全部产品
弹性计算 会员服务 网络 安全 移动云 数加·大数据分析及展现 数加·大数据应用 管理与监控 云通信 阿里云办公 培训与认证 更多
存储与CDN 数据库 域名与网站(万网) 应用服务 数加·人工智能 数加·大数据基础服务 互联网中间件 视频服务 开发者工具 解决方案 物联网 智能硬件

授权策略示例

更新时间:2017-12-21 10:56:59

授权策略示例

示例1: 在Allow授权中增加Action限制只允许对CodePipeline服务下的ram-demo项目进行 配置 操作。AliyunCodePipelineConfigJobAccess:

  1. {
  2. "Version": "1",
  3. "Statement": [
  4. {
  5. "Effect": "Allow",
  6. "Action": "codepipeline:ConfigJob",
  7. "Resource": "acs:codepipeline:*:*:demo-ram"
  8. }
  9. ]
  10. }

示例2: 在Allow授权中增加Action限制只允许对CodePipeline服务下的ram-demo项目进行 构建 操作。AliyunCodePipelineBuildJobAccess:

  1. {
  2. "Version": "1",
  3. "Statement": [
  4. {
  5. "Effect": "Allow",
  6. "Action": "codepipeline:BuildJob",
  7. "Resource": "acs:codepipeline:*:*:demo-ram"
  8. }
  9. ]
  10. }

示例3: 在Allow授权中增加Action限制只允许对CodePipeline服务下的ram-demo项目进行 删除 操作。AliyunCodePipelineDeleteJobAccess:

  1. {
  2. "Version": "1",
  3. "Statement": [
  4. {
  5. "Effect": "Allow",
  6. "Action": "codepipeline:DeleteJob",
  7. "Resource": "acs:codepipeline:*:*:demo-ram",
  8. }
  9. ]
  10. }

示例4: 在Allow授权中增加Action限制只允许在CodePipeline服务下进行 创建 项目操作。CodePipeline默认设置具有 创建 操作权限的用户也将拥有对项目的所有其他权限。AliyunCodePipelineFullJobAccess:

  1. {
  2. "Version": "1",
  3. "Statement": [
  4. {
  5. "Effect": "Allow",
  6. "Action": "codepipeline:FullJob",
  7. "Resource": "acs:codepipeline:*:*:*"
  8. }
  9. ]
  10. }

示例5: 在Allow授权中增加Action限制只允许在CodePipeline服务下进行 创建 用户证书操作。AliyunCodePipelineCreateCredentialAccess :

  1. {
  2. "Version": "1",
  3. "Statement": [
  4. {
  5. "Effect": "Allow",
  6. "Action": "codepipeline:CreateCredential",
  7. "Resource": "acs:codepipeline:*:*:*"
  8. }
  9. ]
  10. }

示例6: 在Allow授权中增加Action限制只允许在CodePipeline服务下对id为java-demo的用户证书进行 更新 操作。AliyunCodePipelineUpdateCredentialAccess :

  1. {
  2. "Version": "1",
  3. "Statement": [
  4. {
  5. "Effect": "Allow",
  6. "Action": "codepipeline:UpdateCredential",
  7. "Resource": "acs:codepipeline:*:*:java-demo"
  8. }
  9. ]
  10. }

示例7: 在Allow授权中增加Action限制只允许在CodePipeline服务下对id为java-demo的用户证书进行 删除 操作。AliyunCodePipelineDeleteCredentialAccess :

  1. {
  2. "Version": "1",
  3. "Statement": [
  4. {
  5. "Effect": "Allow",
  6. "Action": "codepipeline:DeleteCredential",
  7. "Resource": "acs:codepipeline:*:*:java-demo"
  8. }
  9. ]
  10. }

示例8: 在Allow授权中增加IP限制允许通过 42.120.88.0/24, 42.120.66.0/24 两个IP段访问CodePipeline服务。

  1. {
  2. "Statement": [
  3.   {
  4. "Action": "codepipeline:*",
  5. "Effect": "Allow",
  6. "Resource": "acs:codepipeline:*:*:*"
  7.   }
  8.   ],
  9.   "Version": "1",
  10. "Condition":{
  11. "IpAddress": {
  12. "acs:SourceIp": ["42.120.88.0/24", "42.120.66.0/24"]
  13. }
  14. }
  15. }

示例9: 在Allow授权中增加时间限制允许在 2018-12-11T17:00:00+08:00 前可以访问CodePipeline服务。

  1. {
  2. "Statement": [
  3.   {
  4. "Action": "codepipeline:*",
  5. "Effect": "Allow",
  6. "Resource": "acs:codepipeline:*:*:*"
  7.   }
  8.   ],
  9.   "Version": "1",
  10. "Condition":{
  11. "DateLessThan": {
  12. "acs:CurrentTime": "2018-12-11T17:00:00+08:00"
  13. }
  14. }
  15. }

示例10: 在Allow授权中增加条件限制允许正在使用HTTPS访问控制台的用户可以访问CodePipeline服务。

  1. {
  2. "Statement": [
  3.   {
  4. "Action": "codepipeline:*",
  5. "Effect": "Allow",
  6. "Resource": "acs:codepipeline:*:*:*"
  7.   }
  8.   ],
  9.   "Version": "1",
  10. "Condition":{
  11. "Bool": {
  12. "acs:SecureTransport": "true"
  13. }
  14. }
  15. }

示例11: 在Allow授权中增加条件限制允许启用MFA并使用MFA登录的用户可以访问CodePipeline服务。

  1. {
  2. "Statement": [
  3.   {
  4. "Action": "codepipeline:*",
  5. "Effect": "Allow",
  6. "Resource": "acs:codepipeline:*:*:*"
  7.   }
  8.   ],
  9.   "Version": "1",
  10. "Condition":{
  11. "Bool": {
  12. "acs:MFAPresent": "true"
  13. }
  14. }
  15. }
本文导读目录