Compute Permissions for Roving Edge Infrastructure
Describes the details for writing user IAM policies that control access to rules for the Compute service for a Roving Edge Infrastructure device.
Resource-Types
instances
console-histories
instance-console-connections
instance-images
compute-work-request
instance-family
Details for Verb + Resource-Type Combinations
inspect > read > use > manage.instances
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
INSTANCE_INSPECT |
ListShapes ListInstances |
GetConsoleHistory (also need inspect console-histories) ListConsoleHistories (also need inspect console-histories) ListVnicAttachments (also need read vnic-attachments) ListVolumeAttachments (also need inspect volumes and inspect volume-attachments) GetVolumeAttachment (also need inspect volumes and inspect volume-attachments) ListBootVolumeAttachments (also need inspect volumes and inspect volume-attachments) GetBootVolumeAttachment (also need inspect volumes and inspect volume-attachments) ListInstanceConsoleConnections (also need inspect instance-console-connections) |
|
read |
INSTANCE_INSPECT INSTANCE_READ |
ListShapes ListInstances GetInstance GetWindowsInstanceInitialCredentials GetInstanceDefaultCredentials ListInstanceDevices |
GetConsoleHistory (also need inspect console-histories) ListConsoleHistories (also need inspect console-histories) ListVnicAttachments (also need read vnic-attachments) ListVolumeAttachments (also need inspect volumes and inspect volume-attachments) GetVolumeAttachment (also need inspect volumes and inspect volume-attachments) ListBootVolumeAttachments (also need inspect volumes and inspect volume-attachments) GetBootVolumeAttachment (also need inspect volumes and inspect volume-attachments) ListInstanceConsoleConnections (also need inspect instance-console-connections) CaptureConsoleHistory (also need manage console-histories and read instance-images) GetConsoleHistoryContent (also need read console-histories and read instance-images) CreateInstanceConsoleConnection (also need manage instance-console-connections) GetInstanceConsoleConnection (also need read instance-console-connections) |
|
use |
INSTANCE_ATTACH_VOLUME INSTANCE_CREATE_IMAGE INSTANCE_DETACH_VOLUME INSTANCE_INSPECT INSTANCE_POWER_ACTIONS INSTANCE_READ INSTANCE_UPDATE |
ListShapes ListInstances GetInstance GetWindowsInstanceInitialCredentials GetInstanceDefaultCredentials ListInstanceDevices InstanceAction UpdateInstance |
GetConsoleHistory (also need inspect console-histories) ListConsoleHistories (also need inspect console-histories) ListVnicAttachments (also need read vnic-attachments) ListVolumeAttachments (also need inspect volumes and inspect volume-attachments) GetVolumeAttachment (also need inspect volumes and inspect volume-attachments) ListBootVolumeAttachments (also need inspect volumes and inspect volume-attachments) GetBootVolumeAttachment (also need inspect volumes and inspect volume-attachments) ListInstanceConsoleConnections (also need inspect instance-console-connections) CaptureConsoleHistory (also need manage console-histories and read instance-images) GetConsoleHistoryContent (also need read console-histories and read instance-images) CreateInstanceConsoleConnection (also need manage instance-console-connections) GetInstanceConsoleConnection (also need read instance-console-connections) AttachBootVolume (also need manage volume-attachments) AttachVolume (also need manage volume-attachments) CreateImage (also need manage instance-images and manage instances) DetachBootVolume (also need manage volume-attachments) DetachVolume (also need manage volume-attachments) |
|
manage |
INSTANCE_ATTACH_SECONDARY_VNIC INSTANCE_ATTACH_VOLUME INSTANCE_CREATE INSTANCE_CREATE_IMAGE INSTANCE_DELETE INSTANCE_DETACH_SECONDARY_VNIC INSTANCE_DETACH_VOLUME INSTANCE_INSPECT INSTANCE_MOVE INSTANCE_POWER_ACTIONS INSTANCE_READ INSTANCE_UPDATE COMPUTE_WORK_REQUEST_CREATE COMPUTE_WORK_REQUEST_INSPECT COMPUTE_WORK_REQUEST_READ |
ListShapes ListInstances GetInstance GetWindowsInstanceInitialCredentials GetInstanceDefaultCredentials ListInstanceDevices InstanceAction UpdateInstance |
GetConsoleHistory (also need inspect console-histories) ListConsoleHistories (also need inspect console-histories) ListVnicAttachments (also need read vnic-attachments) ListVolumeAttachments (also need inspect volumes and inspect volume-attachments) GetVolumeAttachment (also need inspect volumes and inspect volume-attachments) ListBootVolumeAttachments (also need inspect volumes and inspect volume-attachments) GetBootVolumeAttachment (also need inspect volumes and inspect volume-attachments) ListInstanceConsoleConnections (also need inspect instance-console-connections) CaptureConsoleHistory (also need manage console-histories and read instance-images) GetConsoleHistoryContent (also need read console-histories and read instance-images) CreateInstanceConsoleConnection (also need manage instance-console-connections) GetInstanceConsoleConnection (also need read instance-console-connections) AttachBootVolume (also need manage volume-attachments) AttachVolume (also need manage volume-attachments) CreateImage (also need manage instance-images and manage instances) DetachBootVolume (also need manage volume-attachments) DetachVolume (also need manage volume-attachments) LaunchInstance (also need read instance-images, use vnics, and use subnets) TerminateInstance (also need use vnics and use subnets; also need manage volume-attachments and use volumes if a volume is attached) GetWorkRequest, ListWorkRequestErrors, and ListWorkRequestLogs (for work requests related to instances resource types. All also need the permissions for LaunchInstance) AttachVnic (also need use vnics, use subnets, inspect vnic-attachments, and use vcns) DetachVnic (also need use vnics, use subnets, inspect vnic-attachments) |
console-histories
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
CONSOLE_HISTORY_INSPECT |
None |
GetConsoleHistory (also need inspect instances) ListConsoleHistories (also need inspect instances) |
|
read |
CONSOLE_HISTORY_INSPECT COMPUTE_WORK_REQUEST_READ |
None |
GetConsoleHistory (also need inspect instances) ListConsoleHistories (also need inspect instances) GetConsoleHistoryContent (also need read instances and read instance-images) |
|
use |
CONSOLE_HISTORY_INSPECT COMPUTE_WORK_REQUEST_READ |
None |
GetConsoleHistory (also need inspect instances) ListConsoleHistories (also need inspect instances) GetConsoleHistoryContent (also need read instances and read instance-images) |
|
manage |
CONSOLE_HISTORY_INSPECT CONSOLE_HISTORY_READ CONSOLE_HISTORY_CREATE CONSOLE_HISTORY_DELETE |
DeleteConsoleHistory UpdateConsoleHistory |
GetConsoleHistory (also need inspect instances) ListConsoleHistories (also need inspect instances) GetConsoleHistoryContent (also need read instances and read instance-images) CaptureConsoleHistory (also need read instances and read instance-images) |
instance-console-connections
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
INSTANCE_CONSOLE_CONNECTION_INSPECT |
None |
ListInstanceConsoleConnections (also need inspect instances) |
|
read |
INSTANCE_CONSOLE_CONNECTION_INSPECT INSTANCE_CONSOLE_CONNECTION_READ |
None |
ListInstanceConsoleConnections (also need inspect instances) GetInstanceConsoleConnection (also need read instances) |
|
use |
INSTANCE_CONSOLE_CONNECTION_INSPECT INSTANCE_CONSOLE_CONNECTION_READ |
None |
ListInstanceConsoleConnections (also need inspect instances) GetInstanceConsoleConnection (also need read instances) |
|
manage |
INSTANCE_CONSOLE_CONNECTION_INSPECT INSTANCE_CONSOLE_CONNECTION_READ INSTANCE_CONSOLE_CONNECTION_UPDATE INSTANCE_CONSOLE_CONNECTION_CREATE INSTANCE_CONSOLE_CONNECTION_DELETE |
UpdateInstanceConsoleConnection DeleteInstanceConsoleConnection |
ListInstanceConsoleConnections (also need inspect instances) GetInstanceConsoleConnection (also need read instances) CreateInstanceConsoleConnection (also need read instances) |
instance-images
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
INSTANCE_IMAGE_INSPECT |
ListImages GetImage GetImageShapeCompatibility ListImageShapeCompatibilities |
None |
|
read |
INSTANCE_CONSOLE_CONNECTION_INSPECT INSTANCE_CONSOLE_CONNECTION_READ |
ListImages GetImage GetImageShapeCompatibility ListImageShapeCompatibilities |
LaunchInstance (also need manage instances, manage instance-images, use vnics, and use subnets) CaptureConsoleHistory (also need read console-histories and read instances) GetConsoleHistoryContent (also need read console-histories and read instances) ExportImage (also need manage objects) |
|
use |
INSTANCE_IMAGE_INSPECT INSTANCE_IMAGE_READ INSTANCE_IMAGE_UPDATE |
ListImages GetImage GetImageShapeCompatibility ListImageShapeCompatibilities UpdateImage AddImageShapeCompatibility RemoveImageShapeCompatibility |
LaunchInstance (also need manage instances, manage instance-images, use vnics, and use subnets) CaptureConsoleHistory (also need read console-histories and read instances) GetConsoleHistoryContent (also need read console-histories and read instances) ExportImage (also need manage objects) |
|
manage |
INSTANCE_IMAGE_INSPECT INSTANCE_IMAGE_READ INSTANCE_IMAGE_UPDATE INSTANCE_IMAGE_MOVE INSTANCE_IMAGE_CREATE INSTANCE_IMAGE_DELETE COMPUTE_WORK_REQUEST_CREATE COMPUTE_WORK_REQUEST_DELETE COMPUTE_WORK_REQUEST_INSPECT COMPUTE_WORK_REQUEST_READ |
ListImages GetImage GetImageShapeCompatibility ListImageShapeCompatibilities UpdateImage AddImageShapeCompatibility RemoveImageShapeCompatibility DeleteImage |
LaunchInstance (also need manage instances, manage instance-images, use vnics, and use subnets) CaptureConsoleHistory (also need read console-histories and read instances) GetConsoleHistoryContent (also need read console-histories and read instances) CreateImage (also need use instances, manage instances, and manage instance-images) TerminateInstance (also need use vnics, use subnets, and manage instances; also need manage volume-attachments and use volumes if a volume is attached) GetWorkRequest, ListWorkRequestErrors, and ListWorkRequestLogs (for work requests related to instance-images resource types. All also need the permissions for CreateImage) ExportImage (also need manage objects) |
compute-work-request
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
|
inspect |
COMPUTE_WORK_REQUEST_INSPECT |
ListWorkrequests |
None |
|
read |
COMPUTE_WORK_REQUEST_READ |
ListWorkrequests GetWorkRequest ListWorkrequestErrors ListWorkrequestLogs |
None |
instance-family
| Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
|---|---|---|---|
| inspect |
INSTANCE_INSPECT CONSOLE_HISTORY_INSPECT INSTANCE_CONSOLE_CONNECTION_INSPECT INSTANCE_IMAGE_INSPECT VNIC_READ VNIC_ATTACHMENT_READ VOLUME_ATTACHMENT_INSPECT |
ListShapes ListInstances GetConsoleHistory ListConsoleHistories ListImages ListInstanceConsoleConnections GetImage GetImageShapeCompatibility ListImageShapeCompatibilities ListVnicAttachments |
ListVolumeAttachments (also need inspect volumes) GetVolumeAttachment (also need inspect volumes) ListBootVolumeAttachments (also need inspect volumes) GetBootVolumeAttachment (also need inspect volumes) |
|
read |
INSTANCE_INSPECT INSTANCE_READ CONSOLE_HISTORY_INSPECT CONSOLE_HISTORY_READ INSTANCE_CONSOLE_CONNECTION_INSPECT INSTANCE_CONSOLE_CONNECTION_READ INSTANCE_IMAGE_INSPECT INSTANCE_IMAGE_READ VNIC_READ VNIC_ATTACHMENT_READ VOLUME_ATTACHMENT_INSPECT VOLUME_ATTACHMENT_READ |
ListShapes ListInstances GetInstance GetWindowsInstanceInitialCredentials GetInstanceDefaultCredentials ListInstanceDevices GetConsoleHistoryContent ListConsoleHistories GetInstanceConsoleConnection ListInstanceConsoleConnections ListImages GetImage GetImageShapeCompatibility ListImageShapeCompatibilities ListVnicAttachments |
ListVolumeAttachments (also need inspect volumes) GetVolumeAttachment (also need inspect volumes) ListBootVolumeAttachments (also need inspect volumes) GetBootVolumeAttachment (also need inspect volumes) CaptureConsoleHistory (also need manage console-histories) CreateInstanceConsoleConnection (also need manage instance-console-connections) LaunchInstance (also need manage instances, manage instance-images, use vnics, and use subnets) ExportImage (also need manage objects) |
|
use |
INSTANCE_ATTACH_VOLUME INSTANCE_CREATE_IMAGE INSTANCE_DETACH_VOLUME INSTANCE_INSPECT INSTANCE_POWER_ACTIONS INSTANCE_READ INSTANCE_UPDATE CONSOLE_HISTORY_INSPECT CONSOLE_HISTORY_READ INSTANCE_CONSOLE_CONNECTION_INSPECT INSTANCE_CONSOLE_CONNECTION_READ INSTANCE_IMAGE_INSPECT INSTANCE_IMAGE_READ INSTANCE_IMAGE_UPDATE VNIC_READ VNIC_ATTACHMENT_READ VOLUME_ATTACHMENT_INSPECT VOLUME_ATTACHMENT_READ VNIC_ATTACH VNIC_DETACH VOLUME_ATTACHMENT_UPDATE |
ListShapes ListInstances GetInstance GetWindowsInstanceInitialCredentials GetInstanceDefaultCredentials ListInstanceDevices InstanceAction UpdateInstance GetConsoleHistoryContent ListConsoleHistories GetInstanceConsoleConnection ListInstanceConsoleConnections ListImages GetImage GetImageShapeCompatibility ListImageShapeCompatibilities UpdateImage AddImageShapeCompatibility RemoveImageShapeCompatibility ListVnicAttachments |
ListVolumeAttachments (also need inspect volumes) GetVolumeAttachment (also need inspect volumes) ListBootVolumeAttachments (also need inspect volumes) GetBootVolumeAttachment (also need inspect volumes) CaptureConsoleHistory (also need manage console-histories) CreateInstanceConsoleConnection (also need manage instance-console-connections) AttachBootVolume (also need manage volume-attachments) AttachVolume (also need manage volume-attachments) CreateImage (also need manage instance-images and manage instances) DetachBootVolume (also need manage volume-attachments) DetachVolume (also need manage volume-attachments) LaunchInstance (also need manage instances, manage instance-images, use subnets, and use vnics) ExportImage (also need manage objects) |
| manage |
INSTANCE_ATTACH_SECONDARY_VNIC INSTANCE_ATTACH_VOLUME INSTANCE_CREATE INSTANCE_CREATE_IMAGE INSTANCE_DELETE INSTANCE_DETACH_SECONDARY_VNIC INSTANCE_DETACH_VOLUME INSTANCE_INSPECT INSTANCE_MOVE INSTANCE_POWER_ACTIONS INSTANCE_READ INSTANCE_UPDATE COMPUTE_WORK_REQUEST_CREATE COMPUTE_WORK_REQUEST_INSPECT COMPUTE_WORK_REQUEST_READ CONSOLE_HISTORY_CREATE CONSOLE_HISTORY_DELETE CONSOLE_HISTORY_INSPECT CONSOLE_HISTORY_READ INSTANCE_CONSOLE_CONNECTION_CREATE INSTANCE_CONSOLE_CONNECTION_DELETE INSTANCE_CONSOLE_CONNECTION_INSPECT INSTANCE_CONSOLE_CONNECTION_READ INSTANCE_CONSOLE_CONNECTION_UPDATE INSTANCE_IMAGE_CREATE INSTANCE_IMAGE_DELETE INSTANCE_IMAGE_INSPECT ,INSTANCE_IMAGE_MOVE INSTANCE_IMAGE_READ INSTANCE_IMAGE_UPDATE VNIC_READ VNIC_ATTACHMENT_READ VOLUME_ATTACHMENT_INSPECT VOLUME_ATTACHMENT_READ VNIC_ATTACH VNIC_DETACH VOLUME_ATTACHMENT_UPDATE VOLUME_ATTACHMENT_CREATE VOLUME_ATTACHMENT_DELETE |
ListShapes ListInstances GetInstance GetWindowsInstanceInitialCredentials GetInstanceDefaultCredentials ListInstanceDevices InstanceAction UpdateInstance CaptureConsoleHistory GetConsoleHistoryContent ListConsoleHistories DeleteConsoleHistory UpdateConsoleHistory CreateInstanceConsoleConnection GetInstanceConsoleConnection ListInstanceConsoleConnections UpdateInstanceConsoleConnection DeleteInstanceConsoleConnection CreateImage ListImages GetImage GetImageShapeCompatibility ListImageShapeCompatibilities UpdateImage AddImageShapeCompatibility RemoveImageShapeCompatibility DeleteImage ListWorkrequests GetWorkRequest ListWorkrequestErrors ListWorkrequestLogs ListVnicAttachments AttachBootVolume AttachVolume DetachBootVolume |
ListVolumeAttachments (also need inspect volumes) GetVolumeAttachment (also need inspect volumes) ListBootVolumeAttachments (also need inspect volumes) GetBootVolumeAttachment (also need inspect volumes) LaunchInstance (also need use subnets and use vnics) TerminateInstance (also need use subnets, and use vnics) AttachVnic (also need use subnets and use vcns) DetachVnic (also need use subnets) ExportImage (also need manage objects) |