IBM Cloud Docs
分配对目录的访问权

分配对目录的访问权

作为帐户所有者,您将根据用户正在执行的任务向其分配特定目录管理访问权。 要简化分配访问权的过程,您可以使用访问组将一组用户组织到单个实体中。 这样,您可以一次性将单个策略分配给组,然后根据需要在组中添加或除去用户。

有关更多详细信息,请参阅 在 IBM Cloud中管理访问权

在控制台中设置访问组

请参阅以下部分,以获取有关创建访问组以及向每个访问组分配特定 IAM 策略的详细信息。

控制台管理员权限

需要管理员访问权才能将帐户级别过滤器设置为 IBM Cloud 目录。

  1. 登录到 IBM Cloud 帐户。
  2. 转至 IBM Cloud 控制台中的 管理 > 访问 (IAM) > 访问组
  3. 单击创建
  4. 输入 private-catalog-admins 作为组名,然后单击 创建
  5. 点击 “访问”> “分配访问权限”。
  6. 从服务列表中选择 目录管理
  7. 选择您希望用户访问的目录。
  8. 在“平台访问”部分,选择 “管理员”角色
  9. 单击 添加 > 分配

控制台中的编辑权限

需要编辑者访问权才能创建专用目录,在专用目录级别设置过滤器,将软件添加到专用目录以及更新,废弃和复原软件。

  1. 转至 访问组,然后单击 创建
  2. 输入 private-catalog-editors 作为组名,然后单击 创建
  3. 点击 “访问”> “分配访问权限”。
  4. 从服务列表中选择 目录管理
  5. 选择您希望用户访问的目录。
  6. 在“平台访问”部分,选择 “编辑”角色
  7. 单击添加
  8. 从服务列表中选择 Kubernetes Service
  9. 选择集群,然后选择 管理员管理者 角色。
  10. 单击添加
  11. 从服务列表中选择 Schematics
  12. 选择经理角色
  13. 单击 添加 > 分配

控制台中的查看器访问权限

查看专用目录,已过滤的 IBM Cloud 目录以及过滤器设置需要查看者访问权。

  1. 转至 访问组,然后单击 创建
  2. 输入 private-catalog-viewers 作为组名,然后单击 创建
  3. 点击 “访问”> “分配访问权限”。
  4. 从服务列表中选择 目录管理
  5. 选择您希望用户访问的目录。
  6. 在“平台访问权”部分中,选择 查看者 角色。
  7. 单击 添加 > 分配

您还需要对专用目录所分配到的资源组具有查看者访问权。 完成创建专用目录的步骤时,可以将专用目录分配给资源组。 有关更多信息,请参阅 为所有帐户用户定制 IBM Cloud 目录

要分配对专用目录的资源组的查看者访问权,请执行以下步骤:

  1. 转至 用户 并选择用户。
  2. 选择访问权限 > 分配访问权限
  3. 从服务列表中选择 所有启用身份和访问权的服务
  4. 根据所选属性确定对 特定资源 的访问范围,然后选择专用目录资源组。
  5. 对于“平台”访问权,请选择 查看者 角色。
  6. 单击 添加 > 分配

在控制台中向访问组添加用户

设置访问组后,请完成以下步骤以将用户添加到组:

  1. 转至 用户,然后单击 邀请用户
  2. 指定用户的电子邮件地址。 如果是使用单个邀请来邀请多个用户,那么将为所有用户分配相同的访问权。
  3. 选择您先前创建的三个访问组之一,然后单击 添加 > 邀请
  4. 重复这些步骤以将用户添加到其他访问组。

或者,您可以通过向访问组添加可信概要文件来授予用户访问权。 有关更多信息,请参阅 什么是好的可信概要文件策略?创建可信概要文件

使用CLI设置访问组

要分配访问权,请运行 ibmcloud iam user-policy-create 命令。

使用CLI进行管理员访问

运行以下命令以分配管理员访问权:

ibmcloud iam user-policy-create USER_NAME --roles Administrator --service-name globalcatalog-collection

使用CLI编辑访问

运行以下命令以分配编辑者访问权:

ibmcloud iam user-policy-create USER_NAME --roles Editor --service-name globalcatalog-collection

使用CLI访问查看器

运行以下命令以设置查看者访问权:

ibmcloud iam user-policy-create USER_NAME --roles Viewer --service-name globalcatalog-collection

使用 CLI 将用户添加到访问组

要使用 CLI 将用户添加到访问组,请运行 ibmcloud iam access-group-user-add 命令。

ibmcloud iam access-group-user-add GROUP_NAME USER_NAME [USER_NAME2...]

例如,以下命令将用户 name@example.com 添加到 example_group 访问组。

ibmcloud iam access-group-user-add example_group name@example.com

或者,您可以通过向访问组添加可信概要文件来授予用户访问权。 有关更多信息,请参阅 什么是好的可信概要文件策略?创建可信概要文件

使用API设置访问组

要分配访问权,请调用 IAM 策略管理 API,如以下示例中所示。 将 role_id vaiable 替换为要分配的角色: ViewerEditorAdministrator

curl -X POST 'https://iam.cloud.ibm.com/v1/policies' -H 'Authorization: Bearer $TOKEN' -H 'Content-Type: application/json' -d '{
  "type": "access",
  "description": "Editor role for SERVICE_NAME RESOURCE_NAME",
  "subjects": [
    {
      "attributes": [
        {
          "name": "iam_id",
          "value": "IBMid-123453user"
        }
      ]
    }
  ],
  "roles":[
    {
      "role_id": "crn:v1:bluemix:public:iam::::role:Editor"
    }
  ],
  "resources":[
    {
      "attributes": [
        {
          "name": "accountId",
          "value": "$ACCOUNT_ID"
        },
        {
          "name": "serviceName",
          "value": "$SERVICE_NAME"
        },
        {
          "name": "resource",
          "value": "$RESOURCE_NAME",
          "operator": "stringEquals"
        }
      ]
    }
  ]
}'
SubjectAttribute subjectAttribute = new SubjectAttribute.Builder()
        .name("iam_id")
        .value(EXAMPLE_USER_ID)
        .build();

PolicySubject policySubjects = new PolicySubject.Builder()
        .addAttributes(subjectAttribute)
        .build();

PolicyRole policyRoles = new PolicyRole.Builder()
        .roleId("crn:v1:bluemix:public:iam::::role:Viewer")
        .build();

ResourceAttribute accountIdResourceAttribute = new ResourceAttribute.Builder()
        .name("accountId")
        .value(exampleAccountId)
        .operator("stringEquals")
        .build();

ResourceAttribute serviceNameResourceAttribute = new ResourceAttribute.Builder()
        .name("serviceType")
        .value("service")
        .operator("stringEquals")
        .build();

ResourceTag policyResourceTag = new ResourceTag.Builder()
        .name("project")
        .value("prototype")
        .operator("stringEquals")
        .build();

PolicyResource policyResources = new PolicyResource.Builder()
        .addAttributes(accountIdResourceAttribute)
        .addAttributes(serviceNameResourceAttribute)
        .addTags(policyResourceTag)
        .build();

CreatePolicyOptions options = new CreatePolicyOptions.Builder()
        .type("access")
        .subjects(Arrays.asList(policySubjects))
        .roles(Arrays.asList(policyRoles))
        .resources(Arrays.asList(policyResources))
        .build();

Response<Policy> response = service.createPolicy(options).execute();
Policy policy = response.getResult();

System.out.println(policy);
const policySubjects = [
  {
    attributes: [
      {
        name: 'iam_id',
        value: exampleUserId,
      },
    ],
  },
];
const policyRoles = [
  {
    role_id: 'crn:v1:bluemix:public:iam::::role:Viewer',
  },
];
const accountIdResourceAttribute = {
  name: 'accountId',
  value: exampleAccountId,
  operator: 'stringEquals',
};
const serviceNameResourceAttribute = {
  name: 'serviceType',
  value: 'service',
  operator: 'stringEquals',
};
const policyResourceTag = {
  name: 'project',
  operator: 'stringEquals',
  value: 'prototype',
};
const policyResources = [
  {
    attributes: [accountIdResourceAttribute, serviceNameResourceAttribute],
    tags: [policyResourceTag],
  },
];
const params = {
  type: 'access',
  subjects: policySubjects,
  roles: policyRoles,
  resources: policyResources,
};

iamPolicyManagementService.createPolicy(params)
  .then(res => {
    examplePolicyId = res.result.id;
    console.log(JSON.stringify(res.result, null, 2));
  })
  .catch(err => {
    console.warn(err)
  });
policy_subjects = PolicySubject(
  attributes=[SubjectAttribute(name='iam_id', value=example_user_id)])
policy_roles = PolicyRole(
  role_id='crn:v1:bluemix:public:iam::::role:Viewer')
account_id_resource_attribute = ResourceAttribute(
  name='accountId', value=example_account_id)
service_name_resource_attribute = ResourceAttribute(
  name='serviceType', value='service')
policy_resource_tag = ResourceTag(
  name='project', value='prototype')
policy_resources = PolicyResource(
  attributes=[account_id_resource_attribute,
        service_name_resource_attribute],
  tags=[policy_resource_tag])

policy = iam_policy_management_service.create_policy(
  type='access',
  subjects=[policy_subjects],
  roles=[policy_roles],
  resources=[policy_resources]
).get_result()

print(json.dumps(policy, indent=2))
subjectAttribute := &iampolicymanagementv1.SubjectAttribute{
  Name:  core.StringPtr("iam_id"),
  Value: &exampleUserID,
}
policySubjects := &iampolicymanagementv1.PolicySubject{
  Attributes: []iampolicymanagementv1.SubjectAttribute{*subjectAttribute},
}
policyRoles := &iampolicymanagementv1.PolicyRole{
  RoleID: core.StringPtr("crn:v1:bluemix:public:iam::::role:Viewer"),
}
accountIDResourceAttribute := &iampolicymanagementv1.ResourceAttribute{
  Name:     core.StringPtr("accountId"),
  Value:    core.StringPtr(exampleAccountID),
  Operator: core.StringPtr("stringEquals"),
}
serviceNameResourceAttribute := &iampolicymanagementv1.ResourceAttribute{
  Name:     core.StringPtr("serviceType"),
  Value:    core.StringPtr("service"),
  Operator: core.StringPtr("stringEquals"),
}
policyResourceTag := &iampolicymanagementv1.ResourceTag{
  Name:     core.StringPtr("project"),
  Value:    core.StringPtr("prototype"),
  Operator: core.StringPtr("stringEquals"),
}
policyResources := &iampolicymanagementv1.PolicyResource{
  Attributes: []iampolicymanagementv1.ResourceAttribute{
    *accountIDResourceAttribute, *serviceNameResourceAttribute},
  Tags: []iampolicymanagementv1.ResourceTag{*policyResourceTag},
}

options := iamPolicyManagementService.NewCreatePolicyOptions(
  "access",
  []iampolicymanagementv1.PolicySubject{*policySubjects},
  []iampolicymanagementv1.PolicyRole{*policyRoles},
  []iampolicymanagementv1.PolicyResource{*policyResources},
)

policy, response, err := iamPolicyManagementService.CreatePolicy(options)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(policy, "", "  ")
fmt.Println(string(b))

设置访问预期响应

{
  "id": "12345678-abcd-1a2b-a1b2-1234567890ab",
  "type": "access",
  "description": "Viewer role access for all instances of SERVICE_NAME in the account.",
  "subjects": [
    {
      "attributes": [
        {
          "name": "iam_id",
          "value": "IBMid-123453user"
        }
      ]
    }
  ],
  "roles": [
    {
      "roles_id": "crn:v1:bluemix:public:iam::::role:Viewer"
    }
  ],
  "resources": [
    {
      "attributes": [
        {
          "name": "accountId",
          "value": "ACCOUNT_ID",
          "operator": "stringEquals"
        },
        {
          "name": "serviceName",
          "value": "SERVICE_NAME",
          "operator": "stringEquals"
        }
      ]
    },
    {
      "tags": [
        {
          "name": "project",
          "value": "moonshot",
          "operator": "stringEquals"
        },
        {
          "name": "pipeline",
          "value": "test",
          "operator": "stringEquals"
        }
      ]
    }
  ],
  "href": "https://iam.cloud.ibm.com/v1/policies/12345678-abcd-1a2b-a1b2-1234567890ab",
  "created_at": "2018-08-30T14:09:09.907Z",
  "created_by_id": "USER_ID",
  "last_modified_at": "2018-08-30T14:09:09.907Z",
  "last_modified_by_id": "USER_ID",
  "state": "active"
}
{
  "id": "12345678-abcd-1a2b-a1b2-1234567890ab",
  "type": "access",
  "description": "Viewer role access for all instances of SERVICE_NAME in the account.",
  "subjects": [
    {
      "attributes": [
        {
          "name": "iam_id",
          "value": "IBMid-123453user"
        }
      ]
    }
  ],
  "roles": [
    {
      "roles_id": "crn:v1:bluemix:public:iam::::role:Viewer"
    }
  ],
  "resources": [
    {
      "attributes": [
        {
          "name": "accountId",
          "value": "ACCOUNT_ID",
          "operator": "stringEquals"
        },
        {
          "name": "serviceName",
          "value": "SERVICE_NAME",
          "operator": "stringEquals"
        }
      ]
    },
    {
      "tags": [
        {
          "name": "project",
          "value": "moonshot",
          "operator": "stringEquals"
        },
        {
          "name": "pipeline",
          "value": "test",
          "operator": "stringEquals"
        }
      ]
    }
  ],
  "href": "https://iam.cloud.ibm.com/v1/policies/12345678-abcd-1a2b-a1b2-1234567890ab",
  "created_at": "2018-08-30T14:09:09.907Z",
  "created_by_id": "USER_ID",
  "last_modified_at": "2018-08-30T14:09:09.907Z",
  "last_modified_by_id": "USER_ID",
  "state": "active"
}
{
  "id": "12345678-abcd-1a2b-a1b2-1234567890ab",
  "type": "access",
  "description": "Viewer role access for all instances of SERVICE_NAME in the account.",
  "subjects": [
    {
      "attributes": [
        {
          "name": "iam_id",
          "value": "IBMid-123453user"
        }
      ]
    }
  ],
  "roles": [
    {
      "roles_id": "crn:v1:bluemix:public:iam::::role:Viewer"
    }
  ],
  "resources": [
    {
      "attributes": [
        {
          "name": "accountId",
          "value": "ACCOUNT_ID",
          "operator": "stringEquals"
        },
        {
          "name": "serviceName",
          "value": "SERVICE_NAME",
          "operator": "stringEquals"
        }
      ]
    },
    {
      "tags": [
        {
          "name": "project",
          "value": "moonshot",
          "operator": "stringEquals"
        },
        {
          "name": "pipeline",
          "value": "test",
          "operator": "stringEquals"
        }
      ]
    }
  ],
  "href": "https://iam.cloud.ibm.com/v1/policies/12345678-abcd-1a2b-a1b2-1234567890ab",
  "created_at": "2018-08-30T14:09:09.907Z",
  "created_by_id": "USER_ID",
  "last_modified_at": "2018-08-30T14:09:09.907Z",
  "last_modified_by_id": "USER_ID",
  "state": "active"
}
{
  "id": "12345678-abcd-1a2b-a1b2-1234567890ab",
  "type": "access",
  "description": "Viewer role access for all instances of SERVICE_NAME in the account.",
  "subjects": [
    {
      "attributes": [
        {
          "name": "iam_id",
          "value": "IBMid-123453user"
        }
      ]
    }
  ],
  "roles": [
    {
      "roles_id": "crn:v1:bluemix:public:iam::::role:Viewer"
    }
  ],
  "resources": [
    {
      "attributes": [
        {
          "name": "accountId",
          "value": "ACCOUNT_ID",
          "operator": "stringEquals"
        },
        {
          "name": "serviceName",
          "value": "SERVICE_NAME",
          "operator": "stringEquals"
        }
      ]
    },
    {
      "tags": [
        {
          "name": "project",
          "value": "moonshot",
          "operator": "stringEquals"
        },
        {
          "name": "pipeline",
          "value": "test",
          "operator": "stringEquals"
        }
      ]
    }
  ],
  "href": "https://iam.cloud.ibm.com/v1/policies/12345678-abcd-1a2b-a1b2-1234567890ab",
  "created_at": "2018-08-30T14:09:09.907Z",
  "created_by_id": "USER_ID",
  "last_modified_at": "2018-08-30T14:09:09.907Z",
  "last_modified_by_id": "USER_ID",
  "state": "active"
}
{
  "id": "12345678-abcd-1a2b-a1b2-1234567890ab",
  "type": "access",
  "description": "Viewer role access for all instances of SERVICE_NAME in the account.",
  "subjects": [
    {
      "attributes": [
        {
          "name": "iam_id",
          "value": "IBMid-123453user"
        }
      ]
    }
  ],
  "roles": [
    {
      "roles_id": "crn:v1:bluemix:public:iam::::role:Viewer"
    }
  ],
  "resources": [
    {
      "attributes": [
        {
          "name": "accountId",
          "value": "ACCOUNT_ID",
          "operator": "stringEquals"
        },
        {
          "name": "serviceName",
          "value": "SERVICE_NAME",
          "operator": "stringEquals"
        }
      ]
    },
    {
      "tags": [
        {
          "name": "project",
          "value": "moonshot",
          "operator": "stringEquals"
        },
        {
          "name": "pipeline",
          "value": "test",
          "operator": "stringEquals"
        }
      ]
    }
  ],
  "href": "https://iam.cloud.ibm.com/v1/policies/12345678-abcd-1a2b-a1b2-1234567890ab",
  "created_at": "2018-08-30T14:09:09.907Z",
  "created_by_id": "USER_ID",
  "last_modified_at": "2018-08-30T14:09:09.907Z",
  "last_modified_by_id": "USER_ID",
  "state": "active"
}

使用 API 将用户添加到访问组

要使用 API 将用户添加到访问组,请调用 IAM 访问组 API,如以下示例中所示。

curl -X PUT -H "Authorization: {iam_token}" -H "Accept: application/json" -H "Content-Type: application/json" -d '{"members": [ {"iam_id": "IBMid-user1", "type": "user"}, {"iam_id": "iam-ServiceId-123", "type": "service"} ]}' "{base_url}/groups/{access_group_id}/members"
AddGroupMembersRequestMembersItem member1 = new AddGroupMembersRequestMembersItem.Builder()
  .iamId("IBMid-user1")
  .type("user")
  .build();
AddGroupMembersRequestMembersItem member2 = new AddGroupMembersRequestMembersItem.Builder()
  .iamId("iam-ServiceId-123")
  .type("service")
  .build();
AddMembersToAccessGroupOptions addMembersToAccessGroupOptions = new AddMembersToAccessGroupOptions.Builder()
  .accessGroupId(testGroupId)
  .addMembers(member1)
  .addMembers(member2)
  .build();
Response<AddGroupMembersResponse> response = service.addMembersToAccessGroup(addMembersToAccessGroupOptions).execute();
AddGroupMembersResponse addGroupMembersResponse = response.getResult();

System.out.println(addGroupMembersResponse);
const groupMember1 = {
  iam_id: 'IBMid-user1',
  type: 'user',
};
const groupMember2 = {
  iam_id: 'iam-ServiceId-123',
  type: 'service',
};
const params = {
  accessGroupId: testGroupId,
  members: [groupMember1, groupMember2],
};

iamAccessGroupsService.addMembersToAccessGroup(params)
  .then(res => {
    console.log(JSON.stringify(res.result, null, 2));
  })
  .catch(err => {
    console.warn(err)
  });
member1 = AddGroupMembersRequestMembersItem(
  iam_id='IBMid-user1', type='user')
member2 = AddGroupMembersRequestMembersItem(
  iam_id='iam-ServiceId-123', type='service')
members = [member1, member2]

add_group_members_response = iam_access_groups_service.add_members_to_access_group(
  access_group_id=test_group_id,
  members=members
).get_result()

print(json.dumps(add_group_members_response, indent=2))
groupMembers := []iamaccessgroupsv2.AddGroupMembersRequestMembersItem{
  iamaccessgroupsv2.AddGroupMembersRequestMembersItem{
    IamID: core.StringPtr("IBMid-user1"),
    Type:  core.StringPtr("user"),
  },
  iamaccessgroupsv2.AddGroupMembersRequestMembersItem{
    IamID: core.StringPtr("iam-ServiceId-123"),
    Type:  core.StringPtr("service"),
  },
}
addMembersToAccessGroupOptions := iamAccessGroupsService.NewAddMembersToAccessGroupOptions(testGroupID)
addMembersToAccessGroupOptions.SetMembers(groupMembers)
addGroupMembersResponse, response, err := iamAccessGroupsService.AddMembersToAccessGroup(addMembersToAccessGroupOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(addGroupMembersResponse, "", "  ")
fmt.Println(string(b))

或者,您可以通过向访问组添加可信概要文件来授予用户访问权。 有关更多信息,请参阅 什么是好的可信概要文件策略?创建可信概要文件

添加用户期望的响应

{
  "members": [
    {
      "iam_id": "$IBM_ID",
      "type": "user",
      "created_at": "2019-01-01T01:01:00Z",
      "created_by_id": "CREATOR_ID",
      "status_code": 200
    },
    {
      "iam_id": "$SERVICE_ID",
      "status_code": 400,
      "trace": "12345678-abcd-1a2b-a1b2-1234567890ab",
      "errors": [
        {
          "code": "error_occurred",
          "message": "The service id is missing or incorrect"
        }
      ]
    }
  ]
}
{
  "members": [
    {
      "iam_id": "$IBM_ID",
      "type": "user",
      "created_at": "2019-01-01T01:01:00Z",
      "created_by_id": "CREATOR_ID",
      "status_code": 200
    },
    {
      "iam_id": "$SERVICE_ID",
      "status_code": 400,
      "trace": "12345678-abcd-1a2b-a1b2-1234567890ab",
      "errors": [
        {
          "code": "error_occurred",
          "message": "The service id is missing or incorrect"
        }
      ]
    }
  ]
}
{
  "members": [
    {
      "iam_id": "$IBM_ID",
      "type": "user",
      "created_at": "2019-01-01T01:01:00Z",
      "created_by_id": "CREATOR_ID",
      "status_code": 200
    },
    {
      "iam_id": "$SERVICE_ID",
      "status_code": 400,
      "trace": "12345678-abcd-1a2b-a1b2-1234567890ab",
      "errors": [
        {
          "code": "error_occurred",
          "message": "The service id is missing or incorrect"
        }
      ]
    }
  ]
}
{
  "members": [
    {
      "iam_id": "$IBM_ID",
      "type": "user",
      "created_at": "2019-01-01T01:01:00Z",
      "created_by_id": "CREATOR_ID",
      "status_code": 200
    },
    {
      "iam_id": "$SERVICE_ID",
      "status_code": 400,
      "trace": "12345678-abcd-1a2b-a1b2-1234567890ab",
      "errors": [
        {
          "code": "error_occurred",
          "message": "The service id is missing or incorrect"
        }
      ]
    }
  ]
}
{
  "members": [
    {
      "iam_id": "$IBM_ID",
      "type": "user",
      "created_at": "2019-01-01T01:01:00Z",
      "created_by_id": "CREATOR_ID",
      "status_code": 200
    },
    {
      "iam_id": "$SERVICE_ID",
      "status_code": 400,
      "trace": "12345678-abcd-1a2b-a1b2-1234567890ab",
      "errors": [
        {
          "code": "error_occurred",
          "message": "The service id is missing or incorrect"
        }
      ]
    }
  ]
}

使用 Terraform 将用户添加到访问组

在使用 Terraform 将用户添加到访问组之前,请确保已完成以下操作:

  • 安装 Terraform CLI 并为 Terraform 配置 IBM Cloud 提供程序插件。 有关更多信息,请参阅 Terraform on IBM Cloud®入门 教程。 该插件对用于完成此任务的 IBM Cloud API 进行抽象。
  • 创建一个名为 main.tf 的Terraform配置文件。 在此文件中,您使用 HashiCorp 配置语言来定义资源。 有关更多信息,请参阅 Terraform 文档

使用以下步骤将用户添加到访问组

  1. 在 Terraform 配置文件中,找到用于 创建访问组 的 Terraform 代码,并记下分配给您的访问组的 access_group_id

  2. 将成员添加到访问组中。

    resource "ibm_iam_access_group_members" "accgroupmem" {
    access_group_id = ibm_iam_access_group.accgroup.id
    ibm_ids = ["test@in.ibm.com"]
    }
    

    有关更多信息,请参阅 Terraform Identity and Access Management(IAM) 页面上的参数参考详细信息。

  3. 完成构建配置文件后,初始化 Terraform CLI。 有关更多信息,请参阅 初始化工作目录

    terraform init
    
  4. main.tf 文件供应资源。 有关更多信息,请参阅 使用 Terraform 供应基础架构

    1. 运行 terraform plan 以生成 Terraform 执行计划来预览建议的操作。

      terraform plan
      
    2. 运行 terraform apply 以创建计划中定义的资源。

      terraform apply