forked from docs/doc-exports
liusiying01
904c1aad8b
Reviewed-by: Mützel, Andrea <andrea.muetzel@t-systems.com> Co-authored-by: liusiying01 <liusiying@huawei.com> Co-committed-by: liusiying01 <liusiying@huawei.com>
187 lines
28 KiB
HTML
187 lines
28 KiB
HTML
<a name="functiongraph_01_0920"></a><a name="functiongraph_01_0920"></a>
|
||
|
||
<h1 class="topictitle1">Configuring Agency Permissions</h1>
|
||
<div id="body8662426"><div class="section" id="functiongraph_01_0920__en-us_topic_0000001298507433_section1812219242256"><h4 class="sectiontitle">Overview</h4><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p97426213495">FunctionGraph works with other cloud services in most scenarios. Create a cloud service agency so that FunctionGraph can perform resource O&M in other cloud services on your behalf.</p>
|
||
</div>
|
||
<div class="section" id="functiongraph_01_0920__en-us_topic_0000001298507433_section750620303288"><h4 class="sectiontitle">Scenario</h4><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p670143618284">Before using FunctionGraph in the following scenarios, <a href="#functiongraph_01_0920__en-us_topic_0000001298507433_section17872123319473">create an agency</a>. Adjust the permissions granted to the agency to meet your service requirements. For example, grant the Admin permission in the development phase, and <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b154314543246">change it to the fine-grained minimum permission in the product environment</strong>. This ensures the required permissions while eliminating risks. Select the required action by referring to <a href="#functiongraph_01_0920__en-us_topic_0000001298507433_table375913368504">Table 1</a>.</p>
|
||
|
||
<div class="tablenoborder"><a name="functiongraph_01_0920__en-us_topic_0000001298507433_table375913368504"></a><a name="en-us_topic_0000001298507433_table375913368504"></a><table cellpadding="4" cellspacing="0" summary="" id="functiongraph_01_0920__en-us_topic_0000001298507433_table375913368504" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Common actions</caption><thead align="left"><tr id="functiongraph_01_0920__en-us_topic_0000001298507433_row2759236155016"><th align="left" class="cellrowborder" valign="top" width="17.45%" id="mcps1.3.2.3.2.5.1.1"><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p14759113618507">Scenario</p>
|
||
</th>
|
||
<th align="left" class="cellrowborder" valign="top" width="14.12%" id="mcps1.3.2.3.2.5.1.2"><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1331864612556">Admin Permission</p>
|
||
</th>
|
||
<th align="left" class="cellrowborder" valign="top" width="26.740000000000002%" id="mcps1.3.2.3.2.5.1.3"><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p17759103613505">Fine-Grained Minimum Permission</p>
|
||
</th>
|
||
<th align="left" class="cellrowborder" valign="top" width="41.69%" id="mcps1.3.2.3.2.5.1.4"><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p5759163616502">Description</p>
|
||
</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody><tr id="functiongraph_01_0920__en-us_topic_0000001298507433_row167591236145010"><td class="cellrowborder" valign="top" width="17.45%" headers="mcps1.3.2.3.2.5.1.1 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1760143695010">Using a custom image</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="14.12%" headers="mcps1.3.2.3.2.5.1.2 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p631954616558">SWR Administrator</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="26.740000000000002%" headers="mcps1.3.2.3.2.5.1.3 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p18453654135511">Unavailable</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="41.69%" headers="mcps1.3.2.3.2.5.1.4 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p77604368507">SWR Admin: administrator who has all permissions for the Software Repository for Container (SWR) service.</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1276003615509">For details about how to create a custom image, see <a href="functiongraph_01_1047.html#functiongraph_01_1047">Creating a Function with an Image</a>.</p>
|
||
</td>
|
||
</tr>
|
||
<tr id="functiongraph_01_0920__en-us_topic_0000001298507433_row4760153619502"><td class="cellrowborder" valign="top" width="17.45%" headers="mcps1.3.2.3.2.5.1.1 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p17601236165010">Mounting an SFS Turbo file system</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="14.12%" headers="mcps1.3.2.3.2.5.1.2 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1319204615556">SFS Turbo ReadOnlyAccess</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="26.740000000000002%" headers="mcps1.3.2.3.2.5.1.3 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p2760163695016">sfsturbo:shares:getShare (Query details about a file system)</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p6423321132519">sfsturbo:shares:showFsDir (Check whether a directory exists)</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="41.69%" headers="mcps1.3.2.3.2.5.1.4 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p2084472943317">SFS Turbo ReadOnlyAccess: read-only permissions for SFS Turbo.</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p207601636195018">sfsturbo:shares:getShare: permission for querying a file system in SFS.</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1855326182720">sfsturbo:shares:showFsDir: permission for checking whether a directory exists in SFS.</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p37601836195010">For details about how to mount an SFS Turbo file system, see <a href="functiongraph_01_0402.html#functiongraph_01_0402__en-us_topic_0000001298786853_section457221344513">Mounting an SFS Turbo File System</a>.</p>
|
||
</td>
|
||
</tr>
|
||
<tr id="functiongraph_01_0920__en-us_topic_0000001298507433_row7760236105010"><td class="cellrowborder" valign="top" width="17.45%" headers="mcps1.3.2.3.2.5.1.1 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p117601363502">Mounting an ECS shared directory</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="14.12%" headers="mcps1.3.2.3.2.5.1.2 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p10319184615511">ECS ReadOnlyAccess</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="26.740000000000002%" headers="mcps1.3.2.3.2.5.1.3 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p0761163675018">ecs:cloudServers:get (Query details about an ECS)</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="41.69%" headers="mcps1.3.2.3.2.5.1.4 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p11761173695020">ECS ReadOnlyAccess: read-only permissions for ECS.</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p11691114814103">ecs:cloudServers:get: permission for querying an ECS.</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p476114365507">For details about how to mount an ECS shared directory, see <a href="functiongraph_01_0402.html#functiongraph_01_0402__en-us_topic_0000001298786853_section11158112711472">Mounting an ECS Shared Directory</a>.</p>
|
||
</td>
|
||
</tr>
|
||
<tr id="functiongraph_01_0920__en-us_topic_0000001298507433_row87611536155014"><td class="cellrowborder" valign="top" width="17.45%" headers="mcps1.3.2.3.2.5.1.1 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p177611036195017">Configuring a reserved instance policy</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="14.12%" headers="mcps1.3.2.3.2.5.1.2 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p6319124695511">AOM ReadOnlyAccess</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="26.740000000000002%" headers="mcps1.3.2.3.2.5.1.3 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p18761183635016">aom:metric:get (Query a metric)</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p6252838112914">aom:metric:list (Query metric list)</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="41.69%" headers="mcps1.3.2.3.2.5.1.4 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p54697381434">AOM ReadOnlyAccess: read-only permissions for AOM.</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p466043011399">aom:metric:get: permissions for querying a metric in AOM.</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p77691380378">aom:metric:list: permissions for querying metric list in AOM.</p>
|
||
</td>
|
||
</tr>
|
||
<tr id="functiongraph_01_0920__en-us_topic_0000001298507433_row1564532420381"><td class="cellrowborder" valign="top" width="17.45%" headers="mcps1.3.2.3.2.5.1.1 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p156461124153817">Using a DMS trigger</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="14.12%" headers="mcps1.3.2.3.2.5.1.2 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1864692417389">DMS ReadOnlyAccess</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="26.740000000000002%" headers="mcps1.3.2.3.2.5.1.3 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p864682410388">dms:instance:get (Query instance details)</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="41.69%" headers="mcps1.3.2.3.2.5.1.4 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1646924133816">DMS ReadOnlyAccess: read-only permissions for DMS.</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p15491424144018">dms:instance:get: permissions for querying instance details in DMS.</p>
|
||
</td>
|
||
</tr>
|
||
<tr id="functiongraph_01_0920__en-us_topic_0000001298507433_row13761133665018"><td class="cellrowborder" valign="top" width="17.45%" headers="mcps1.3.2.3.2.5.1.1 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p376133616507">Configuring cross-domain VPC access</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="14.12%" headers="mcps1.3.2.3.2.5.1.2 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1176183635014">VPC Administrator</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="26.740000000000002%" headers="mcps1.3.2.3.2.5.1.3 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p12833171517142">vpc:ports:get (Query a port)</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p883311520146">vpc:ports:create (Create a port)</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1583312150148">vpc:vpcs:get (Query a VPC)</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p783311153148">vpc:subnets:get (Query a subnet)</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p5208112218441">vpc:vips:delete (Unbind a virtual IP address from a VM)</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p7486164915456">vpc:securityGroups:get (Query security groups or details about a security group)</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="41.69%" headers="mcps1.3.2.3.2.5.1.4 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p7761133611503">Users with the <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b6341162317515">VPC Administrator</strong> permissions can perform any operations on all cloud resources of the VPC. To configure cross-VPC access, specify an agency with VPC management permissions.</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p092419813121">Fine-grained minimum permission for VPC: permissions for unbinding a virtual IP address from a VM, querying a port, creating a port, querying a VPC, querying a subnet, and querying security groups or details about a security group.</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p16762336135020">For details about how to configure cross-domain VPC access, see <a href="functiongraph_01_0222.html#functiongraph_01_0222">Configuring Networks</a>.</p>
|
||
</td>
|
||
</tr>
|
||
<tr id="functiongraph_01_0920__en-us_topic_0000001298507433_row11308812608"><td class="cellrowborder" rowspan="2" valign="top" width="17.45%" headers="mcps1.3.2.3.2.5.1.1 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p16308101218015">Configuring asynchronous notification</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="14.12%" headers="mcps1.3.2.3.2.5.1.2 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1677816529168">If the target service is OBS:</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p630917121017">OBS Administrator</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="26.740000000000002%" headers="mcps1.3.2.3.2.5.1.3 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p153915131719">obs:bucket:HeadBucket (Obtain bucket metadata)</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p15540751111719">obs:bucket:CreateBucket (Create a bucket)</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p19540195191719">obs:object:PutObject (Upload objects using PUT method, upload objects using POST method, copy objects, append an object, initialize a multipart task, upload parts, and merge parts)</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="41.69%" headers="mcps1.3.2.3.2.5.1.4 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1309121219017">OBS Administrator: administrator who has all permissions for OBS.</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p10754426102214">Fine-grained minimum permission for OBS: permissions for obtaining bucket metadata, creating a bucket, uploading objects using POST method, copying objects, appending an object, initializing a multipart task, uploading parts, and merging parts.</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p15211515202220">For details about how to configure asynchronous notification, see <a href="functiongraph_01_0390_03.html#functiongraph_01_0390_03">Configuring Asynchronous Notification Policy</a>.</p>
|
||
</td>
|
||
</tr>
|
||
<tr id="functiongraph_01_0920__en-us_topic_0000001298507433_row1667745111219"><td class="cellrowborder" valign="top" headers="mcps1.3.2.3.2.5.1.1 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1537475521616">If the target service is SMN:</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1768045191213">SMN Administrator</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" headers="mcps1.3.2.3.2.5.1.2 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p17362943183710">smn:topic:publish (Publish a message)</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p138331544141717">smn:topic:list (Query the topic list)</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" headers="mcps1.3.2.3.2.5.1.3 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1768114512127">SMN Administrator: administrator who has all permissions for SMN.</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p36291720164013">Fine-grained minimum permission for using SMN: permissions for publishing a message and querying the topic list.</p>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1045161122315">For details about how to configure asynchronous notification, see <a href="functiongraph_01_0390_03.html#functiongraph_01_0390_03">Configuring Asynchronous Notification Policy</a>.</p>
|
||
</td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</div>
|
||
<div class="section" id="functiongraph_01_0920__en-us_topic_0000001298507433_section17872123319473"><a name="functiongraph_01_0920__en-us_topic_0000001298507433_section17872123319473"></a><a name="en-us_topic_0000001298507433_section17872123319473"></a><h4 class="sectiontitle">Creating an Agency</h4><div class="note" id="functiongraph_01_0920__en-us_topic_0000001298507433_note14362194813914"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p2037394913915">In the following example, the <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b1970912285196">VPC Administrator</strong> permission is assigned to FunctionGraph and this setting takes effect only in the authorized regions.</p>
|
||
</div></div>
|
||
<p id="functiongraph_01_0920__en-us_topic_0000001298507433_p6140193910552">Create an agency by referring to section "Creating an Agency" and set parameters as follows:</p>
|
||
<ol id="functiongraph_01_0920__en-us_topic_0000001298507433_ol46825319484"><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li86821134482">Log in to the IAM console.</li><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li6655512174612"><a name="functiongraph_01_0920__en-us_topic_0000001298507433_li6655512174612"></a><a name="en-us_topic_0000001298507433_li6655512174612"></a>On the IAM console, choose <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b8134743145117">Agencies</strong> from the navigation pane, and click <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b131351343115116">Create Agency</strong> in the upper right corner.<div class="fignone" id="functiongraph_01_0920__en-us_topic_0000001298507433_fig66538916344"><span class="figcap"><b>Figure 1 </b>Creating an agency</span><br><span><img id="functiongraph_01_0920__en-us_topic_0000001298507433_image6653129143411" src="en-us_image_0000001630843130.png" title="Click to enlarge" class="imgResize"></span></div>
|
||
</li><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li032355414817">Configure the agency.<div class="fignone" id="functiongraph_01_0920__en-us_topic_0000001298507433_fig1635153183714"><span class="figcap"><b>Figure 2 </b>Setting basic information</span><br><span><img id="functiongraph_01_0920__en-us_topic_0000001298507433_image66351238379" src="en-us_image_0000001678804153.png" title="Click to enlarge" class="imgResize"></span></div>
|
||
<ul id="functiongraph_01_0920__en-us_topic_0000001298507433_ul205186576110"><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li8956183044919">For <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b1018725973213">Agency Name</strong>, enter <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b07931661335">serverless-trust</strong>.</li><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li95181457213">For <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b13624124617441">Agency Type</strong>, select <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b6624246104411">Cloud service</strong>.</li><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li396710913212">For <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b9767105510446">Cloud Service</strong>, select <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b9772155524415">FunctionGraph</strong>.</li><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li15420298217">For <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b113895711449">Validity Period</strong>, select <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b1613865774414">Unlimited</strong>.</li><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li8567134045210"><strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b106792015586">Description</strong>: Enter the description.</li></ul>
|
||
</li></ol><ol start="4" id="functiongraph_01_0920__en-us_topic_0000001298507433_ol10564426185012"><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li12564132695015">Click <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b127207301836">Next</strong>. On the displayed page, search for the permissions to be added in the search box on the right and select the permissions. The <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b15201159112219">VPC Administrator</strong> permission is used as an example.<div class="fignone" id="functiongraph_01_0920__en-us_topic_0000001298507433_fig17147620104013"><span class="figcap"><b>Figure 3 </b>Selecting policies</span><br><span><img id="functiongraph_01_0920__en-us_topic_0000001298507433_image814742074010" src="en-us_image_0000001630365702.png" title="Click to enlarge" class="imgResize"></span></div>
|
||
|
||
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="functiongraph_01_0920__en-us_topic_0000001298507433_table15651512165717" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Example of agency permissions</caption><thead align="left"><tr id="functiongraph_01_0920__en-us_topic_0000001298507433_row1165041216575"><th align="left" class="cellrowborder" valign="top" width="34.39%" id="mcps1.3.3.5.1.4.2.3.1.1"><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p10650121235720">Policy Name</p>
|
||
</th>
|
||
<th align="left" class="cellrowborder" valign="top" width="65.61%" id="mcps1.3.3.5.1.4.2.3.1.2"><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p36503125575">Scenario</p>
|
||
</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody><tr id="functiongraph_01_0920__en-us_topic_0000001298507433_row4651121212577"><td class="cellrowborder" valign="top" width="34.39%" headers="mcps1.3.3.5.1.4.2.3.1.1 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p965016126573">VPC Administrator</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="65.61%" headers="mcps1.3.3.5.1.4.2.3.1.2 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p18650131215577">VPC administrator</p>
|
||
</td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
</li><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li18932831837"><a name="functiongraph_01_0920__en-us_topic_0000001298507433_li18932831837"></a><a name="en-us_topic_0000001298507433_li18932831837"></a>Click <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b1543614281253">Next</strong> and select the scope.<div class="fignone" id="functiongraph_01_0920__en-us_topic_0000001298507433_fig1728045134315"><span class="figcap"><b>Figure 4 </b>Selecting the required permissions</span><br><span><img id="functiongraph_01_0920__en-us_topic_0000001298507433_image3280352439" src="en-us_image_0000001679086013.png" title="Click to enlarge" class="imgResize"></span></div>
|
||
</li></ol>
|
||
</div>
|
||
<div class="section" id="functiongraph_01_0920__en-us_topic_0000001298507433_section35661045182115"><h4 class="sectiontitle">Configuring an Agency</h4><ol id="functiongraph_01_0920__en-us_topic_0000001298507433_ol1948318134224"><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li7638517365">In the left navigation pane of the management console, choose <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b147421135181114">Compute</strong> > <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b074316352115">FunctionGraph</strong>. On the FunctionGraph console, choose <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b4616184814113">Functions</strong> > <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b3616848121113">Function List</strong> from the navigation pane.</li><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li199991608237">Click the function to be configured to go to the function details page.</li><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li38699170239">Choose <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b1422873611368">Configuration</strong> > <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b93961739173618">Permissions</strong>, click <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b075684583620">Create Agency</strong>, and set an agency based on site requirements by referring to <a href="#functiongraph_01_0920__en-us_topic_0000001298507433_li6655512174612">2</a>–<a href="#functiongraph_01_0920__en-us_topic_0000001298507433_li18932831837">5</a>.
|
||
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="functiongraph_01_0920__en-us_topic_0000001298507433_table53879455302" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Agency configuration parameters</caption><thead align="left"><tr id="functiongraph_01_0920__en-us_topic_0000001298507433_row19388145113010"><th align="left" class="cellrowborder" valign="top" width="25.580000000000002%" id="mcps1.3.4.2.3.6.2.3.1.1"><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p23881645183017">Parameter</p>
|
||
</th>
|
||
<th align="left" class="cellrowborder" valign="top" width="74.42%" id="mcps1.3.4.2.3.6.2.3.1.2"><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1738864513306">Description</p>
|
||
</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody><tr id="functiongraph_01_0920__en-us_topic_0000001298507433_row5388154513300"><td class="cellrowborder" valign="top" width="25.580000000000002%" headers="mcps1.3.4.2.3.6.2.3.1.1 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p1338844513011">Agency</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="74.42%" headers="mcps1.3.4.2.3.6.2.3.1.2 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p738894593017">Select a function that you have created.</p>
|
||
</td>
|
||
</tr>
|
||
<tr id="functiongraph_01_0920__en-us_topic_0000001298507433_row154511198310"><td class="cellrowborder" valign="top" width="25.580000000000002%" headers="mcps1.3.4.2.3.6.2.3.1.1 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p154511797314">Execution Agency</p>
|
||
</td>
|
||
<td class="cellrowborder" valign="top" width="74.42%" headers="mcps1.3.4.2.3.6.2.3.1.2 "><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p24511696314">Mandatory if you select <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b16185131483911">Specify an exclusive agency for function execution</strong>.</p>
|
||
</td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
<div class="note" id="functiongraph_01_0920__en-us_topic_0000001298507433_note61117911322"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="functiongraph_01_0920__en-us_topic_0000001298507433_ul21109183211"><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li7116983217">To ensure optimal performance, select <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b245913610353">Specify an exclusive agency for function execution</strong> and set different agencies for function configuration and execution. You can also use no agency or specify the same agency for both purposes. <a href="#functiongraph_01_0920__en-us_topic_0000001298507433_fig822424719482">Figure 5</a> shows the agency options.<div class="p" id="functiongraph_01_0920__en-us_topic_0000001298507433_p47948512398"><div class="fignone" id="functiongraph_01_0920__en-us_topic_0000001298507433_fig822424719482"><a name="functiongraph_01_0920__en-us_topic_0000001298507433_fig822424719482"></a><a name="en-us_topic_0000001298507433_fig822424719482"></a><span class="figcap"><b>Figure 5 </b>Setting agencies</span><br><span><img id="functiongraph_01_0920__en-us_topic_0000001298507433_image1222454774810" src="en-us_image_0000001679087833.png" title="Click to enlarge" class="imgResize"></span></div>
|
||
</div>
|
||
</li><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li10416422164019"><strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b102861122404">Execution Agency</strong>: This type of agency enables you to obtain a token and AK/SK from the context in the function handler for accessing other cloud services.</li></ul>
|
||
</div></div>
|
||
</li></ol><ol start="4" id="functiongraph_01_0920__en-us_topic_0000001298507433_ol13943184211409"><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li19943842194018">Click <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b1943181115307">Save</strong>.</li></ol>
|
||
</div>
|
||
<div class="section" id="functiongraph_01_0920__en-us_topic_0000001298507433_section17979205025313"><h4 class="sectiontitle">Modifying an Agency</h4><p id="functiongraph_01_0920__en-us_topic_0000001298507433_p63251245115916">Modifying an agency: You can modify the permissions, validity period, and description of an agency on the IAM console.</p>
|
||
<div class="caution" id="functiongraph_01_0920__en-us_topic_0000001298507433_note255943118019"><span class="cautiontitle"><img src="public_sys-resources/caution_3.0-en-us.png"> </span><div class="cautionbody"><ul id="functiongraph_01_0920__en-us_topic_0000001298507433_ul116391659193419"><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li19639259203416">After an agency is modified, it takes about 10 minutes for the modification (for example, <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b18746231458">context.getToken</strong>) to take effect.</li><li id="functiongraph_01_0920__en-us_topic_0000001298507433_li251510352">The agency information obtained using the <strong id="functiongraph_01_0920__en-us_topic_0000001298507433_b1713821613616">context</strong> method is valid for 24 hours. Refresh it before it expires.</li></ul>
|
||
</div></div>
|
||
</div>
|
||
</div>
|
||
<div>
|
||
<div class="familylinks">
|
||
<div class="parentlink"><strong>Parent topic:</strong> <a href="functiongraph_01_0300.html">Configuring Functions</a></div>
|
||
</div>
|
||
</div>
|
||
|
||
|
||
<script language="JavaScript">
|
||
<!--
|
||
image_size('.imgResize');
|
||
var msg_imageMax = "view original image";
|
||
var msg_imageClose = "close";
|
||
//--></script> |