阿里云RAM子账号执行一键挂载nas到ecs服务器时报错:
image.png
1、此提示需要ram子账号添加指定自定义权限。
打开RAM访问控制控制台,在左侧权限管理中点击权限策略——创建权限策略
image.png
2、在脚本编辑下,将下面代码粘贴上,然后下一步。
image.png
{
"Version": "1",
"Statement": [
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "ecs-handler.nas.aliyuncs.com"
}
}
},
{
"Effect": "Allow",
"Action": "ecs:InvokeCommand",
"Resource": [
"acs:ecs:*:*:instance/*",
"acs:ecs:*:*:command/cmd-ACS-NAS-ClickMount-*"
]
},
{
"Effect": "Allow",
"Action": [
"ecs:DescribeInstances",
"ecs:DescribeCloudAssistantStatus"
],
"Resource": "acs:ecs:*:*:instance/*"
},
{
"Effect": "Allow",
"Action": [
"ecs:DescribeInvocations",
"ecs:DescribeInvocationResults"
],
"Resource": "*"
}
]
}
3、在此页面填写名称和备注,然后确定即可
image.png
4、此时我们返回ram访问控制控制台,找到指定的ram子账号,将刚才创建的自定义策略添加给用户即可。
网友评论