English
Our Service
Other service

Access Management via Policy

IAM Policies are JSON documents that define permissions and rules for accessing resources. These policies are attached to IAM User Accounts, User Groups, and Service Accounts to control the actions they can perform on specific resources. IAM Policies adhere to the "allow" or "deny" principle, meaning they explicitly grant or deny access to resources and actions.

1. Create a Policy (Policy)

To create a Policy, follow these steps:

  1. Access the IAM Console: https://hcm-3.console.vngcloud.vn/iam/

  2. Click on "Policy" in the left menu.

  3. Click on "Create a policy.

  4. Provide the policy name and optional description.

  5. Click on "Next step" to continue configuring permissions.

  6. By default, the interface will display the "Visual editor" tab. Use the Visual editor feature to continue the initialization process.

  7. Select a specific Product in the VNG Cloud system that needs configuration.

  8. Specify the allowed Actions on the resources of the product.

  9. Select the resources for which the actions apply (All resources / Specific resource).

  10. Provide optional conditions when applying.

  11. To add a new set of Actions to apply to a new set of Resources within the same Policy, click on "Add Rule" as shown below, and continue to follow the instructions from step 6 → 9.

  12. Review the settings and click on "Create policy."

Note

For Policies to function properly, you need to assign them to a specific object (IAM user account, Service account, Group), refer to the instructions below for Policy usage management.

2. Create and Edit Policy với JSON

In addition to creating and editing Policies with the Visual editor, you can also use the "JSON" tab to create/edit Policies.

Use the instructions below for more details:

Here is the corresponding sample JSON when selecting:

  • Product: vMonitor Effect: Allow Permission

  • Action: All vMonitor actions

  • Resource: All resources

  • Request conditions: Not installed

Example JSON Expand source

JSON Attribute Explanation

  • Statement: Policy

  • Each object in the Statement corresponds to a Rule, including:

    • Effect: Allow / Deny Permission

    • Action: List of Actions allowed / denied on the Resource

    • Resource: List of Resources that will apply the above

    • Actions Conditon: Request conditions

Relationship between Visual editor and JSON

  • Visual editor and JSON are 2 Policy editors, provided by IAM VNG Cloud Services.

  • Once you Create/Edit a policy from Visual editor/JSON, the data will be automatically updated between the 2 tabs.

  • To shorten the process of creating/editing a Policy, you can use the Visual editor/JSON feature back and forth

  • Note that all actions/edits from the 2 tabs are synchronized with the remaining tab.

Note

To avoid accidentally deleting a Policy that is being used by IAM objects, we recommend that you unattach the Policy from the IAM objects instead of deleting it directly. Once a Policy is deleted, it cannot be restored.

PreviousIAM Access ManagementNextVNG Managed Policy

Last updated

Logo

Address

VNG Corporation

Contact us

support@vngcloud.vn1900 1549

About us

About VNG CloudGet started our cloud