Permissions¶
If you need to assign different permissions to personnel in your enterprise to access your VPCEP resources, Identity and Access Management (IAM) is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you to securely access your cloud resources.
With IAM, you can use your account to create IAM users and assign permissions to control their access to specific cloud resources. For example, if you want website maintenance personnel in your enterprise to use VPCEP resources but do not want them to delete other cloud resources or perform any other high-risk operations, you can create IAM users and grant only permissions to use VPCEP resources.
If your account does not require individual IAM users for permissions management, you can skip this section.
IAM is a free service. You only pay for the resources in your account.
For more information about IAM, see IAM Service Overview.
VPCEP Permissions¶
New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and attach policies or roles to these groups. The users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned.
VPCEP is a project-level service deployed for specific regions. You need to select a project for which the permissions will be granted. If you select All projects, the permissions will be granted for all the projects. When accessing the VPCEP service, the users need to switch to the authorized region.
Table 1 lists all system-defined roles for VPCEP.
Role | Description | Category | Dependency |
|---|---|---|---|
VPCEndpoint Administrator | Full permissions for VPCEP | System-defined role | This role depends on Server Administrator, VPC Administrator, and DNS Administrator roles in the same project. |
Table 2 lists the common operations supported by system-defined permissions for VPCEP.
Operation | VPCEndpoint Administrator |
|---|---|
Creating a VPC endpoint | Y |
Deleting a VPC endpoint | Y |
Querying a VPC endpoint | Y |
Modifying a VPC endpoint | Y |
Creating a VPC endpoint service | Y |
Deleting a VPC endpoint service | Y |
Querying a VPC endpoint service | Y |
Modifying a VPC endpoint service | Y |