Creating an Agency
Services of the cloud platform interwork with each other, and some cloud services are dependent on other services. To delegate a cloud service to access other services and perform resource O&M, create an agency for the service.
Create an agency based on Creating an Agency and set parameters as follows:
- For Agency Type, select Cloud service.
- For Cloud Service, select FunctionGraph.
- For Validity Period, select Unlimited.
- For Permissions: Select permissions based on requirements. Select Region-specific projects. The following takes VPC Administrator and DNS ReadOnlyAccess permissions as examples.
Table 1 Example of agency permissions Policy Name
Scenario
VPC Administrator
Users with the VPC Administrator permissions can perform any operations on all cloud resources of the VPC.
For example, to configure cross-VPC access, you must specify an agency with VPC management permissions.
DNS ReadOnlyAccess
Users with the DNS ReadOnlyAccess permissions can read DNS resources.
For example, to invoke a DNS API to resolve private domain names, you must specify an agency with the permissions to read DNS resources.
Related Operations
Modifying an agency: You can modify the permissions, validity period, and description of an agency on the IAM console.
- After an agency is modified, it takes about 10 minutes for the modification (for example, context.getToken) to take effect.
- The agency information obtained using the context method is valid for 24 hours. Refresh it before it expires.
- Related Operations