When you enable Elastic Container Instances (ECI), assign the default role of AliyunECIContainerGroupRole to the user account. ECIs can use Elastic Compute Service (ECS), Virtual Private Cloud (VPC), and other services only when this default role is correctly assigned.
Permissions granted to AliyunECIContainerGroupRole
The default role of AliyunECIContainerGroupRole has permissions to perform the following actions.
ECS actions
| Action | Description |
|---|---|
| ecs:CreateNetworkInterfacePermission | Permission to create an Elastic Network Interface |
| ecs:DeleteNetworkInterfacePermission | Permission to delete an Elastic Network Interface |
| ecs:CreateNetworkInterface | Creating an Elastic Network Interface |
| ecs:DescribeNetworkInterfaces | Querying an Elastic Network Interface |
| ecs:AttachNetworkInterface | Attaching an Elastic Network Interface |
| ecs:DetachNetworkInterface | Detaching an Elastic Network Interface |
| ecs:DeleteNetworkInterface | Deleting an Elastic Network Interface |
| ecs:DescribeSecurityGroups | Querying security group information |
VPC actions
| Action | Description |
|---|---|
| vpc:DescribeVSwitches | Querying the virtual switch resources of a VPC |
| vpc:DescribeVpcs | Querying VPC information |
| vpc:AssociateEipAddress | Attaching an Elastic IP Address |
| vpc:DescribeEipAddresses | Querying an Elastic IP Address |