全部产品
存储与CDN 数据库 安全 应用服务 数加·人工智能 数加·大数据基础服务 互联网中间件 视频服务 开发者工具 解决方案 物联网 钉钉智能硬件
负载均衡

资源授权定义

更新时间:2017-09-21 12:51:38

RAM中可授权的负载均衡资源类型

目前,可以在RAM中进行授权的资源类型只有一种: LoadBalancer

在通过RAM进行授权时,该资源的描述方式如下:

资源类型 授权策略中的资源描述方法
LoadBalancer acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:slb:$regionid:$accountid:loadbalancer/*
acs:slb:*:$accountid:loadbalancer/*
acs:slb:*:*:loadbalancer/*
Certificate acs:slb:$regionid:$accountid:certificate/$servercertificateId
acs:slb:$regionid:$accountid:certificate/*

其中所有$regionid应为某个region的ID,或者“*”;所有$accountid应为资源拥有者的Account ID,或者“*”;所有$loadbalancerid应为某个loadbalancer的ID,或者“*”;以此类推。

RAM中可对负载均衡资源进行授权的接口

在RAM中,可以对一个负载均衡资源进行以下Action的授权。

可授权的接口 可授权的接口
CreateLoadBalancer ModifyLoadBalancerInternetSpec
DeleteLoadBalancer SetLoadBalancerStatus
SetLoadBalancerName DescribeLoadBalancers
DescribeLoadBalancerAttribute DescribeRegions
UploadServerCertificate DeleteServerCertificate
SetServerCertificateName DescribeServerCertificates
CreateLoadBalancerHTTPSListener CreateLoadBalancerHTTPListener
DeleteLoadBalancerListener CreateLoadBalancerTCPListener
StopLoadBalancerListener StartLoadBalancerListener
SetLoadBalancerHTTPListenerAttribute SetLoadBalancerTCPListenerAttribute
SetLoadBalancerHTTPSListenerAttribute DescribeLoadBalancerHTTPSListenerAttribute
DescribeLoadBalancerHTTPListenerAttribute DescribeLoadBalancerTCPListenerAttribute
RemoveBackendServers AddBackendServers
DescribeHealthStatus SetBackendServers

负载均衡API的授权策略

当子用户通过负载均衡Open API进行资源访问时,负载均衡后台向RAM进行权限检查,以确保调用者拥有相应权限。

每个不同的负载均衡API会根据涉及到的资源以及API的语义来确定需要检查哪些资源的权限。

Action Resource
CreateLoadBalancer acs:slb:$regionid:$accountid:loadbalancer/*
ModifyLoadBalancerInternetSpec acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DeleteLoadBalancer acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
SetLoadBalancerStatus acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
SetLoadBalancerName acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeLoadBalancers acs:slb:$regionid:$accountid:loadbalancer/*
DescribeLoadBalancerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeRegions acs:slb:*:$accountid:*
UploadServerCertificate acs:slb:%s:%s:certificate/*
DeleteServerCertificate acs:slb:%s:%s:certificate/%
DescribeServerCertificate acs:slb:%s:%s:certificate/%
SetServerCertificateName acs:slb:%s:%s:certificate/%
DescribeServerCertificates acs:slb:%s:%s:certificate/*
CreateLoadBalancerHTTPListener acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
CreateLoadBalancerHTTPSListener acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:slb:%s:%s:certificate/%
CreateLoadBalancerTCPListener acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
CreateLoadBalancerUDPListener acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DeleteLoadBalancerListener acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
StartLoadBalancerListener acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
StopLoadBalancerListener acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
SetLoadBalancerHTTPListenerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
SetLoadBalancerHTTPSListenerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:slb:%s:%s:certificate/%
SetLoadBalancerTCPListenerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
SetLoadBalancerUDPListenerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeLoadBalancerHTTPListenerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeLoadBalancerHTTPSListenerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeLoadBalancerTCPListenerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeLoadBalancerUDPListenerAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
AddBackendServers acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:ecs:$regionid:$accountid:instance/$instanceid
RemoveBackendServers acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:ecs:$regionid:$accountid:instance/$instanceid
SetBackendServers acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:ecs:$regionid:$accountid:instance/$instanceid
DescribeHealthStatus acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid

VServerGroup相关接口的RAM授权策略

Action Resource
CreateVServerGroup acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:ecs:$regionid:$accountid:instance/$instanceid
SetVServerGroupAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DeleteVServerGroup acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeVServerGroups acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeVServerGroupAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
AddVServerGroupBackendServers acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:ecs:$regionid:$accountid:instance/$instanceid
RemoveVServerGroupBackendServers acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:ecs:$regionid:$accountid:instance/$instanceid
ModifyVServerGroupBackendServers acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:ecs:$regionid:$accountid:instance/$instanceid

主备服务器组相关接口的RAM授权策略

Action Resource
CreateMasterSlaveServerGroup acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
acs:ecs:$regionid:$accountid:instance/$instanceid
DescribeMasterSlaveServerGroupAttribute acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DescribeMasterSlaveServerGroups acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
DeleteMasterSlaveServerGroup acs:slb:$regionid:$accountid:loadbalancer/$loadbalancerid
本文导读目录