资源授权定义
RAM中可授权的负载均衡资源类型
目前,可以在RAM中进行授权的资源类型只有一种:
LoadBalancer。
在通过RAM进行授权时,该资源的描述方式如下:
| 资源类型 | 授权策略中的资源描述方法 |
| LoadBalancer | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| acs:slb:$regionid:$accountid:loadbalancer/* | |
| acs:slb:*:$accountid:loadbalancer/* | |
| acs:slb:*:*:loadbalancer/* | |
| Certificate | acs:slb:$regionid:$accountid:certificate/$servercertificateId |
| acs:slb:$regionid:$accountid:certificate/* |
其中所有$regionid应为某个region的ID,或者“*”;所有$accountid应为资源拥有者的Account ID,或者“*”;所有$loadbalancerid应为某个loadbalancer的ID,或者“*”;以此类推。
RAM中可对负载均衡资源进行授权的接口
在RAM中,可以对一个负载均衡资源进行以下Action的授权。
| 可授权的接口 | 可授权的接口 |
| CreateLoadBalancer | ModifyLoadBalancerInternetSpec |
| DeleteLoadBalancer | SetLoadBalancerStatus |
| SetLoadBalancerName | DescribeLoadBalancers |
| DescribeLoadBalancerAttribute | DescribeRegions |
| UploadServerCertificate | DeleteServerCertificate |
| SetServerCertificateName | DescribeServerCertificates |
| CreateLoadBalancerHTTPSListener | CreateLoadBalancerHTTPListener |
| DeleteLoadBalancerListener | CreateLoadBalancerTCPListener |
| StopLoadBalancerListener | StartLoadBalancerListener |
| SetLoadBalancerHTTPListenerAttribute | SetLoadBalancerTCPListenerAttribute |
| SetLoadBalancerHTTPSListenerAttribute | DescribeLoadBalancerHTTPSListenerAttribute |
| DescribeLoadBalancerHTTPListenerAttribute | DescribeLoadBalancerTCPListenerAttribute |
| RemoveBackendServers | AddBackendServers |
| DescribeHealthStatus | SetBackendServers |
负载均衡API的授权策略
当子用户通过负载均衡Open API进行资源访问时,负载均衡后台向RAM进行权限检查,以确保调用者拥有相应权限。
每个不同的负载均衡API会根据涉及到的资源以及API的语义来确定需要检查哪些资源的权限。
| Action | Resource |
| CreateLoadBalancer | acs:slb:$regionid:$accountid:loadbalancer/* |
| ModifyLoadBalancerInternetSpec | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DeleteLoadBalancer | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| SetLoadBalancerStatus | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| SetLoadBalancerName | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeLoadBalancers | acs:slb:$regionid:$accountid:loadbalancer/* |
| DescribeLoadBalancerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeRegions | acs:slb:*:$accountid:* |
| UploadServerCertificate | acs:slb:%s:%s:certificate/* |
| DeleteServerCertificate | acs:slb:%s:%s:certificate/% |
| DescribeServerCertificate | acs:slb:%s:%s:certificate/% |
| SetServerCertificateName | acs:slb:%s:%s:certificate/% |
| DescribeServerCertificates | acs:slb:%s:%s:certificate/* |
| CreateLoadBalancerHTTPListener | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| CreateLoadBalancerHTTPSListener | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| acs:slb:%s:%s:certificate/% | |
| CreateLoadBalancerTCPListener | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| CreateLoadBalancerUDPListener | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DeleteLoadBalancerListener | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| StartLoadBalancerListener | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| StopLoadBalancerListener | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| SetLoadBalancerHTTPListenerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| SetLoadBalancerHTTPSListenerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| acs:slb:%s:%s:certificate/% | |
| SetLoadBalancerTCPListenerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| SetLoadBalancerUDPListenerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeLoadBalancerHTTPListenerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeLoadBalancerHTTPSListenerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeLoadBalancerTCPListenerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeLoadBalancerUDPListenerAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| AddBackendServers | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| acs:ecs:$regionid:$accountid:instance/$instanceid | |
| RemoveBackendServers | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| acs:ecs:$regionid:$accountid:instance/$instanceid | |
| SetBackendServers | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| acs:ecs:$regionid:$accountid:instance/$instanceid | |
| DescribeHealthStatus | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
VServerGroup相关接口的RAM授权策略
| Action | Resource |
| CreateVServerGroup | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid acs:ecs:$regionid:$accountid:instance/$instanceid |
| SetVServerGroupAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DeleteVServerGroup | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeVServerGroups | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeVServerGroupAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| AddVServerGroupBackendServers | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid acs:ecs:$regionid:$accountid:instance/$instanceid |
| RemoveVServerGroupBackendServers | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid acs:ecs:$regionid:$accountid:instance/$instanceid |
| ModifyVServerGroupBackendServers | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid acs:ecs:$regionid:$accountid:instance/$instanceid |
主备服务器组相关接口的RAM授权策略
| Action | Resource |
| CreateMasterSlaveServerGroup | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid acs:ecs:$regionid:$accountid:instance/$instanceid |
| DescribeMasterSlaveServerGroupAttribute | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DescribeMasterSlaveServerGroups | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
| DeleteMasterSlaveServerGroup | acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid |
展开
收起
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
相关问答
