ECS部署集功能RAM鉴权上线公告

ECS部署集功能将于2023年10月7日起，将相关功能的API接口接入RAM鉴权管控。以便用户更好地进行相关资源和操作的权限管理。

变更生效前，部署集功能不会对RAM子账号的权限进行鉴权，任何RAM子账号均可使用部署集功能和调用相关API接口；变更生效后，未获得相关授权的RAM子账号在使用部署集功能或调用API接口时将会失败。

本次功能上线为灰度开放，部分用户的实际生效时间会晚于2023年10月7日。但为了保证业务稳定，请您在该日期之前确保需要使用部署集功能的RAM子账号具备了相关权限，以免鉴权失败导致业务受损。

本次变更涉及的API接口为：
CreateDeploymentSet
ModifyDeploymentSetAttribute
DeleteDeploymentSet
DescribeDeploymentSets

变更后，RAM子账号操作部署集需要具备的权限如下：
ecs:CreateDeploymentSet
ecs:DeleteDeploymentSet
ecs:ModifyDeploymentSetAttribute
ecs:DescribeDeploymentSets

最小权限授权示例：
CreateDeploymentSet授权
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "ecs:CreateDeploymentSet",
"Resource": "acs:ecs:*:*:deploymentset/*"
}
]
}

DeleteDeploymentSet授权
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "ecs:DeleteDeploymentSet",
"Resource": "acs:ecs:*:*:deploymentset/*"
}
]
}

ModifyDeploymentSetAttribute授权
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "ecs:ModifyDeploymentSetAttribute",
"Resource": "acs:ecs:*:*:deploymentset/*"
}
]
}

DescribeDeploymentSets授权
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "ecs:DescribeDeploymentSets",
"Resource": "acs:ecs:*:*:deploymentset/*"
}
]
}