帮助中心 > 訪問控制 > 使用者指南 > 授權常見問題 > 特殊操作的許可權組合 > 公網IP策略示例

2.3 公網IP授權示例

當您需要授權某個子使用者“雲主機繫結/解綁公網IP”的操作許可權時,您可以這樣編輯策略:

例1:公網IP繫結預設私網下的雲主機

{
"Version": "1",
"Statement": [
  {
    "Effect": "Allow",
    "Action": [
      "vpc:DescribeEip*",
      "vpc:*ssociateEip*",
      "cec:DescribeInstance*",
      "vpc:AssociateEip",
      "vpc:DescribeNetworks"
    ],
    "Resource": [
      "ccs:vpc:cn-test-suzhou1:*:eip-rv180h4obpg13u",
      "ccs:cec:cn-test-suzhou1:*:i-ay180h4ob3k20t",
      "ccs:vpc:cn-test-suzhou1:*:n-sc180h4nfc348e"
    ]
  },
  {
    "Effect": "Allow",
    "Action": [
      "vpc:DescribeEips",
      "cec:DescribeInstance*"
    ],
    "Resource": [
      "ccs:vpc:cn-test-suzhou1:*:eip-1",
      "ccs:cec:cn-test-suzhou1:*:-1"
    ]
  }
]
}

例2:公網IP繫結自定義私網下的雲主機(此時需要把自定義私網連線的路由器的相關許可權也給到子使用者)

{
"Version": "1",
"Statement": [
  {
    "Effect": "Allow",
    "Action": [
      "vpc:*ssociateEip*",
      "cec:DescribeInstance*"
    ],
    "Resource": [
      "ccs:vpc:cn-test-suzhou1:*:eip-rv180h4obpg13u",
      "ccs:vpc:cn-test-suzhou1:*:n-3u180h4h9wa89",
      "ccs:vpc:cn-test-suzhou1:*:r-g5180h4h9tv93x",
      "ccs:cec:cn-test-suzhou1:*:-1"
    ]
  },
  {
    "Effect": "Allow",
    "Action": [
      "vpc:DescribeEip*",
      "vpc:*ssociateEip*",
      "vpc:DescribeNetworks",
      "vpc:DescribeRouter*"
    ],
    "Resource": [
      "ccs:vpc:cn-test-suzhou1:*:eip-rv180h4obpg13u",
      "ccs:vpc:cn-test-suzhou1:*:n-3u180h4h9wa89",
      "ccs:vpc:cn-test-suzhou1:*:r-g5180h4h9tv93x",
      "ccs:vpc:cn-test-suzhou1:*:eip-1",
      "ccs:vpc:cn-test-suzhou1:*:r-1"
    ]
  }
]
}