Bastionhost:Import ECS secrets from KMS

Supported versions

Enterprise Edition and SM Edition.

Prerequisites

• ECS secrets are hosted in KMS. For more information, see Manage and use ECS secrets.

• ECS instances are imported to Bastionhost. For more information, see Import ECS instances.

• The AliyunYundunBastionHostFullAccess policy is attached to the RAM user that you want to use to manage Bastionhost. Use the Alibaba Cloud account to which the RAM user belongs to attach the policy. For more information, see Grant permissions to RAM users.

Procedure

1. Log on to the Bastionhost system. For more information, see Log on to the system.

2. In the left-side navigation pane, choose Assets > Hosts.

3. In the host list, find the host that you want to manage and click Import KMS Secret in the Actions column.

4. In the Import KMS Secret dialog box, select the ECS secrets that you want to import and click Import.

   After the ECS secrets are imported, you can click the name of the host in the host list. On the Host Account tab, view and manage the imported ECS secrets.

What to do next

In the host list, you can click the name of the host. On the Host Account tab, manage the imported ECS secrets.

• Delete ECS secrets: Select one or more ECS secrets and delete the ECS secrets. After you delete an ECS secret, it is removed only from your bastion host, but not from KMS.

  Note

  After deleting an ECS secret from KMS, the ECS secret in your bastion host is marked as deleted and cannot be used.

• Turn on Enable Only SFTP Permission: If you turn on Enable Only SFTP Permission for an account, SSH-based logon is disabled for the account.

References

• To grant permissions on ECS instances and secrets to Bastionhost users, see Authorize a user to manage hosts.

• To manage O&M operations performed by Bastionhost users, see Configure a control policy.