edit-icon download-icon

Server Load Balancer authorization policy samples

Last Updated: Sep 15, 2017
  • Use Case #1

If your tenant account has 10 Server Load Balancers, but as a RAM administrator, you would like to grant only two Server Load Balancers to a RAM user. You can create a policy as follows:

Note: One RAM user with this policy can view all Server Load Balancers, but can only operate (for example, DeleteLoadBalancer) the granted two Server Load Balancers. Currently, RAM does not support to view only the authorized Server Load Balancers.

  1. {
  2. "Statement": [
  3. {
  4. "Effect": "Allow",
  5. "Action": "slb:*",
  6. "Resource": [
  7. "acs:slb:*:*:loadbalancer/i-001",
  8. "acs:slb:*:*:loadbalancer/i-002"
  9. ]
  10. },
  11. {
  12. "Effect": "Allow",
  13. "Action": "slb:Describe*",
  14. "Resource": "*"
  15. }
  16. ],
  17. "Version": "1"
  18. }
  • Use Case #2

The following policy allows a RAM user to add a backend ECS server (for example, i-001) to a Server Load Balancer (for example, slb-001).

  1. {
  2. "Statement": [
  3. {
  4. "Effect": "Allow",
  5. "Action": "slb:AddBackendServers",
  6. "Resource": ["acs:slb:*:*:loadbalancer/slb-001"]
  7. },
  8. {
  9. "Effect": "Allow",
  10. "Action": "slb:AddBackendServers",
  11. "Resource": "acs:ecs:*:*:instance/i-001"
  12. }
  13. ],
  14. "Version": "1"
  15. }
  • Use Case #3

The following policy allows a RAM user to add any backend ECS server in your tenant account to a Server Load Balancer (for example, slb-001).

  1. {
  2. "Statement": [
  3. {
  4. "Effect": "Allow",
  5. "Action": "slb:*",
  6. "Resource": ["acs:slb:*:*:loadbalancer/slb-001"]
  7. },
  8. {
  9. "Effect": "Allow",
  10. "Action": "slb:Describe*",
  11. "Resource": "*"
  12. },
  13. {
  14. "Effect": "Allow",
  15. "Action": "slb:*",
  16. "Resource": "acs:ecs:*:*:*"
  17. }
  18. ],
  19. "Version": "1"
  20. }
Thank you! We've received your feedback.