通过控制台配置实现RAM账号只显示主账号授权的实例
Step1: 给需要授权的实例打上标签
ECS控制台---->更多---->编辑key:value模式标签
Step2:进入RAM控制台:https://enterprise.console.aliyun.com/
- 创建RAM角色
- 权限管理->策略->新增授权策略
{
"Statement": [
{
"Action": "ecs:*",
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringEquals": {
"ecs:tag/v1": "liuyan"
}
}
},
{
"Action": "ecs:DescribeTag*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "1"
}- 新增授权项,将策略授权给RAM角色
Step3:
登入子RAM账号,在ECS控制台对应地域勾选标签及值,即可显示出授权ECS,子账号即可对已授权的ECS进行相应操作;
官方文档:
子用户登录:https://help.aliyun.com/knowledge_detail/39743.html?spm=5176.7758900.6.726.Kpc6aR
授权策略语法:https://help.aliyun.com/document_detail/28663.htm?spm=5176.2020520153.0.0.50d8bd4aNRQhub
授权策略说明:https://help.aliyun.com/knowledge_detail/39742.html
