Skip to content

Volcengine Role Authorization

  1. Go to Users > Access Control > Role Management, click Create Role: Select Other Account, enter the Guance account ID.

  1. Enter the role name and skip the policy management, successfully create a new role.

  2. Select the new role and click the role name.

  1. Switch to Trust Relationships and modify the trust policy.

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "sts:AssumeRole"
      ],
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "<External ID>"
        }
      },
      "Principal": {
        "IAM": [
          "trn:iam::<Guance Account ID>:user/<Guance Username>"
        ]
      }
    }
  ]
}
  1. Go to Permission Policies, click "Create Custom Policy".

  1. Enter the policy name, then enter the policy in the JSON editor and submit.

{
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "tos:GetObject",
                "tos:PutObject",
                "tos:ListBucket",
                "tos:ListBucketVersions",
                "tos:HeadBucket",
                "tos:RestoreObject"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}
  1. After the policy is submitted successfully, click Add Permission.

  1. Select the previously created new role and submit.

Feedback

Is this page helpful? ×