导航
获取火山引擎子账号 AK 和 SK
最近更新时间:2024.08.29 15:47:36首次发布时间:2023.09.04 16:06:48
如果您需要同步火山引擎云账号资源并选择手动配置的方式添加子账号,则需要先前往火山引擎控制台,创建自定义权限策略和子账号,并完成授权。操作完成后,即可获取 AK 和 SK。
前提条件
已有火山引擎资源主账号和密码。
操作流程
步骤一:创建自定义权限策略
登录火山引擎IAM控制台。
在页面左侧,选择策略管理。
在策略列表,选择用户自定义策略>新建策略。
配置策略参数。
- 策略名称:输入策略名称,例如
MultiCloudSecurity。支持英文大小写字母、数字和特殊字符(包括+=,.@-_),最多 64 个字符。 - 备注:根据需要填写备注信息,最多 128 个字符。
- 策略内容:复制以下脚本,覆盖原有内容。
{ "Statement": [ { "Effect": "Allow", "Action": [ "ecs:Describe*", "ecs:AttachKeyPair", "vpc:Describe*", "vpc:List*", "vpc:AuthorizeSecurityGroupIngress", "vpc:ModifySecurityGroupRuleDescriptionsIngress", "vpc:RevokeSecurityGroupIngress", "vpc:UpdateNetworkAclEntries", "vpn:Describe*", "alb:Describe*", "clb:Describe*", "clb:AddAclEntries", "clb:CreateAcl", "clb:DeleteListener", "clb:ModifyListenerAttributes", "DDoS:Desc*", "DDoS:Query*", "DDoS:Get*", "origin_defence:Desc*", "origin_defence:Query*", "origin_defence:List*", "AdvDefence:Desc*", "AdvDefence:Query*", "AdvDefence:Get*", "apig:Get*", "apig:List*", "natgateway:Describe*", "natgateway:List*", "tos:Get*", "tos:List*", "tos:Head*", "tos:PutBucketACL", "tos:PutBucketEncryption", "tos:PutBucketPolicy", "tos:PutBucketVersioning", "iam:List*", "iam:Get*", "seccenter:*", "nta:*", "fw_center:AssetList", "fw_center:Describe*", "waf:Get*", "waf:List*", "vbh:Get*", "vbh:List*", "certificate_service:CertificateGetInstance", "kms:Describe*", "veen_edge:List*", "veen_edge:Get*", "veen_edge:Describe*", "veenedge:List*", "veenedge:Get*", "veenedge:Describe*", "veenedge:CreateSecurityGroupRules", "veenedge:DeleteSecurityGroupRules", "veenedge:ModifySecurityGroupRule", "veenedge:RemoveLBListener", "veenedge:ResetLoginCredential", "redis:List*", "redis:Get*", "redis:Describe*", "redis:AssociateAllowList", "redis:DisassociateAllowList", "redis:ModifyAllowList", "rds_mysql:List*", "rds_mysql:Get*", "rds_mysql:Describe*", "rds_mysql:AssociateAllowList", "rds_mysql:DisassociateAllowList", "rds_mysql:ModifyAllowList", "vedbm:Get*", "vedbm:Describe*", "vedbm:List*", "rds_postgresql:Get*", "rds_postgresql:List*", "rds_postgresql:Describe*", "rds_mssql:Get*", "rds_mssql:Describe*", "rds_mssql:List*", "mongodb:Get*", "mongodb:List*", "mongodb:Describe*", "mongodb:AssociateAllowList", "mongodb:DisassociateAllowList", "mongodb:ModifyAllowList", "hbase:Get*", "hbase:Describe*", "hbase:List*", "storage_ebs:Get*", "storage_ebs:Describe*", "storage_ebs:List*", "vke:Get*", "vke:List*", "vke:ForwardKubernetesApi", "asm:List*", "asm:Get*", "asm:Create*", "asm:Verify*", "tls:Describe*", "tls:PutLogs", "tls:ActiveTlsSvc", "tls:CreateIndex", "tls:CreateProject", "tls:CreateTopic", "tls:ModifyTopic", "tls:ModifyIndex", "tls:DeleteProject", "tls:DeleteTopic", "tls:SearchLogs", "tls:CreateConsumerGroup", "tls:ConsumerHeartbeat", "tls:ConsumeLogs", "tls:ModifyCheckPoint", "organization:Describe*", "organization:List*", "mcs:ExistInstanceDBAuditInstance", "cr:Get*", "cr:List*", "mse:Get*", "mse:List*", "vmp:Get*", "vmp:Query*", "vmp:List*", "dbw:Describe*", "cen:Describe*", "transitrouter:Describe*", "directconnect:Describe*", "privatelink:Describe*", "kafka:Describe*", "rocketmq:Describe*", "iam:CreatePolicy", "iam:AttachUserPolicy", "iam:DetachUserPolicy", "iam:DeletePolicy", "RabbitMQ:Describe*" ], "Resource": [ "*" ] } ], "Version": 1.1 }
- 策略名称:输入策略名称,例如
单击创建策略。
步骤二:创建子账号并授权
- 在火山引擎IAM控制台页面左侧,选择身份管理>用户。
- 单击新建用户。
- 选择通过用户名创建。
- 配置用户基本信息。
- 在信息填写栏填写用户名,其他信息为选填。
- 在登录设置栏勾选编程访问。
- 单击下一步。
- 在权限设置列表勾选步骤一创建的自定义策略。
- 单击下一步,然后单击提交。
步骤三:获取AK/SK
- 在火山引擎IAM控制台页面左侧,选择身份管理>用户。
- 在用户列表选择步骤二创建的用户,单击管理。
- 选择密钥,并开启Secret Access Key。
- 单击对应内容即可复制 Access Key ID 和 Secret Access Key。