tencent cloud

피드백

Resource-based Service Roles

마지막 업데이트 시간:2024-01-23 17:52:00

    Overview

    A role is a virtual identity with an array of permissions. It serves to grant permissions of access to services, operations, and resources within Tencent Cloud to a role carrier. You can associate roles with cloud resources, allowing them to access other cloud product APIs based on Tencent Cloud Security Credential Service STS temporary keys (which can be periodically updated). Compared with direct control via persistent keys, this method further ensures the security of persistent keys under the account and allows more refined control and permission management via role association policies.

    Advantages

    After a CAM role is bound to cloud resources, the following features and advantages are bestowed:
    Access Tencent Cloud's other cloud services through STS temporary keys. For more details, please refer to AssumeRole.
    Assign roles with varying access policies to different resources, enabling differentiated access privileges across different cloud services, hence advocating precision granularity in permission control.
    Be free from manually saving persistent keys within instances. Access rights can be swiftly altered and maintained by modifying the role's authorization.

    Directions

    Example: Binding a service role to a container instance

    Scenario example: Allowing container instances to upload logs to the Cloud Log Service.
    1. Create a policy, role-tke-cls.
    (1) Enter the Tencent Cloud Console, and navigate to the Cloud Access Management > Policies page.
    (2) Click Create Custom Policy, and customize a policy role-tke-cls.
    (3) Customize a policy that allows log uploads (Note: different policies can be assigned to roles in different scenarios).
    
    (4)The policy is created.
    2. Create a role instance-role.
    (1) Enter the Tencent Cloud Console, and navigate to the Cloud Access Management > Roles page.
    (2) Click Create Role, and customize a role instance-role.
    (3) Select Cloud Server (CVM) for the role carrier.
    
    (4) The role is created.
    
    3. Bind the role to the container instance.
    (1) Enter the Tencent Cloud Console, and navigate to the Container Instance List page.
    (2) Click New Instance. Set the container instance parameters based on your actual requirements.
    (3) Select the pre-created role instance-role for the CAM role, and complete the binding.

    Other Resource-based Service Roles

    If you need to bind roles to your Tencent Kubernetes Engine - Container Instances, please refer to Binding a Role to a Container Instance. If you need to bind roles to your Serverless Cloud Function - Function Service, please refer to Role and Authorization. If you need to bind roles to your Cloud Server - Cloud Hosts, please refer to Managing Roles.
    
    문의하기

    고객의 업무에 전용 서비스를 제공해드립니다.

    기술 지원

    더 많은 도움이 필요하시면, 티켓을 통해 연락 바랍니다. 티켓 서비스는 연중무휴 24시간 제공됩니다.

    연중무휴 24시간 전화 지원