF protection for CLB listening domain names
- Configure IAP to authenticate web access to the CLB domain and path
- Configure IAP to authenticate programmatic access to CLB's domain and path
- Ops Guide
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Instance APIs
- Listener APIs
- Backend Service APIs
- Target Group APIs
- Redirection APIs
- Other APIs
- DescribeClsLogSet
- CreateLoadBalancerSnatIps
- DeleteLoadBalancerSnatIps
- DescribeLoadBalancerListByCertId
- DescribeQuota
- ModifyLoadBalancersProject
- ReplaceCertForLoadBalancers
- SetLoadBalancerClsLog
- SetLoadBalancerSecurityGroups
- SetLoadBalancerStartStatus
- SetSecurityGroupForLoadbalancers
- CreateClsLogSet
- CreateTopic
- DescribeLoadBalancerTraffic
- DescribeResources
- DescribeTaskStatus
- InquiryPriceCreateLoadBalancer
- InquiryPriceModifyLoadBalancer
- InquiryPriceRenewLoadBalancer
- Classic CLB APIs
- Making API Requests
- Load Balancing APIs
- Data Types
- Error Codes
- CLB API 2017
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
Operation Scenarios
Since March 23, 2020, all certificate operations of CLB have been connected to Cloud Access Management (CAM) for authentication. Therefore, when a sub-user account performs CLB certificate operations, if "You are not authorized for this operation. Please contact your developer." is displayed, you can grant certificate permissions to the sub-user account as instructed below.
Prerequisites
The logged-in account needs to be the root account or a sub-user account with CAM permissions (i.e., associated with the
QcloudCamFullAccess policy).Note:
To check whether the sub-user account has CAM permissions, go to User List in the CAM Console, enter the details page of the sub-user, and check whether the
QcloudCamFullAccess policy has been associated.If the
QcloudCamFullAccess policy is associated, but "No API permissions (message:GetReceiversOnAllType). Please contact your developer." is displayed when the sub-user performs certificate operations, they can ignore and proceed anyway.Directions
Please grant certificate permissions in the following methods:
Method 1. Associate a custom policy
1. Log in to the CAM Console.
2. On the left sidebar, click Policies.
3. Click Create Custom Policy and select Create by Policy Syntax in the pop-up box.
4. On the "Select Template Policy" page, select Blank Template and click Next.
5. On the "Edit Policy" page, enter the policy name and enter the following policy content in the "Edit Policy Content" input box:
{"version": "2.0","statement": [{"action": "name/ssl:*","resource": "qcs::ssl:::*","effect": "allow"}]}
6. Then, click Done to return to the "Policy" list page.
7. At the top of the "Policy" list page, select Custom Policy, find the row of the policy you just created in the list, and click Associate User/Group in the "Operation" column.
8. In the pop-up box, select the user to be authorized and click OK.
Method 2. Associate a preset policy
1. Log in to the CAM Console.
2. On the left sidebar, select User > User List to enter the "User List" page.
3. In the row of the sub-user to be authorized, click Authorize in the "Operation" bar.
4. In the pop-up box, select
QcloudSSLFullAccess or QcloudSSLReadOnlyAccess and click OK.
Yes
No
Was this page helpful?