帮助中心 > 访问控制 > 用户指南 > 授权常见问题 > 特殊操作的权限组合 > 公网IP策略示例

2.3 公网IP授权示例

当您需要授权某个子用户“云主机绑定/解绑公网IP”的操作权限时,您可以这样编辑策略:

例1:公网IP绑定默认私网下的云主机

{
"Version": "1",
"Statement": [
  {
    "Effect": "Allow",
    "Action": [
      "vpc:DescribeEip*",
      "vpc:*ssociateEip*",
      "cec:DescribeInstance*",
      "vpc:AssociateEip",
      "vpc:DescribeNetworks"
    ],
    "Resource": [
      "ccs:vpc:cn-test-suzhou1:*:eip-rv180h4obpg13u",
      "ccs:cec:cn-test-suzhou1:*:i-ay180h4ob3k20t",
      "ccs:vpc:cn-test-suzhou1:*:n-sc180h4nfc348e"
    ]
  },
  {
    "Effect": "Allow",
    "Action": [
      "vpc:DescribeEips",
      "cec:DescribeInstance*"
    ],
    "Resource": [
      "ccs:vpc:cn-test-suzhou1:*:eip-1",
      "ccs:cec:cn-test-suzhou1:*:-1"
    ]
  }
]
}

例2:公网IP绑定自定义私网下的云主机(此时需要把自定义私网连接的路由器的相关权限也给到子用户)

{
"Version": "1",
"Statement": [
  {
    "Effect": "Allow",
    "Action": [
      "vpc:*ssociateEip*",
      "cec:DescribeInstance*"
    ],
    "Resource": [
      "ccs:vpc:cn-test-suzhou1:*:eip-rv180h4obpg13u",
      "ccs:vpc:cn-test-suzhou1:*:n-3u180h4h9wa89",
      "ccs:vpc:cn-test-suzhou1:*:r-g5180h4h9tv93x",
      "ccs:cec:cn-test-suzhou1:*:-1"
    ]
  },
  {
    "Effect": "Allow",
    "Action": [
      "vpc:DescribeEip*",
      "vpc:*ssociateEip*",
      "vpc:DescribeNetworks",
      "vpc:DescribeRouter*"
    ],
    "Resource": [
      "ccs:vpc:cn-test-suzhou1:*:eip-rv180h4obpg13u",
      "ccs:vpc:cn-test-suzhou1:*:n-3u180h4h9wa89",
      "ccs:vpc:cn-test-suzhou1:*:r-g5180h4h9tv93x",
      "ccs:vpc:cn-test-suzhou1:*:eip-1",
      "ccs:vpc:cn-test-suzhou1:*:r-1"
    ]
  }
]
}