All Products
Document Center

Assign roles and permissions

Last Updated: Dec 13, 2018

When you enable Elastic Container Instances (ECI), assign the default role of AliyunECIContainerGroupRole to the user account. ECIs can use Elastic Compute Service (ECS), Virtual Private Cloud (VPC), and other services only when this default role is correctly assigned.

Permissions granted to AliyunECIContainerGroupRole

The default role of AliyunECIContainerGroupRole has permissions to perform the following actions.

ECS actions

Action Description
ecs:CreateNetworkInterfacePermission Permission to create an Elastic Network Interface
ecs:DeleteNetworkInterfacePermission Permission to delete an Elastic Network Interface
ecs:CreateNetworkInterface Creating an Elastic Network Interface
ecs:DescribeNetworkInterfaces Querying an Elastic Network Interface
ecs:AttachNetworkInterface Attaching an Elastic Network Interface
ecs:DetachNetworkInterface Detaching an Elastic Network Interface
ecs:DeleteNetworkInterface Deleting an Elastic Network Interface
ecs:DescribeSecurityGroups Querying security group information

VPC actions

Action Description
vpc:DescribeVSwitches Querying the virtual switch resources of a VPC
vpc:DescribeVpcs Querying VPC information
vpc:AssociateEipAddress Attaching an Elastic IP Address
vpc:DescribeEipAddresses Querying an Elastic IP Address