Last updated:2020-06-17 20:29:30

IAM can control the access to EPC instances, assign different administrative privileges to users, and provide fine-grained management.

Global system policy

A global system policy can help you grant the privilege quickly without the need to write policies, but the authorization granularity will be coarser. The following table lists two global system policies for EPC.

Policy name Policy description
EPCFullAccess Provides complete privilege for managing EPC features (using the console and API).
EPCReadOnlyAccess Provides the EPC query management privilege (using the console and API).

Action list

The following table lists actions for configuring policies for EPC.

  • Action: An example is Action:iam:CreateUser. The value of Action consists of two parts: service-name and action-name, where service-name is the service namespace (such as iam, ks3, and kec) and action-name is the EPC operation name. When you create a policy, you can copy the content in the table and paste it in the Action field.

    Action Function description
    epc:CreateEpc Creates an EPC instance.
    epc:RebootEpc Restarts an EPC instance.
    epc:StartEpc Starts an EPC instance.
    epc:DeleteEpc Deletes an EPC instance.
    epc:ReinstallEpc Reinstalls the operating system.
    epc:ModifySecurityGroup Modifies the security group.
    epc:ImportKey Imports a key.
    epc:DeleteKey Deletes a key.
    epc:CreateKey Creates a key.
    epc:DescribeKeys Queries the list of keys.
    epc:DescribeEpcs Queries the list of EPC instances
    epc:GetDynamicCode Obtains a dynamic code.
    epc:DescribeVpns Queries the list of VPNs.
    epc:CreateImage Creates a custom image.
    epc:ModifyImage Modifies an image.
    epc:DeleteImage Deletes an image.
    epc:DescribeImages Queries the list of images.
    epc:ModifyDns Modifies DNS.
    epc:ModifyNetworkInterfaceAttribute Modifies the NIC information.
    epc:DescribePhysicalMonitor Queries the hardware monitoring information.
    epc:DescribeCertificates Queries the list of certificates.
    epc:DescribeEpcManagements Queries the management information of an EPC instance.
    epc:DescribeRemoteManagements Queries out-of-band management information.
    epc:StopEpc Stops an EPC instance.
    epc:ModifyEpc Modifies the configuration of an EPC instance.
    epc:ModifyRemoteManagement Modifies out-of-band management.
    epc:CreateRemoteManagement Creates out-of-band management.
    epc:ReinstallCustomerEpc Reinstalls the operating system for a hosted instance type.

Did you find the above information helpful?

Mostly Unhelpful
A little helpful
Very helpful

What might be the problems?

Unclear or awkward
Redundant or clumsy
Lack of context for the complex system or functionality

More suggestions


Please give us your feedback.


Thank you for your feedback.