Elastic Load Balancing
用户指南
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 Amazon AWS 入门

Elastic Load Balancing API 权限

您必须为 IAM 用户授予调用所需 Elastic Load Balancing API 操作的权限,如Elastic Load Balancing 的 API 操作中所述。此外,对于某些 Elastic Load Balancing 操作,您必须授予 IAM 用户从 Amazon EC2 API 调用特定操作的权限。

2015-12-01 API 所需的权限

从 2015-12-01 API 调用以下操作时,您必须授予 IAM 用户调用指定操作的权限。

CreateLoadBalancer
  • elasticloadbalancing:CreateLoadBalancer

  • ec2:DescribeAccountAttributes

  • ec2:DescribeAddresses

  • ec2:DescribeInternetGateways

  • ec2:DescribeSecurityGroups

  • ec2:DescribeSubnets

  • ec2:DescribeVpcs

  • iam:CreateServiceLinkedRole

CreateTargetGroup
  • elasticloadbalancing:CreateTargetGroup

  • ec2:DescribeInternetGateways

  • ec2:DescribeVpcs

RegisterTargets
  • elasticloadbalancing:RegisterTargets

  • ec2:DescribeInstances

  • ec2:DescribeInternetGateways

  • ec2:DescribeSubnets

  • ec2:DescribeVpcs

SetIpAddressType
  • elasticloadbalancing:SetIpAddressType

  • ec2:DescribeSubnets

SetSubnets
  • elasticloadbalancing:SetSubnets

  • ec2:DescribeSubnets

2012-06-01 API 所需的权限

从 2012-06-01 API 调用以下操作时,您必须授予 IAM 用户调用指定操作的权限。

ApplySecurityGroupsToLoadBalancer
  • elasticloadbalancing:ApplySecurityGroupsToLoadBalancer

  • ec2:DescribeAccountAttributes

  • ec2:DescribeSecurityGroups

AttachLoadBalancerToSubnets
  • elasticloadbalancing:AttachLoadBalancerToSubnets

  • ec2:DescribeSubnets

CreateLoadBalancer
  • elasticloadbalancing:CreateLoadBalancer

  • ec2:CreateSecurityGroup

  • ec2:DescribeAccountAttributes

  • ec2:DescribeInternetGateways

  • ec2:DescribeSecurityGroups

  • ec2:DescribeSubnets

  • ec2:DescribeVpcs

  • iam:CreateServiceLinkedRole

DeregisterInstancesFromLoadBalancer
  • elasticloadbalancing:DeregisterInstancesFromLoadBalancer

  • ec2:DescribeClassicLinkInstances

  • ec2:DescribeInstances

DescribeInstanceHealth
  • elasticloadbalancing:DescribeInstanceHealth

  • ec2:DescribeClassicLinkInstances

  • ec2:DescribeInstances

DescribeLoadBalancers
  • elasticloadbalancing:DescribeLoadBalancers

  • ec2:DescribeSecurityGroups

DisableAvailabilityZonesForLoadBalancer
  • elasticloadbalancing:DisableAvailabilityZonesForLoadBalancer

  • ec2:DescribeAccountAttributes

  • ec2:DescribeInternetGateways

  • ec2:DescribeVpcs

EnableAvailabilityZonesForLoadBalancer
  • elasticloadbalancing:EnableAvailabilityZonesForLoadBalancer

  • ec2:DescribeAccountAttributes

  • ec2:DescribeInternetGateways

  • ec2:DescribeSubnets

  • ec2:DescribeVpcs

RegisterInstancesWithLoadBalancer
  • elasticloadbalancing:RegisterInstancesWithLoadBalancer

  • ec2:DescribeAccountAttributes

  • ec2:DescribeClassicLinkInstances

  • ec2:DescribeInstances

  • ec2:DescribeVpcClassicLink

示例策略

以下示例策略显示了您如何控制 IAM 用户使用 Elastic Load Balancing 时所拥有的权限。

例 示例:授予完全访问权限

以下策略向用户授予使用所有 Elastic Load Balancing API 操作、CreateSecurityGroup Amazon EC2 操作以及名称以 Describe 开头的所有 Amazon EC2 操作的权限。这使他们能够创建、更新和删除 Elastic Load Balancing 资源以及获取资源的相关信息。

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "elasticloadbalancing:*", "ec2:CreateSecurityGroup", "ec2:Describe*" ], "Resource": "*" } ] }

例 示例:授予只读访问权限

以下策略为用户授予使用名称以 Describe 开头的所有 Elastic Load Balancing 和 Amazon EC2 操作的权限。这使他们能够获取有关 Elastic Load Balancing 资源的信息。

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "elasticloadbalancing:Describe*", "ec2:Describe*" ], "Resource": "*" } ] }