This topic uses a sample policy to demonstrate how to authorize a RAM user to view ECS instances in a specified region.
The following policy indicates that the authorized RAM user can view ECS instances in the China (Qingdao) region, but cannot view disks or snapshots in this region.
{
"Statement": [
{
"Effect": "Allow",
"Action": "ecs:Describe*",
"Resource": "acs:ecs:cn-qingdao:*:instance/*"
}
],
"Version": "1"
}
Note You can grant ECS permissions to the RAM user by region and resource type. If you
want to authorize a RAM user or role to view ECS instances in another region, you
can change
cn-qingdao
in the Resource
element to the target region. For a list of region IDs, see Regions and zones.