本文介绍使用FC组件非YAML模式所需的权限信息。
deploy指令
deploy指令所涉及的权限,请参见以下内容:
remove指令
请按需选择对应的权限策略:
- 系统策略:
AliyunFCFullAccess
- 自定义策略:
{ "Version": "1", "Statement": [ { "Action": [ "fc:ListOnDemandConfigs", "fc:DeleteFunctionOnDemandConfig", "fc:ListProvisionConfigs", "fc:PutProvisionConfig", "fc:ListAliases", "fc:DeleteAlias", "fc:ListServiceVersions", "fc:DeleteServiceVersion", "fc:ListTriggers", "fc:DeleteTrigger", "fc:ListFunctions", "fc:DeleteFunction", "fc:DeleteService" ], "Effect": "Allow", "Resource": "*" } ] }
{ "Version": "1", "Statement": [ { "Action": [ "fc:DeleteTrigger", "fc:DeleteFunction", "fc:DeleteService" ], "Effect": "Allow", "Resource": "*" } ] }
{ "Version": "1", "Statement": [ { "Action": [ "fc:ListTriggers", "fc:DeleteTrigger", "fc:DeleteFunction" ], "Effect": "Allow", "Resource": "*" } ] }
{ "Version": "1", "Statement": [ { "Action": [ "fc:DeleteTrigger" ], "Effect": "Allow", "Resource": "*" } ] }
- 系统策略:
AliyunFCReadOnlyAccess
-
自定义策略:
{ "Version": "1", "Statement": [ { "Action": "fc:DeleteAlias", "Effect": "Allow", "Resource": "acs:fc:<region>:<account-id>:services/<serviceName>/aliases/<aliasName>" } ] }
- 系统策略:
AliyunFCReadOnlyAccess
-
自定义策略:
{ "Version": "1", "Statement": [ { "Action": "fc:DeleteServiceVersion", "Effect": "Allow", "Resource": "acs:fc:<region>:<account-id>:services/<serviceName>/versions/<version-id>" } ] }
- 系统策略:
AliyunFCReadOnlyAccess
-
自定义策略:
{ "Version": "1", "Statement": [ { "Action": "fc:PutProvisionConfig", "Effect": "Allow", "Resource": "acs:fc:<region>:<account-id>:services/services/<serviceName>.<qualifier>/functions/<functionName>" } ] }
- 系统策略:
AliyunFCReadOnlyAccess
-
自定义策略:
{ "Version": "1", "Statement": [ { "Action": "fc:DeleteFunctionOnDemandConfig", "Effect": "Allow", "Resource": "acs:fc:<region>:<account-id>:services/services/<serviceName>.<qualifier>/functions/<functionName>" } ] }
- 系统策略:
AliyunFCReadOnlyAccess
-
自定义策略:
{ "Version": "1", "Statement": [ { "Action": "fc:DeleteLayerVersion", "Effect": "Allow", "Resource": "acs:fc:<region>:<account-id>:layers/<layerName>/versions/*" } ] }
- 系统策略:
info和sync指令
info和sync指令所涉及的权限为系统策略:AliyunFCReadOnlyAccess
。
build和local指令
build和local指令所涉及的是本地相关操作,无需云上资源权限。
invoke指令
请按需选择对应的权限策略:
- 最大权限(系统策略):
AliyunFCInvocationAccess
或AliyunFCFullAccess
- 最小权限(自定义权限):
{ "Version": "1", "Statement": [ { "Action": "fc:InvokeFunction", "Effect": "Allow", "Resource": "acs:fc:<region>:<account-id>:services/<serviceName>.<qualifier>/functions/<functionName>" } ] }
logs指令
请按需选择对应的权限策略:
- 最大权限(系统策略):
AliyunFCReadOnlyAccess
或AliyunLogReadOnlyAccess
- 最小权限(自定义权限):
{ "Version": "1", "Statement": [ { "Action": "fc:GetService", "Resource": "acs:fc:<region>:<account-id>:services/<serviceName>", "Effect": "Allow" }, { "Action": "log:GetLogStoreLogs", "Effect": "Allow", "Resource": "acs:log:<region>:<account-id>:project/<project>/logstore/<logstore>" } ] }
metrics指令
metrics指令需以下系统策略:
AliyunLogFullAccess
AliyunCloudMonitorReadOnlyAccess
AliyunFCReadOnlyAccess
nas指令
nas指令相关的权限,请参见服务相关权限配置的涉及NAS配置部分权限信息。
layer指令
请按需选择对应的权限策略:
- list、versions和versionConfig指令的权限:
AliyunFCReadOnlyAccess
- publish指令的权限:
{ "Version": "1", "Statement": [ { "Action": "fc:CreateLayerVersion", "Effect": "Allow", "Resource": "acs:fc:<region>:<account-id>:layers/<layerName>/versions/*" } ] }
version指令
请按需选择对应的权限策略:
- list指令的权限:
AliyunFCReadOnlyAccess
- publish指令的权限:
{ "Version": "1", "Statement": [ { "Action": "fc:PublishServiceVersion", "Effect": "Allow", "Resource": "acs:fc:<region>:<account-id>:services/<serviceName>/versions" } ] }
alias指令
请按需选择对应的权限策略:
- list指令的权限:
AliyunFCReadOnlyAccess
- publish指令的权限:
{ "Version": "1", "Statement": [ { "Action": [ "fc:CreateAlias", "fc:UpdateAlias" ], "Effect": "Allow", "Resource": "acs:fc:<region>:<account-id>:services/<serviceName>/aliases/*" } ] }
provision指令
请按需选择对应的权限策略:
- list和get指令的权限:
AliyunFCReadOnlyAccess
- put指令的权限:
{ "Version": "1", "Statement": [ { "Action": "fc:PutProvisionConfig", "Effect": "Allow", "Resource": "acs:fc:<region>:<account-id>:services/services/<serviceName>.<qualifier>/functions/<functionName>" } ] }
onDemand指令
请按需选择对应的权限策略:
- list和get指令的权限:
AliyunFCReadOnlyAccess
- put指令的权限:
{ "Version": "1", "Statement": [ { "Action": "fc:PutFunctionOnDemandConfig", "Effect": "Allow", "Resource": "acs:fc:<region>:<account-id>:services/services/<serviceName>.<qualifier>/functions/<functionName>" } ] }