第1步:在RAM控制台创建策略
入口:https://ram.console.aliyun.com/policies
{ "Version": "1", "Statement": [ { "Action": "computenestsupplier:*", "Resource": "*", "Effect": "Allow" }, { "Action": "ram:CreateServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": [ "supplier.computenest.aliyuncs.com" ] } } }, { "Effect": "Allow", "Action": [ "ram:CreateRole", "ram:AttachPolicyToRole", "ram:GetRole" ], "Resource": "acs:ram:*:*:role/*" }, { "Effect": "Allow", "Action": "ram:AttachPolicyToRole", "Resource": "acs:ram:*:*:policy/*" } ] }
策略内容,请严格复制如上36行脚本填入。
填写自定义名字,如:qilin-deploy-zizhanghao,并保存。
第2步:为子账号添加权限
在3处,添加如下权限
- 标签操作权限,如AliyunTagAdministratorAccess
- 云监控查询权限,如AliyunCloudMonitorReadOnlyAccess
- oss读取权限,如AliyunOSSReadOnlyAccess
- oos操作权限,如AliyunOOSFullAccess
- ecs操作权限,如AliyunECSFullAccess
在4处,添加权限:qilin-deploy-zizhanghao
