tencent cloud

피드백

Authorizing Sub-account with Role Assuming Policy

마지막 업데이트 시간:2024-01-23 17:52:00
A root account as the entity of a role can allow its sub-accounts to assume the role. The following example shows how to create and assign policies for role assumption.
For example, Company A wants to outsource its OPS Engineer position to Company B. The person taking the position needs the access to all Company A’s CVM resources located in the Guangzhou region.
Company A’s enterprise account CompanyExampleA (ownerUin: 12345) creates a role with the CreateRole API. The entity and name of the role are set to Company B's enterprise account CompanyExampleB (ownerUin: 67890) and DevOpsRole respectively. CompanyExampleA adds permissions to DevOpsRole. For more information, see Creating roles > Creating via APIs.
After being granted the role, Company B's enterprise account (CompanyExampleB) wants its sub-account, DevB, to perform the job. CompanyExampleB needs to authorize DevB to assume the DevOpsRole role.
1. Create a policy, AssumeRole, as follows:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": ["name/sts:AssumeRole"],
"resource": ["qcs::cam::uin/12345:roleName/DevOpsRole"]
}
]
}
2. Associate the policy with the sub-account DevB. The sub-account is now granted permissions to assume the DevOpsRole role.
3. For more information on how a sub-account can use a role after being granted the permissions, see Using roles.
문의하기

고객의 업무에 전용 서비스를 제공해드립니다.

기술 지원

더 많은 도움이 필요하시면, 티켓을 통해 연락 바랍니다. 티켓 서비스는 연중무휴 24시간 제공됩니다.

연중무휴 24시간 전화 지원