diff --git a/umn/source/_static/images/en-us_image_0000001602035305.png b/umn/source/_static/images/en-us_image_0000001602035305.png new file mode 100644 index 0000000..a235a33 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001602035305.png differ diff --git a/umn/source/change_history.rst b/umn/source/change_history.rst index 6856610..ad6b13c 100644 --- a/umn/source/change_history.rst +++ b/umn/source/change_history.rst @@ -8,6 +8,18 @@ Change History +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Released On | Description | +===================================+====================================================================================================================================================================================================================================================================================================================================+ +| 2023-05-26 | This release incorporates the following changes: | +| | | +| | Added the following section: | +| | | +| | Added information about cloning a security group in :ref:`Cloning a Security Group `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| 2023-05-17 | This release incorporates the following changes: | +| | | +| | Updated the following content: | +| | | +| | Modified the procedure for viewing monitoring metrics in :ref:`Viewing Metrics `. | ++-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 2023-04-28 | This release incorporates the following changes: | | | | | | Updated the following content: | diff --git a/umn/source/conf.py b/umn/source/conf.py index 203841c..76ccc61 100644 --- a/umn/source/conf.py +++ b/umn/source/conf.py @@ -18,7 +18,7 @@ import os import sys extensions = [ - 'otcdocstheme', + 'otcdocstheme' ] otcdocs_auto_name = False diff --git a/umn/source/monitoring/viewing_metrics.rst b/umn/source/monitoring/viewing_metrics.rst index 49800a1..2e014aa 100644 --- a/umn/source/monitoring/viewing_metrics.rst +++ b/umn/source/monitoring/viewing_metrics.rst @@ -20,6 +20,7 @@ Procedure 2. Click |image1| in the upper left corner and select the desired region and project. 3. Hover on the upper left corner to display **Service List** and choose **Management & Deployment** > **Cloud Eye**. 4. Click **Cloud Service Monitoring** on the left of the page, and choose **Elastic IP and Bandwidth**. -5. Locate the row that contains the target bandwidth or EIP and click **View Metric** in the **Operation** column to check the bandwidth or EIP monitoring information. +5. Select the EIP, click **More** in the **Operation** column, and click **View Metric** to view monitoring metric details. +6. Select the shared bandwidth, click **More** in the **Operation** column, and click **View Metric** to view monitoring metric details. .. |image1| image:: /_static/images/en-us_image_0141273034.png diff --git a/umn/source/security/firewall/adding_a_firewall_rule.rst b/umn/source/security/firewall/adding_a_firewall_rule.rst index 57fa634..7421e07 100644 --- a/umn/source/security/firewall/adding_a_firewall_rule.rst +++ b/umn/source/security/firewall/adding_a_firewall_rule.rst @@ -54,6 +54,8 @@ Procedure | | - Single IP address: 192.168.10.10/32 | | | | - All IP addresses: 0.0.0.0/0 | | | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | | | | | @@ -66,6 +68,8 @@ Procedure | | - Single IP address: 192.168.10.10/32 | | | | - All IP addresses: 0.0.0.0/0 | | | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | | | | | diff --git a/umn/source/security/firewall/modifying_a_firewall_rule.rst b/umn/source/security/firewall/modifying_a_firewall_rule.rst index 7e217db..a4caeba 100644 --- a/umn/source/security/firewall/modifying_a_firewall_rule.rst +++ b/umn/source/security/firewall/modifying_a_firewall_rule.rst @@ -53,6 +53,8 @@ Procedure | | - Single IP address: 192.168.10.10/32 | | | | - All IP addresses: 0.0.0.0/0 | | | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | | | | | @@ -65,6 +67,8 @@ Procedure | | - Single IP address: 192.168.10.10/32 | | | | - All IP addresses: 0.0.0.0/0 | | | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - Security group: sg-A | | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 | | | | | diff --git a/umn/source/security/security_group/cloning_a_security_group.rst b/umn/source/security/security_group/cloning_a_security_group.rst new file mode 100644 index 0000000..66695e7 --- /dev/null +++ b/umn/source/security/security_group/cloning_a_security_group.rst @@ -0,0 +1,51 @@ +:original_name: vpc_SecurityGroup_0009.html + +.. _vpc_SecurityGroup_0009: + +Cloning a Security Group +======================== + +Scenarios +--------- + +You can clone a security group from one region to another to quickly apply the security group rules to ECSs in another region. + +You can clone a security group in the following scenarios: + +- For example, you have security group **sg-A** in region A. If ECSs in region B require the same security group rules as those configured for security group **sg-A**, you can clone security group **sg-A** to region B, freeing you from creating a new security group in region B. +- If you need new security group rules, you can clone the original security group as a backup. + + .. note:: + + Security group cloning is not supported now. + +Notes and Constraints +--------------------- + +If you clone security group across regions, the system will clone only rules whose source and destination are CIDR blocks or are in the current security group. + +Procedure +--------- + +#. Log in to the management console. + +#. Click |image1| in the upper left corner and select the desired region and project. + +#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. + +#. In the navigation pane on the left, choose **Access Control** > **Security Groups**. + +#. On the **Security Groups** page, locate the row that contains the target security group and choose **More** > **Clone** in the **Operation** column. + +#. Set required parameters as prompted. + + + .. figure:: /_static/images/en-us_image_0000001602035305.png + :alt: **Figure 1** Clone Security Group + + **Figure 1** Clone Security Group + +#. Click **OK**. You can then switch to the required region to view the cloned security group in the security group list. + +.. |image1| image:: /_static/images/en-us_image_0141273034.png +.. |image2| image:: /_static/images/en-us_image_0000001500905066.png diff --git a/umn/source/security/security_group/index.rst b/umn/source/security/security_group/index.rst index 9483c13..5a4b40c 100644 --- a/umn/source/security/security_group/index.rst +++ b/umn/source/security/security_group/index.rst @@ -17,6 +17,7 @@ Security Group - :ref:`Importing and Exporting Security Group Rules ` - :ref:`Deleting a Security Group ` - :ref:`Adding Instances to and Removing Them from a Security Group ` +- :ref:`Cloning a Security Group ` - :ref:`Modifying a Security Group ` - :ref:`Viewing the Security Group of an ECS ` - :ref:`Changing the Security Group of an ECS ` @@ -37,6 +38,7 @@ Security Group importing_and_exporting_security_group_rules deleting_a_security_group adding_instances_to_and_removing_them_from_a_security_group + cloning_a_security_group modifying_a_security_group viewing_the_security_group_of_an_ecs changing_the_security_group_of_an_ecs diff --git a/umn/source/service_overview/permissions.rst b/umn/source/service_overview/permissions.rst index 5eeced6..0a478cf 100644 --- a/umn/source/service_overview/permissions.rst +++ b/umn/source/service_overview/permissions.rst @@ -5,123 +5,123 @@ Permissions =========== -If you need to assign different permissions to employees in your enterprise to access your VPC resources, IAM is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you securely manage access to your cloud resources. +If you need to assign different permissions to personnel in your enterprise to access your VPCs, IAM is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you to securely access your cloud resources. -With IAM, you can use your cloud account to create IAM users, and assign permissions to the users to control their access to specific resources. For example, some software developers in your enterprise need to use VPC resources but should not be allowed to delete the resources or perform any other high-risk operations. In this scenario, you can create IAM users for the software developers and grant them only the permissions required for using VPC resources. +With IAM, you can create IAM users, and assign permissions to control their access to specific resources. For example, if you want some software developers in your enterprise to use VPCs but do not want them to delete VPCs or perform any other high-risk operations, you can grant permissions to use VPCs but not permissions to delete them. -If your cloud account does not need individual IAM users for permissions management, you may skip over this section. +If your cloud account does not require IAM for permissions management, you can skip this section. -IAM can be used free of charge. You pay only for the resources in your account. For more information, see `IAM Service Overview `__. +IAM is a free service. You only pay for the resources in your account. For more information, see `IAM Service Overview `__. VPC Permissions --------------- -By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups that they are added to and can perform specified operations on cloud services based on the permissions. +New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and attach policies or roles to these groups. The users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned. -VPC is a project-level service deployed and accessed in specific physical regions. To assign VPC permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If **All projects** is selected, the permissions will take effect for the user group in all region-specific projects. When accessing VPC, the users need to switch to a region where they have been authorized to use VPC. +VPC is a project-level service deployed for specific regions. When you set **Scope** to **Region-specific projects** and select the specified projects in the specified regions , the users only have permissions for VPCs in the selected projects. If you set **Scope** to **All resources**, users have permissions for VPCs in all region-specific projects. When accessing VPCs, the users need to switch to the authorized region. -You can grant users permissions by using roles and policies. +You can grant permissions by using roles and policies. -- Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides only a limited number of service-level roles for authorization. When using roles to grant permissions, you need to also assign other roles on which the permissions depend to take effect. However, roles are not an ideal choice for fine-grained authorization and secure access control. -- Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. For example, you can grant IAM users only the permissions for managing a certain type of VPC resources. Most policies define permissions based on APIs. For the API actions supported by VPC, see `Permissions Policies and Supported Actions `__. +- Roles: A coarse-grained authorization strategy provided by IAM to assign permissions based on users' job responsibilities. Only a limited number of service-level roles are available for authorization. When you grant permissions using roles, you also need to attach dependent roles. Roles are not ideal for fine-grained authorization and least privilege access. +- Policies: A fine-grained authorization strategy that defines permissions required to perform operations on specific cloud resources under certain conditions. This type of authorization is more flexible and is ideal for least privilege access. For example, you can grant users only permission to manage VPCs of a certain type. A majority of fine-grained policies contain permissions for specific APIs, and permissions are defined using API actions. For the API actions supported by VPC, see `Permissions Policies and Supported Actions `__. -:ref:`Table 1 ` lists all the system-defined roles and policies supported by VPC. +:ref:`Table 1 ` lists all the system-defined permissions for VPC. .. _overview_permission__table43611845113413: -.. table:: **Table 1** System-defined roles and policies supported by VPC +.. table:: **Table 1** System-defined permissions for VPC - +--------------------+-------------------------------------------------------------------------------------------------------------------------+-----------------------+--------------------------------------------------------------------------+ - | Policy Name | Description | Policy Type | Dependencies | - +====================+=========================================================================================================================+=======================+==========================================================================+ - | VPC FullAccess | All operations on VPC. | System-defined policy | None | - +--------------------+-------------------------------------------------------------------------------------------------------------------------+-----------------------+--------------------------------------------------------------------------+ - | VPC ReadOnlyAccess | Read-only permissions on VPC. | System-defined policy | None | - +--------------------+-------------------------------------------------------------------------------------------------------------------------+-----------------------+--------------------------------------------------------------------------+ - | VPC Administrator | Most permissions on VPC, excluding creating, modifying, deleting, and viewing security groups and security group rules. | System-defined role | Dependent on the **Tenant Guest** and **Server Administrator** policies. | - | | | | | - | | To be granted this permission, users must also have the **Tenant Guest** and **Server Administrator** permission. | | | - +--------------------+-------------------------------------------------------------------------------------------------------------------------+-----------------------+--------------------------------------------------------------------------+ + +--------------------+-------------------------------------------------------------------------------------------------------------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------+ + | Policy Name | Description | Policy Type | Dependencies | + +====================+=========================================================================================================================+=======================+==============================================================================================================================+ + | VPC FullAccess | Full permissions for VPC | System-defined policy | None | + +--------------------+-------------------------------------------------------------------------------------------------------------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------+ + | VPC ReadOnlyAccess | Read-only permissions on VPC. | System-defined policy | None | + +--------------------+-------------------------------------------------------------------------------------------------------------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------+ + | VPC Administrator | Most permissions on VPC, excluding creating, modifying, deleting, and viewing security groups and security group rules. | System-defined role | **Tenant Guest** and **Server Administrator** policies, which must be attached in the same project as **VPC Administrator**. | + | | | | | + | | To be granted this permission, users must also have the **Tenant Guest** and **Server Administrator** permission. | | | + +--------------------+-------------------------------------------------------------------------------------------------------------------------+-----------------------+------------------------------------------------------------------------------------------------------------------------------+ -:ref:`Table 2 ` lists the common operations supported by each system-defined policy or role of VPC. Select the policies or roles as required. +:ref:`Table 2 ` lists the common operations supported by system-defined permissions for VPC. .. _overview_permission__table73311721105916: -.. table:: **Table 2** Common operations supported by each system-defined policy or role of VPC +.. table:: **Table 2** Common operations supported by system-defined permissions - +------------------------------------+--------------------+-------------------+----------------+ - | Operation | VPC ReadOnlyAccess | VPC Administrator | VPC FullAccess | - +====================================+====================+===================+================+ - | Creating a VPC | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Modifying a VPC | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Deleting a VPC | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Viewing VPC information | Y | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Creating a subnet | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Viewing subnet information | Y | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Modifying a subnet | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Deleting a subnet | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Creating a security group | x | x | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Viewing security group information | Y | x | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Modifying a security group | x | x | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Deleting a security group | x | x | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Adding a security group rule | x | x | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Viewing a security group rule | Y | x | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Modifying a security group rule | x | x | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Deleting a security group rule | x | x | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Creating a firewall | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Viewing a firewall | Y | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Modifying a firewall | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Deleting a firewall | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Adding a firewall rule | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Modifying a firewall rule | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Deleting a firewall rule | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Creating a VPC peering connection | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Modifying a VPC peering connection | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Deleting a VPC peering connection | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Creating a route table | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Deleting a route table | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Adding a route | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Modifying a route | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Deleting a route | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Creating a VPC flow log | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Viewing a VPC flow log | Y | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Enabling or disabling VPC flow log | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ - | Deleting a VPC flow log | x | Y | Y | - +------------------------------------+--------------------+-------------------+----------------+ + +--------------------------------------+--------------------+-------------------+----------------+ + | Operation | VPC ReadOnlyAccess | VPC Administrator | VPC FullAccess | + +======================================+====================+===================+================+ + | Creating a VPC | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Modifying a VPC | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a VPC | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Viewing VPC information | Y | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Creating a subnet | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Viewing subnet information | Y | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Modifying a subnet | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a subnet | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Creating a security group | x | x | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Viewing security group information | Y | x | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Modifying a security group | x | x | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a security group | x | x | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Adding a security group rule | x | x | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Viewing a security group rule | Y | x | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Modifying a security group rule | x | x | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a security group rule | x | x | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Creating a firewall | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Viewing a firewall | Y | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Modifying a firewall | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a firewall | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Adding a firewall rule | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Modifying a firewall rule | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a firewall rule | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Creating a VPC peering connection | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Modifying a VPC peering connection | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a VPC peering connection | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Creating a route table | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a route table | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Adding a route | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Modifying a route | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a route | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Creating a VPC flow log | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Viewing a VPC flow log | Y | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Enabling or disabling a VPC flow log | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ + | Deleting a VPC flow log | x | Y | Y | + +--------------------------------------+--------------------+-------------------+----------------+ Helpful Links ------------- diff --git a/umn/source/shared_bandwidth/assigning_a_shared_bandwidth.rst b/umn/source/shared_bandwidth/assigning_a_shared_bandwidth.rst index 253cf2b..1faaa88 100644 --- a/umn/source/shared_bandwidth/assigning_a_shared_bandwidth.rst +++ b/umn/source/shared_bandwidth/assigning_a_shared_bandwidth.rst @@ -38,7 +38,7 @@ Procedure +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Bandwidth | The bandwidth size in Mbit/s. The minimum value is 5 Mbit/s. The maximum bandwidth can be 1000 Mbit/s. | 10 | +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Bandwidth Name | The name of the shared bandwidth. | Bandwidth-001 | + | Name | The name of the shared bandwidth. | Bandwidth-001 | +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Enterprise Project | The enterprise project that the EIP belongs to. | default | | | | |