LouisChan
Intern
Intern
  • UID11723
  • Fans0
  • Follows0
  • Posts2
Reads:1222Replies:0

[Others]Create the tags and assign to ECS

Created#
More Posted time:Aug 27, 2021 21:21 PM


Create the tags and assign to ECS


  1. Log on to the ECS console, select the Elastic Compute Service.

  2. Navigate the left menu, choose Instances & Images > Instances.


  1. Now we create the two tags app:Demoapp and team:om for O&M team. If you wish to add the tags for  R&D team, create the additional tag, but replace the value of the key named app to dev.


  1. Assign the tags from previous step to the ECS which relates to the Demoapp project, e.g. we assign the app:Demoapp tag to both of intances-dev and instance-pdt, then only assign the team:dev tag to instance-dev and assign the team:om to another one.


Create  the users and groups in RAM


  1. Next we open the RAM console.


  1. Create the two groups name with demoapp_om and demoapp_dev.


  1. Then we create the users name with demoapp_om and demoapp_dev.


 

  1. Add the O&M and R&D users to each group.

  2. Click the group name into group detail.

  3. Click Add group member button to open the slide panel.

  4. Click the user in user dropdown list which you wish to add to the current group, confirm the selected user list then click complete button to finish.

  5. Repeat the above steps to add all users in each group.



Create the custom policy and grant the permissions to group


  1. Create the custom policy

  2. Click the permissions > policies in the  left navigate menu to open create policy dialog.

  3. Set the name as DemoappOMPolicy or whatever you like, select the configuration mode as scripts, paste the following code to document.

{
   "Statement": [
       {
           "Action": "ecs:*",
           "Effect": "Allow",
           "Resource": "*",
           "Condition": {
               "StringEquals": {
                   "ecs:tag/app": "Demoapp"
                   "ecs:tag/team": "om"
               }
           }
       },
       {
           "Action": "ecs:DescribeTag*",
           "Effect": "Allow",
           "Resource": "*"
       },
       {
           "Action": "rds:*",
           "Effect": "Allow",
           "Resource": "*",
           "Condition": {
               "StringEquals": {
                   "rds:ResourceTag/app": "Demoapp",
                   "rds:ResourceTag/team": "om"
               }
           }
       },
       {
           "Action": "rds:DescribeTag*",
           "Effect": "Allow",
           "Resource": "*"
       }
   ],
   "Version": "1"
}

  1. Repeat the above step to create the custom policy for R&D team, change the policy document condition setting with "ecs:tag/team": "dev" and "rds:ResourceTag/team": "dev".


  1. Grant the custom policy to the user group.

  2. Click the group name into group detail.

  3. Click the Permissions tab then click the Grant permission button to open the slide panel.

  4. Click the policy in the custom policy dropdown list which you wish to add to the current group, confirm the selected policy list then click complete button to finish.

  5. Repeat the above steps to add all policies in each group.



Test the authorization


  1. Log on to the ECS console as RAM user demoapp_om, select the Elastic Compute Service.

  2. Navigate the left menu, choose Instances & Images > Instances.

  3. Select the tag app:Demoapp and team:om, verify the instances has been shown in the list.

Latest likes:

LangsLangs
Guest