tencent cloud

피드백

VPC Access Management Policy Examples

마지막 업데이트 시간:2024-10-22 16:16:43

    Full Read-Write Policy of VPC

    The following policy allows you to create and manage VPC instances. You can associate this policy with a group of network admins. The Action element specifies all VPC-related APIs.
    {
    "version": "2.0",
    "statement": [
    {
    "action": [
    "name/vpc:*"
    ],
    "resource": "*",
    "effect": "allow"
    }
    ]
    }

    Read-only Policy of VPC

    The following policy allows you to query your VPC instances and relevant resources. However, you cannot create, update, or delete them with this policy. We recommend that you grant the VPC read-only permission for users, because they have to be able to view the resource in order to operate it in the console.
    {
    "version": "2.0",
    "statement": [
    {
    "action": [
    "name/vpc:Describe*",
    "name/vpc:Inquiry*",
    "name/vpc:Get*"
    ],
    "resource": "*",
    "effect": "allow"
    }
    ]
    }

    Allowing a Sub-Account to Manage Only a Single VPC

    The following policy allows a user to view all VPC instances but only to be able to operate VPC A (for example, VPC A with an ID of vpc-d08sl2zr) and network resources in VPC A (such as subnets and route tables, but excluding cloud virtual machines (CVMs) and databases). In other words, the user is not allowed to manage other VPC instances. This version does not support allowing the user to see A only, which however will be supported in future versions.
    {
    "version": "2.0",
    "statement": [
    {
    "action": "name/vpc:*",
    "resource": "*",
    "effect": "allow",
    "condition": {
    "string_equal_if_exist": {
    "vpc:vpc": [
    "vpc-d08sl2zr"
    ],
    "vpc:accepter_vpc": [
    "vpc-d08sl2zr"
    ],
    "vpc:requester_vpc": [
    "vpc-d08sl2zr"
    ]
    }
    }
    }
    ]
    }

    Allowing a User to Manage VPC Instances But Not Operate Route Tables

    The following policy allows a user to read and write VPC instances and relevant resources, but disallows the user to operate route tables.
    {
    "version": "2.0",
    "statement": [
    {
    "action": [
    "name/vpc:*"
    ],
    "resource": "*",
    "effect": "allow"
    },
    {
    "action": [
    "name/vpc:AssociateRouteTable",
    "name/vpc:CreateRoute",
    "name/vpc:CreateRouteTable",
    "name/vpc:DeleteRoute",
    "name/vpc:DeleteRouteTable",
    "name/vpc:ModifyRouteTableAttribute"
    ],
    "resource": "*",
    "effect": "deny"
    }
    ]
    }

    Allowing a User to Manage VPN Resources

    The following policy allows a user to view all VPC resources, while only allows the user to create, read, update, and delete (CRUD) the resources on VPNs.
    {
    "version": "2.0",
    "statement": [
    {
    "action": [
    "name/vpc:Describe*",
    "name/vpc:Inquiry*",
    "name/vpc:Get*"
    ],
    "resource": "*",
    "effect": "allow"
    },
    {
    "action": [
    "name/vpc:*Vpn*",
    "name/vpc:*UserGw*"
    ],
    "resource": "*",
    "effect": "allow"
    }
    ]
    }
    문의하기

    고객의 업무에 전용 서비스를 제공해드립니다.

    기술 지원

    더 많은 도움이 필요하시면, 티켓을 통해 연락 바랍니다. 티켓 서비스는 연중무휴 24시간 제공됩니다.

    연중무휴 24시간 전화 지원