Create policies

Last updated:2020-07-19 00:07:27

A policy defines one or more permissions in the specified syntax. You can attach a policy to or detach a policy from different IAM users to assign or revoke permissions. IAM supports two types of policies: system policies and custom policies.
This topic describes how to create a custom policy.

Create a custom policy

A Kingsoft Cloud account or an authorized IAM user can create custom policies for the Kingsoft Cloud account. The procedure is as follows:

  1. Log in to the Kingsoft Cloud console (new version) with your Kingsoft Cloud account or as an authorized IAM user.
  2. Choose Products and Services > Monitor and Management > IAM. In the left navigation pane, choose Permissions > Policies. The Policies page appears.
  3. Click the Custom Policies tab and then click Create Policy. The Create Policy page appears, as shown in the following figures.

image.png

Currently, you can create a custom policy by selecting required services and features, in the visual configuration mode, and by directly editing the policy document.

Create a custom policy by selecting required services and features

The procedure is as follows:

  1. On the Create Policy page, select Product Features / Project Permissions, select required services, and then click Next.

image.png

  1. Turn on the switches for the required features of each service and click Create strategy to create the policy. You must turn on at least one feature for each service.

Create a custom policy in the visual configuration mode

The procedure is as follows:

  1. On the Create Policy page, select Visual configuration and click Add Policy Statement.

image.png

  1. On the Add Policy Statement pane that appears, set the service, actions, resources, and conditions as required and click OK.

To set conditions, select IP interval and enter the specific IP addresses. Both IP addresses and CIDR blocks are supported. For example, if you enter the IP address 10.31.24.21, IAM users can only call the selected API operations from this IP address.

image.png

Create a custom policy by directly editing the policy document

The procedure is as follows:

  1. On the Create Policy page, select Policy grammar, select a policy template, and then click Next.

3image.png

  1. Edit the policy document in the Edit policy content section. After you finish editing, click Verification strategy to verify the policy document. If the message “The policy document is in the correct format” appears, click Create strategy.

  2. You can add IP address conditions to the policy document. For example, the policy document shown in the following figure only allows the IP address 10.31.24.21 and the CIDR block 10.31.23.11/24 to call the specified API operation.

image.png

The policy document is as follows:

{
    "Version": "2015-11-01",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:ListUsers"
            ],
            "Resource": "*",
            "Condition": {
                "IpAddress": {
                    "ksc:SourceIp": [
                        "10.31.24.21",
                        "10.31.23.11/24"
                    ]
                }
            }
        }
    ]
}

Did you find the above information helpful?

Unhelpful
Mostly Unhelpful
A little helpful
Helpful
Very helpful

What might be the problems?

Insufficient
Outdated
Unclear or awkward
Redundant or clumsy
Lack of context for the complex system or functionality

More suggestions

0/200

Please give us your feedback.

Submitted

Thank you for your feedback.

问题反馈