- Product Introduction
- Purchase Guide
- Getting Started
- User Guide
- Overview
- Users
- Identity Provider
- SSO Overview
- Practical Scenarios for SSO
- User-Based SSO
- Role-Based SSO
- Overview
- Overview of SAML Role-Based SSO
- Overview of OIDC Role-Based Single Sign-On
- SAML 2.0-Based Federation
- Accessing Tencent Cloud Console as SAML 2.0 Federated Users
- Creating a SAML IdP
- Creating an OIDC Identity Provider
- Managing IdPs
- Azure Active Directory Single Sign-On
- OneLogin Single Sign-On
- Okta Single Sign-On
- ADFS SSO to Tencent Cloud
- Implementing OIDC-Based Role-Based SSO
- Access Key
- User Groups
- Role
- Policies
- Troubleshooting
- Permissions Boundary
- Downloading Security Analysis Report
- CAM-Enabled Role
- Overview
- Compute
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- CAM-Enabled API
- Overview
- Compute
- Edge Computing
- Container
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Endpoint Security
- Data Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Natural Language Processing
- Middleware
- Communication
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- More
- Best Practice
- Security Best Practice
- Multi-Identity Personnel Permission Management
- Authorizing Certain Operations by Tag
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Reviewing Employee Operation Records on Tencent Cloud
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- During tag-based authentication, only tag key matching is supported
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- Authorizing Sub-account Full Access to COS Resources under the Account
- Authorizing Sub-account Full Access to Specific Directory
- Authorizing Sub-account Read-only Access to Files in Specific Directory
- Authorizing Sub-account Read/Write Access to Specific File
- Authorizing Sub-account Read-only Access to COS Resources
- Authorizing a Sub-account Read/Write Access to All Files in Specified Directory Except Specified Files
- Authorizing Sub-account Read/Write Access to Files with Specified Prefix
- Authorizing Another Account Read/Write Access to Specific Files
- Authorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
- CVM
- Authorizing Sub-account Full Access to CVMs
- Authorizing Sub-account Read-only Access to CVMs
- Authorizing Sub-account Read-only Access to CVM-related Resources
- Authorizing Sub-account Access to Perform Operations on CBSs
- Authorizing Sub-account Access to Perform Operations on Security Groups
- Authorizing Sub-account Access to Perform Operations on EIPs
- Authorizing Sub-account Access to Perform Operations on Specific CVM
- Authorizing Sub-account Access to Perform Operations on CVMs in Specific Region
- Authorizing Sub-account Full Access to CVMs Except Payment
- VPC
- Authorizing Sub-account Read-only Access to VPCs
- Authorizing Sub-account Access to Perform Operations on Specific VPC and Resources of This VPC
- Authorizing Sub-account Access to Perform Operations on VPC Except on Routing Table
- Authorizing Sub-account Access to Perform Operations on VPN
- Authorizing Sub-account Full Access to VPCs
- Authorizing a Sub-account Full Access to VPCs Except Payment
- VOD
- Others
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- User APIs
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSafeAuthFlagColl
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- FAQs
- Glossary
- Product Introduction
- Purchase Guide
- Getting Started
- User Guide
- Overview
- Users
- Identity Provider
- SSO Overview
- Practical Scenarios for SSO
- User-Based SSO
- Role-Based SSO
- Overview
- Overview of SAML Role-Based SSO
- Overview of OIDC Role-Based Single Sign-On
- SAML 2.0-Based Federation
- Accessing Tencent Cloud Console as SAML 2.0 Federated Users
- Creating a SAML IdP
- Creating an OIDC Identity Provider
- Managing IdPs
- Azure Active Directory Single Sign-On
- OneLogin Single Sign-On
- Okta Single Sign-On
- ADFS SSO to Tencent Cloud
- Implementing OIDC-Based Role-Based SSO
- Access Key
- User Groups
- Role
- Policies
- Troubleshooting
- Permissions Boundary
- Downloading Security Analysis Report
- CAM-Enabled Role
- Overview
- Compute
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- CAM-Enabled API
- Overview
- Compute
- Edge Computing
- Container
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Endpoint Security
- Data Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Natural Language Processing
- Middleware
- Communication
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- More
- Best Practice
- Security Best Practice
- Multi-Identity Personnel Permission Management
- Authorizing Certain Operations by Tag
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Reviewing Employee Operation Records on Tencent Cloud
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- During tag-based authentication, only tag key matching is supported
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- Authorizing Sub-account Full Access to COS Resources under the Account
- Authorizing Sub-account Full Access to Specific Directory
- Authorizing Sub-account Read-only Access to Files in Specific Directory
- Authorizing Sub-account Read/Write Access to Specific File
- Authorizing Sub-account Read-only Access to COS Resources
- Authorizing a Sub-account Read/Write Access to All Files in Specified Directory Except Specified Files
- Authorizing Sub-account Read/Write Access to Files with Specified Prefix
- Authorizing Another Account Read/Write Access to Specific Files
- Authorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
- CVM
- Authorizing Sub-account Full Access to CVMs
- Authorizing Sub-account Read-only Access to CVMs
- Authorizing Sub-account Read-only Access to CVM-related Resources
- Authorizing Sub-account Access to Perform Operations on CBSs
- Authorizing Sub-account Access to Perform Operations on Security Groups
- Authorizing Sub-account Access to Perform Operations on EIPs
- Authorizing Sub-account Access to Perform Operations on Specific CVM
- Authorizing Sub-account Access to Perform Operations on CVMs in Specific Region
- Authorizing Sub-account Full Access to CVMs Except Payment
- VPC
- Authorizing Sub-account Read-only Access to VPCs
- Authorizing Sub-account Access to Perform Operations on Specific VPC and Resources of This VPC
- Authorizing Sub-account Access to Perform Operations on VPC Except on Routing Table
- Authorizing Sub-account Access to Perform Operations on VPN
- Authorizing Sub-account Full Access to VPCs
- Authorizing a Sub-account Full Access to VPCs Except Payment
- VOD
- Others
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- User APIs
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSafeAuthFlagColl
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- FAQs
- Glossary
Elasticsearch Service
最終更新日:2024-04-30 09:20:27
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| Elasticsearch Service | es | Supported | Supported | Resource level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AddCVMInstancesOfCollector | add cvm instance for a collector | Resource level | qcs::${ApiModule}:${region}:uin/${uin}:collector/${CollectorId} | Supported |
| AddForceMergeTask | Add force merge task | Operation level | * | Supported |
| CancelEsClusterTask | Cancel Es Cluster Task | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| CreateCollector | create collector | Operation level | * | Supported |
| CreateCosMigrateToServerlessInstance | CreateCosMigrateToServerlessInstance | Resource level | qcs::es:${Region}:uin/${uin}:instance/${ServerlessId} | Supported |
| CreateDSLBlockTask | Create Cluster DSL Block Task | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| CreateIndex | CreateIndex | Resource level | qcs::es:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| CreateIndexKibanaPattern | Create Index Kibana Pattern | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| CreateIndexMetaFieldToJson | Create Index Meta Field To Json | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| CreateIndexMetaJsonToField | Create Index Meta Json To Field | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| CreateIndexMigrateToNewSpace | Create Index Migrate To NewSpace | Resource level | qcs::es:${region}:uin/${uin}:index/${ServerlessId} | Supported |
| CreateInstance | Create an ES cluster instance | Operation level | * | not supported |
| CreateInstanceLogExport | Create instance log export | Operation level | * | Supported |
| CreateLogstashInstance | Create logstash instance | Operation level | * | not supported |
| CreateMappingsFromSample | Create Mappings From Sample | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| CreateOperationDurationEvent | create operation duration event | Operation level | * | not supported |
| CreateOrUpdateServerlessWatcher | CreateOrUpdateServerlessWatcher | Resource level | qcs::es:${region}:uin/${uin}:space/${SpaceId} | Supported |
| CreateServerlessDi | Create Serverless Di | Resource level | qcs::es:${region}:uin/${uin}:index/${ServerlessId} | Supported |
| CreateServerlessInstance | Create Serverless Index | Operation level | * | Supported |
| CreateServerlessInstanceUser | CreateServerlessInstanceUser | Resource level | qcs::es:${region}:uin/${uin}:index/${InstanceId} | Supported |
| CreateServerlessSpace | create Serverless Space of Index | Operation level | * | Supported |
| CreateServerlessSpaceUser | Create a serverless space user | Resource level | qcs::es:${region}:uin/${uin}:space/${SpaceId} | Supported |
| CreateServerlessSpaceV2 | create new Serverless Space | Operation level | * | Supported |
| CreateTradeSignAuth | create sign auth for trade | Operation level | * | not supported |
| DeleteCVMInstancesOfCollector | delete cvm instance of a collector | Resource level | qcs::${ApiModule}:${region}:uin/${uin}:collector/${CollectorId} | Supported |
| DeleteClusterSnapshot | Delete Cluster Snapshot | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| DeleteCollector | delete collector | Resource level | qcs::${ApiModule}:${region}:uin/${uin}:collector/${CollectorId} | Supported |
| DeleteDSLBlockTask | Delete DSL Block Task | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| DeleteIndex | DeleteIndex | Resource level | qcs::es:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DeleteInstance | Delete an ES cluster instance | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| DeleteLogstashInstance | Delete logstash instance | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| DeleteLogstashPipelines | Delete logstash pipelines | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| DeleteServerlessDi | Delete Serverless Di | Resource level | qcs::es:${region}:uin/${uin}:index/${ServerlessId} | Supported |
| DeleteServerlessInstance | delete serverlessIndex | Resource level | qcs::${ApiModule}:${Region}:uin/:index/${InstanceId} | Supported |
| DeleteServerlessInstanceUser | DeleteServerlessInstanceUser | Resource level | qcs::es:${region}:uin/${uin}:index/${InstanceId} | Supported |
| DeleteServerlessSpace | Delete ServerlessSpace | Resource level | qcs::es:${region}:uin/${uin}:space/${SpaceId} | Supported |
| DeleteServerlessSpaceUser | Delete a serverless space user | Resource level | qcs::es:${region}:uin/${uin}:space/${SpaceId} | Supported |
| DeleteServerlessWatcher | DeleteServerlessWatcher | Resource level | qcs::es:${region}:uin/${uin}:space/${SpaceId} | Supported |
| MarkCosMigrateTask | MarkCosMigrateTask | Operation level | * | Supported |
| MigrateEsInstance | Migrate ES Instance from one zone to another zone | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| ModifyEsVipSecurityGroup | Modify ES cluster security group | Resource level | qcs::es:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| ModifyInstanceEsVipStatus | modify instance es vip rs status | Resource level | qcs::es:${region}:uin/${uin}:instanceId/${InstanceId} | Supported |
| PrepayInstanceTransferToPost | Convert prepaid instance to postpaid. | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| ReinstallCollector | reinstall collecotr | Resource level | qcs::${ApiModule}:${region}:uin/${uin}:collector/${CollectorId} | Supported |
| RestartCollector | restart collector | Resource level | qcs::${ApiModule}:${region}:uin/${uin}:collector/${CollectorId} | Supported |
| RestartInstance | Restart an ES cluster instance | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| RestartKibana | Restart kibana nodes of ES cluster | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| RestartLogstashInstance | Restart logstash instance | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| RestartNodes | Restart nodes of ES Cluster | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| RestoreClusterSnapshot | Restore Cluster Snapshot | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| SaveAndDeployLogstashPipeline | Save and deploy logstash pipelines | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| SendVerificationCode | SendVerificationCode | Resource level | qcs::es:${region}:uin/${uin}:space/${SpaceId} | Supported |
| StartCollector | start collector | Resource level | qcs::${ApiModule}:${region}:uin/${uin}:collector/${CollectorId} | Supported |
| StartLogstashPipelines | Start logstash pipelines | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| StopCollector | stop collector | Resource level | qcs::${ApiModule}:${region}:uin/${uin}:collector/${CollectorId} | Supported |
| StopLogstashPipelines | Stop logstash pipelines | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| UpdateAuditLogStatus | Update AuditLog Status | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| UpdateCollector | update beats collector | Resource level | qcs::${ApiModule}:${region}:uin/${uin}:collector/${CollectorId} | Supported |
| UpdateCollectorName | update collector\'s name | Resource level | qcs::${ApiModule}:${region}:uin/${uin}:collector/${CollectorId} | Supported |
| UpdateDSLBlockTask | Update DSL Block Task | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| UpdateDiagnoseSettings | this interface(UpdateDiagnoseSettings) use to update diagnose settings | Resource level | qcs::${ApiModule}:${Region}:uin/:instance/${InstanceId} | Supported |
| UpdateDictionaries | this interface(UpdateDictionaries) use to update dictionaries | Resource level | qcs::${ApiModule}:${Region}:uin/:instance/${InstanceId} | Supported |
| UpdateDns | Update Dns | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| UpdateForceMergeTask | Update force merge task | Operation level | * | Supported |
| UpdateIndex | UpdateIndex | Resource level | qcs::es:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| UpdateIndexMetaFieldToJson | Update Index Meta Field To Json | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| UpdateIndexMetaJsonToField | Update Index Meta Json To Field | Resource level | qcs::es::uin/${uin}:InstanceId/${InstanceId} | not supported |
| UpdateInstance | Update an ES cluster instance | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| UpdateInstancePublicAccess | Update ES Instance Kibana And Cerebro Public Access | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| UpdateInternal | Update Internal | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| UpdateJdk | Update Jdk config | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| UpdateLogstashInstance | Update logstash instance | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| UpdateNodesStatus | Used to start or shut down the node | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| UpdatePlugins | Update an ES cluster\\\'s plugins | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| UpdateRequestTargetNodeTypes | Update the target node types of es vip | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| UpdateServerlessDi | Update Serverless Di | Resource level | qcs::es:${region}:uin/${uin}:index/${ServerlessId} | Supported |
| UpdateServerlessInstance | Update ServerlessInstance | Resource level | qcs::${ApiModule}:${Region}:uin/:index/${InstanceId} | Supported |
| UpdateServerlessInstanceUser | UpdateServerlessInstanceUser | Resource level | qcs::es:${region}:uin/${uin}:index/${InstanceId} | Supported |
| UpdateServerlessSpace | Update ServerlessSpace | Resource level | qcs::es:${region}:uin/${uin}:space/${SpaceId} | Supported |
| UpdateServerlessSpaceUser | Update a serverless space user | Resource level | qcs::es:${region}:uin/${uin}:space/${SpaceId} | Supported |
| UpdateServerlessWatcher | UpdateServerlessWatcher | Resource level | qcs::es:${region}:uin/${uin}:space/${SpaceId} | Supported |
| UpdateUserBundles | Update user bundles | Resource level | qcs::${ApiModule}:${Region}:uin/:instance/${InstanceId} | Supported |
| UpgradeInstance | UpgradeInstance | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| UpgradeLicense | Upgrade an ES cluster\'s X-Pack license | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CheckClusterName | use to check cluster name valid or repeat | Operation level | * | not supported |
| CheckCreateIndex | Check index with creating | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| CheckForceRestart | check force restart | Operation level | * | not supported |
| CheckOperation | check operation is valid for scale in or restart | Operation level | * | not supported |
| CheckScaleUpgrade | check scale or upgrade is valid | Operation level | * | not supported |
| CheckUpdateInstance | check update instance is valid | Operation level | * | not supported |
| CountCollectors | get collector\\\'s count | Resource level | qcs::${ApiModule}:${region}:uin/${uin}:collector/${CollectorId} | Supported |
| DescribeApmSearch | search for apm | Operation level | * | not supported |
| DescribeAuditLogStatus | Describe AuditLog Status | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| DescribeCVMInstancesOfCollector | Get the dispatched cvm instances of the collector | Resource level | qcs::es:${region}:uin/${uin}:collector/${CollectorId} | Supported |
| DescribeCVMInstancesOfSameCollector | get collector\'s cvm of a very type | Resource level | qcs::${ApiModule}:${region}:uin/${uin}:collector/${CollectorId} | not supported |
| DescribeClientIp | get user ip | Operation level | * | Supported |
| DescribeDiagnose | this interface(DescribeDiagnose) use to query diagnose | Resource level | qcs::${ApiModule}:${Region}:uin/:instance/${InstanceId} | not supported |
| DescribeDiagnoseStats | describe diagnose stats for intelligence operations | Resource level | qcs::es::uin/${uin}:InstanceId/${InstanceId} | not supported |
| DescribeForceMergeTask | Query the list of added forcemerge tasks | Operation level | * | Supported |
| DescribeIndexList | DescribeIndexList | Resource level | qcs::es:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeIndexLogs | DescribeIndexLogs | Resource level | qcs::${ApiModule}:${Region}:uin/:instance/${InstanceId} | Supported |
| DescribeIndexMeta | DescribeIndexMeta | Resource level | qcs::es:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeIndexOperations | DescribeIndexOperations | Resource level | qcs::${ApiModule}:${Region}:uin/:instance/${InstanceId} | Supported |
| DescribeIndices | describe index mode | Operation level | * | not supported |
| DescribeInstanceBundleList | this interface(DescribeInstanceBundleList) use to query instance bundle list | Resource level | qcs::${ApiModule}:${Region}:uin/:instance/${InstanceId} | not supported |
| DescribeInstanceLogExportIndex | Obtain the logs and export them to serverless | Operation level | * | Supported |
| DescribeInstanceLogs | Describes ES cluster\'s logs | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| DescribeInstanceOperations | Describe ES cluster\'s activity records | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| DescribeInstancePluginList | get the plugin list of a es cluster | Resource level | qcs::${ApiModule}:${Region}:uin/:instance/${InstanceId} | not supported |
| DescribeInstanceUpgradePlanList | describe instance upgrade plan list | Operation level | * | not supported |
| DescribeKibanaTools | embed kibana | Resource level | qcs::es:${region}:uin/${uin}:index/${InstanceId} | Supported |
| DescribeKibanaUrl | describe kibana url | Operation level | * | not supported |
| DescribeLogstashInstanceLogs | Query logs of logstash instance | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| DescribeLogstashInstanceOperations | Query operations of logstash instance | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| DescribeLogstashPipelines | Query list of logstash pipelines | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| DescribeLogstashViews | DescribeLogstashViews | Operation level | * | not supported |
| DescribeNodes | Used to query the cluster node list, including: node IP, node ID, node type and other information | Resource level | qcs::es:${region}:uin/${uin}:instance/${InstanceId} | not supported |
| DescribeOperationDurationEvent | Describe Operation Duration Event | Operation level | * | not supported |
| DescribeRegions | describe regions for es support | Operation level | * | not supported |
| DescribeSecurityGroupBindEs | describe Security Group Bind Es | Operation level | * | not supported |
| DescribeServerlessDi | Describe Serverless Di | Resource level | qcs::es:${region}:uin/${uin}:index/${ServerlessId} | Supported |
| DescribeServerlessInstanceMeta | Describe ServerlessInstanceMeta | Resource level | qcs::${ApiModule}:${Region}:uin/:index/${InstanceId} | Supported |
| DescribeServerlessInstanceOperation | Describe ServerlessInstance Operation | Resource level | qcs::${ApiModule}:${Region}:uin/:index/${InstanceId} | Supported |
| DescribeServerlessInstanceUsers | DescribeServerlessInstanceUsers | Resource level | qcs::es:${region}:uin/${uin}:index/${InstanceId} | Supported |
| DescribeServerlessInstances | describe serverlessInstance List | Resource level | qcs::es:${region}:uin/${uin}:index/${InstanceId} | Supported |
| DescribeServerlessMappingFields | DescribeServerlessMappingFields | Operation level | * | Supported |
| DescribeServerlessSpaceOperations | ServerlessSpace describe space operation | Resource level | qcs::es:${region}:uin/${uin}:space/${SpaceId} | Supported |
| DescribeServerlessSpaceUser | Describe a serverless space user | Resource level | qcs::es:${region}:uin/${uin}:space/${SpaceId} | Supported |
| DescribeServerlessSpaces | describe ServerlessSpace List | Resource level | qcs::es:${region}:uin/${uin}:space/${InstanceId} | Supported |
| DescribeServerlessWatchers | DescribeServerlessWatchers | Resource level | qcs::es:${region}:uin/${uin}:space/${SpaceId} | Supported |
| DescribeSpaceDomain | Describe a serverless space domain | Resource level | qcs::es:${Region}:uin/${uin}:space/${SpaceId}, | Supported |
| DescribeSpaceKibanaTools | Obtain the token required for space embed kibana | Resource level | qcs::es:${region}:uin/${uin}:space/${SpaceId} | Supported |
| DescribeUpgrade | Describe Upgrade | Operation level | * | not supported |
| DescribeUserCosSnapshotList | DescribeUserCosSnapshotList | Operation level | * | Supported |
| DescribeUserCosSnapshotTaskList | DescribeUserCosSnapshotTaskList | Resource level | qcs::es:${Region}:uin/${uin}:instance/${InstanceId} | Supported |
| DescribeUserIndexMigrateStatus | DescribeUserIndexMigrateStatus | Operation level | * | Supported |
| DescribeViews | Describe instance view info, include cluster/node/kibana | Resource level | qcs::${ApiModule}:${Region}:uin/:instance/${InstanceId} | not supported |
| DiagnoseInstance | diagnose ES Instance Intelligently | Resource level | qcs::es:${region}:uin/${uin}:instance/${InstanceId} | Supported |
| DownloadCerts | Download es instance certificate | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| GenDiCollectorRule | GenDiCollectorRule | Operation level | * | Supported |
| GetClientIp | get client ip | Operation level | * | Supported |
| GetClusterMetric | get cluster metric for es instance | Resource level | qcs::${ApiModule}:${Region}:uin/:instance/${InstanceId} | not supported |
| GetCosMonitorData | this interface(GetCosMonitorData) use to query cos monitor data | Resource level | qcs::${ApiModule}:${Region}:uin/:instance/${InstanceId} | Supported |
| GetDiCollectorSetting | GetDiCollectorSetting | Operation level | * | Supported |
| GetDiagnoseSettings | Get diagnose settings | Operation level | * | not supported |
| GetFederationToken | Get federation token | Operation level | * | not supported |
| GetInstanceUpdateMode | get instance update mode | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| GetNodesMetric | get es cluster nodes metric | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| GetRequestTargetNodeTypes | Get the target node types of es vip | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | Supported |
| GetTaskFlow | Get task process information | Resource level | qcs::es:${Region}:uin/${uin}:instance/${InstanceId} | Supported |
| InquirePriceCreateInstance | Inquire Price CreateInstance | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| InquirePriceRenewInstance | inquire instance price when renew instance | Resource level | qcs::${ApiModule}:${Region}:uin/:instance/${InstanceId} | Supported |
| ListEsClusterTask | List Es Cluster Task | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| PredictCluster | Predict Cluster | Operation level | * | not supported |
| PredictInstance | Predict Instance | Operation level | * | not supported |
| QueryRegionZone | Query Region Zone | Operation level | * | not supported |
| QueryZoneResource | Query zone resource | Operation level | * | not supported |
| SearchServerlessData | Internal interface for obtaining serverless index data | Resource level | qcs::es:${region}:uin/${uin}:index/${ServerlessId} | Supported |
| SearchServerlessInstance | Search Serverless Instance data | Resource level | qcs::es:${region}:uin/${uin}:index/${ServerlessId} | Supported |
| SmartAdvisorManage | ES Smart Advisor Manage | Resource level | qcs::es:${Region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
Other Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CheckMigrateIndexMetaData | CheckMigrateIndexMetaData | Resource level | qcs::es:${Region}:uin/${uin}:instance/${ServerlessId} | Supported |
| NotifyEsServerless | NotifyEsServerless | Operation level | * | Supported |
| RenewInstance | Renew the specified ES cluster instance by year and month | Resource level | qcs::${ApiModule}:${Region}:uin/:instance/${InstanceId} | Supported |
| RenewLogstashInstance | Renew the specified Logstash monthly subscription instance | Resource level | qcs::${ApiModule}:${Region}:uin/:logstash/${InstanceId} | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeClusterSnapshot | Describe Cluster Snapshot List | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| DescribeCollectors | Get the list of collectors | Resource level | qcs::${ApiModule}:${region}:uin/${uin}:collector/${CollectorId} | not supported |
| DescribeDSLBlockTask | Describe Cluster DSL Block Task | Resource level | qcs::es:${region}:uin/${uin}:InstanceId/${InstanceId} | not supported |
| DescribeInstances | Query all eligible instances | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | not supported |
| DescribeInstancesOverview | Get the overview info of all es clusters | Resource level | qcs::es:${region}:uin/${uin}:instance/${instanceId} | not supported |
| DescribeLogstashInstances | Get the list of logstash instances | Resource level | qcs::es:${region}:uin/${uin}:instance/$instanceId | not supported |
はい
いいえ
この記事はお役に立ちましたか?