edit-icon download-icon

ECS authorization policy samples

Last Updated: Sep 15, 2017
  • Use Case #1

If your tenant account has 10 ECS instances, but as a RAM administrator, you would like to grant only two instances to a RAM user. You can create a policy as follows:

Note: One RAM user with this policy can view all ECS instances, but can only operate (for example, StopInstance) the granted two instances. Currently, RAM does not support to view only the authorized ECS instances.

  1. {
  2. "Statement": [
  3. {
  4. "Action": "ecs:*",
  5. "Effect": "Allow",
  6. "Resource": [
  7. "acs:ecs:*:*:instance/i-001",
  8. "acs:ecs:*:*:instance/i-002"
  9. ]
  10. },
  11. {
  12. "Action": "ecs:Describe*",
  13. "Effect": "Allow",
  14. "Resource": "*"
  15. }
  16. ],
  17. "Version": "1"
  18. }
Thank you! We've received your feedback.