Gérer les permissions pour un snapshot
Vous pouvez partager un snapshot avec un ou plusieurs comptes dans la même Région.
Cette action leur permet de créer un volume ou une OUTSCALE machine image (OMI) à partir de votre snapshot, ou de le copier sur leur compte. Vous restez le propriétaire du snapshot, et pouvez ajouter ou retirer des permissions pour gérer qui peut y accéder. Pour savoir quels comptes ont des permissions pour un snapshot, voir Obtenir des informations sur vos snapshots.
Pour créer une copie indépendante du snapshot source, voir Copier un snapshot dans la même Région ou Tutoriel : Copier un snapshot dans une Région différente.
Gérer les permissions pour un snapshot avec Cockpit v2
-
Dans le dashboard Snapshots, cochez la case du snapshot que vous voulez partager.
Le snapshot est sélectionné. -
Cliquez sur Modifier les permissions.
La boîte de dialogue MODIFIER LES PERMISSIONS D’UN SNAPSHOT apparaît.Une liste des ID de comptes des utilisateurs autorisés à utiliser le snapshot apparaît, le cas échéant.
-
Pour partager le snapshot avec un ou plusieurs utilisateurs, cliquez sur Ajouter et tapez leurs ID séparés par une virgule dans le champ ID du compte partagé.
Pour retirer les permissions à un utilisateur, cliquez sur à côté de son ID.
-
Cliquez sur Modifier.
Le snapshot est partagé avec les utilisateurs que vous avez spécifiés.
Gérer les permissions pour un snapshot avec OSC CLI
À ce jour, cette section est disponible en anglais uniquement. |
The UpdateSnapshot command modifies the permissions for a specified snapshot.
You must specify either the Additions
or the Removals
parameter.
After sharing a snapshot with an account, the other account can create a copy of it that they own. For more information about copying snapshots, see CreateSnapshot.
$ osc-cli api UpdateSnapshot --profile "default" \
--SnapshotId "snap-12345678" \
--PermissionsToCreateVolume '{
"Additions": {
"AccountIds": ["987654321098"]
}
}'
$ osc-cli api UpdateSnapshot --profile "default" \
--SnapshotId "snap-12345678" \
--PermissionsToCreateVolume '{
"Removals": {
"AccountIds": ["987654321098"]
}
}'
$ osc-cli api UpdateSnapshot --profile "default" \
--SnapshotId "snap-12345678" \
--PermissionsToCreateVolume '{
"Additions": {
"GlobalPermission": True
}
}'
$ osc-cli api UpdateSnapshot --profile "default" \
--SnapshotId "snap-12345678" \
--PermissionsToCreateVolume '{
"Removals": {
"GlobalPermission": True
}
}'
This command contains the following attributes that you need to specify:
-
DryRun
: (optional) If true, checks whether you have the required permissions to perform the action. -
PermissionsToCreateVolume
: Information about the permissions for the resource.
Specify either theAdditions
or theRemovals
parameter.-
Additions
: (optional) Permissions for the resource.-
AccountIds
: (optional) One or more account IDs that the permission is associated with. -
GlobalPermission
: (optional) A global permission for all accounts.
(Request) Set this parameter to true to make the resource public (if the parent parameter isAdditions
) or to make the resource private (if the parent parameter isRemovals
).
(Response) If true, the resource is public. If false, the resource is private.
-
-
Removals
: (optional) Permissions for the resource.-
AccountIds
: (optional) One or more account IDs that the permission is associated with. -
GlobalPermission
: (optional) A global permission for all accounts.
(Request) Set this parameter to true to make the resource public (if the parent parameter isAdditions
) or to make the resource private (if the parent parameter isRemovals
).
(Response) If true, the resource is public. If false, the resource is private.
-
-
-
SnapshotId
: The ID of the snapshot.
The UpdateSnapshot command returns the following elements:
-
ResponseContext
: Information about the context of the response.-
RequestId
: The ID of the request.
-
-
Snapshot
: Information about the snapshot.-
AccountAlias
: The account alias of the owner of the snapshot. -
AccountId
: The account ID of the owner of the snapshot. -
CreationDate
: The date and time (UTC) at which the snapshot was created. -
Description
: The description of the snapshot. -
PermissionsToCreateVolume
: Permissions for the resource.-
AccountIds
: One or more account IDs that the permission is associated with. -
GlobalPermission
: A global permission for all accounts.
(Request) Set this parameter to true to make the resource public (if the parent parameter isAdditions
) or to make the resource private (if the parent parameter isRemovals
).
(Response) If true, the resource is public. If false, the resource is private.
-
-
Progress
: The progress of the snapshot, as a percentage. -
SnapshotId
: The ID of the snapshot. -
State
: The state of the snapshot (in-queue
|pending
|completed
|error
|deleting
)). -
Tags
: One or more tags associated with the snapshot.-
Key
: The key of the tag, with a minimum of 1 character. -
Value
: The value of the tag, between 0 and 255 characters.
-
-
VolumeId
: The ID of the volume used to create the snapshot. -
VolumeSize
: The size of the volume used to create the snapshot, in gibibytes (GiB).
-
{
"Snapshot": {
"VolumeSize": 10,
"AccountId": "123456789012",
"VolumeId": "vol-12345678",
"CreationDate": "2010-10-01T12:34:56.789Z",
"PermissionsToCreateVolume": {
"GlobalPermission": false,
"AccountIds": [
"987654321098"
]
},
"Progress": 100,
"SnapshotId": "snap-12345678",
"State": "completed",
"Description": "Snapshot created from a volume",
"Tags": []
},
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
}
}
{
"Snapshot": {
"VolumeSize": 10,
"AccountId": "123456789012",
"VolumeId": "vol-12345678",
"CreationDate": "2010-10-01T12:34:56.789Z",
"PermissionsToCreateVolume": {
"GlobalPermission": false,
"AccountIds": []
},
"Progress": 100,
"SnapshotId": "snap-12345678",
"State": "completed",
"Description": "Snapshot created from a volume",
"Tags": []
},
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
}
}
{
"Snapshot": {
"VolumeSize": 10,
"AccountId": "123456789012",
"VolumeId": "vol-12345678",
"CreationDate": "2010-10-01T12:34:56.789Z",
"PermissionsToCreateVolume": {
"GlobalPermission": true,
"AccountIds": []
},
"Progress": 100,
"SnapshotId": "snap-12345678",
"State": "completed",
"Description": "Snapshot created from a volume",
"Tags": []
},
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
}
}
{
"Snapshot": {
"VolumeSize": 10,
"AccountId": "123456789012",
"VolumeId": "vol-12345678",
"CreationDate": "2010-10-01T12:34:56.789Z",
"PermissionsToCreateVolume": {
"GlobalPermission": false,
"AccountIds": []
},
"Progress": 100,
"SnapshotId": "snap-12345678",
"State": "completed",
"Description": "Snapshot created from a volume",
"Tags": []
},
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
}
}
Gérer les permissions pour un snapshot avec oapi-cli
À ce jour, cette section est disponible en anglais uniquement. |
The UpdateSnapshot command modifies the permissions for a specified snapshot.
You must specify either the Additions
or the Removals
parameter.
After sharing a snapshot with an account, the other account can create a copy of it that they own. For more information about copying snapshots, see CreateSnapshot.
$ oapi-cli --profile "default" UpdateSnapshot \
--SnapshotId "snap-12345678" \
--PermissionsToCreateVolume '{
"Additions": {
"AccountIds": ["987654321098"]
}
}'
$ oapi-cli --profile "default" UpdateSnapshot \
--SnapshotId "snap-12345678" \
--PermissionsToCreateVolume '{
"Removals": {
"AccountIds": ["987654321098"]
}
}'
$ oapi-cli --profile "default" UpdateSnapshot \
--SnapshotId "snap-12345678" \
--PermissionsToCreateVolume '{
"Additions": {
"GlobalPermission": True
}
}'
$ oapi-cli --profile "default" UpdateSnapshot \
--SnapshotId "snap-12345678" \
--PermissionsToCreateVolume '{
"Removals": {
"GlobalPermission": True
}
}'
This command contains the following attributes that you need to specify:
-
DryRun
: (optional) If true, checks whether you have the required permissions to perform the action. -
PermissionsToCreateVolume
: Information about the permissions for the resource.
Specify either theAdditions
or theRemovals
parameter.-
Additions
: (optional) Permissions for the resource.-
AccountIds
: (optional) One or more account IDs that the permission is associated with. -
GlobalPermission
: (optional) A global permission for all accounts.
(Request) Set this parameter to true to make the resource public (if the parent parameter isAdditions
) or to make the resource private (if the parent parameter isRemovals
).
(Response) If true, the resource is public. If false, the resource is private.
-
-
Removals
: (optional) Permissions for the resource.-
AccountIds
: (optional) One or more account IDs that the permission is associated with. -
GlobalPermission
: (optional) A global permission for all accounts.
(Request) Set this parameter to true to make the resource public (if the parent parameter isAdditions
) or to make the resource private (if the parent parameter isRemovals
).
(Response) If true, the resource is public. If false, the resource is private.
-
-
-
SnapshotId
: The ID of the snapshot.
The UpdateSnapshot command returns the following elements:
-
ResponseContext
: Information about the context of the response.-
RequestId
: The ID of the request.
-
-
Snapshot
: Information about the snapshot.-
AccountAlias
: The account alias of the owner of the snapshot. -
AccountId
: The account ID of the owner of the snapshot. -
CreationDate
: The date and time (UTC) at which the snapshot was created. -
Description
: The description of the snapshot. -
PermissionsToCreateVolume
: Permissions for the resource.-
AccountIds
: One or more account IDs that the permission is associated with. -
GlobalPermission
: A global permission for all accounts.
(Request) Set this parameter to true to make the resource public (if the parent parameter isAdditions
) or to make the resource private (if the parent parameter isRemovals
).
(Response) If true, the resource is public. If false, the resource is private.
-
-
Progress
: The progress of the snapshot, as a percentage. -
SnapshotId
: The ID of the snapshot. -
State
: The state of the snapshot (in-queue
|pending
|completed
|error
|deleting
)). -
Tags
: One or more tags associated with the snapshot.-
Key
: The key of the tag, with a minimum of 1 character. -
Value
: The value of the tag, between 0 and 255 characters.
-
-
VolumeId
: The ID of the volume used to create the snapshot. -
VolumeSize
: The size of the volume used to create the snapshot, in gibibytes (GiB).
-
{
"Snapshot": {
"VolumeSize": 10,
"AccountId": "123456789012",
"VolumeId": "vol-12345678",
"CreationDate": "2010-10-01T12:34:56.789Z",
"PermissionsToCreateVolume": {
"GlobalPermission": false,
"AccountIds": [
"987654321098"
]
},
"Progress": 100,
"SnapshotId": "snap-12345678",
"State": "completed",
"Description": "Snapshot created from a volume",
"Tags": []
},
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
}
}
{
"Snapshot": {
"VolumeSize": 10,
"AccountId": "123456789012",
"VolumeId": "vol-12345678",
"CreationDate": "2010-10-01T12:34:56.789Z",
"PermissionsToCreateVolume": {
"GlobalPermission": false,
"AccountIds": []
},
"Progress": 100,
"SnapshotId": "snap-12345678",
"State": "completed",
"Description": "Snapshot created from a volume",
"Tags": []
},
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
}
}
{
"Snapshot": {
"VolumeSize": 10,
"AccountId": "123456789012",
"VolumeId": "vol-12345678",
"CreationDate": "2010-10-01T12:34:56.789Z",
"PermissionsToCreateVolume": {
"GlobalPermission": true,
"AccountIds": []
},
"Progress": 100,
"SnapshotId": "snap-12345678",
"State": "completed",
"Description": "Snapshot created from a volume",
"Tags": []
},
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
}
}
{
"Snapshot": {
"VolumeSize": 10,
"AccountId": "123456789012",
"VolumeId": "vol-12345678",
"CreationDate": "2010-10-01T12:34:56.789Z",
"PermissionsToCreateVolume": {
"GlobalPermission": false,
"AccountIds": []
},
"Progress": 100,
"SnapshotId": "snap-12345678",
"State": "completed",
"Description": "Snapshot created from a volume",
"Tags": []
},
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
}
}
Gérer les permissions pour un snapshot avec AWS CLI
Avant de commencer : Installez et configurez AWS CLI. Pour en savoir plus, voir Installer et configurer AWS CLI. |
Pour partager un snapshot avec d’autres comptes, utilisez la commande modify-snapshot-attribute en suivant cette syntaxe :
$ aws ec2 modify-snapshot-attribute \
--profile YOUR_PROFILE \
--snapshot-id snap-12345678 \
--attribute createVolumePermission \
--operation-type add \
--user-ids 123456789012,123456789013 \
--group NOT_SPECIFIED \
--endpoint https://fcu.eu-west-2.outscale.com
Cette commande contient les attributs suivants que vous devez spécifier :
-
(optionnel)
profile
: Le profil nommé que vous voulez utiliser, créé pendant la configuration d’AWS CLI. Pour en savoir plus, voir Installer et configurer AWS CLI. -
snapshot-id
: L’ID du snapshot que vous souhaitez partager. -
attribute
: Cet attribut doit être paramétré surcreateVolumePermission
. -
operation-type
: Le type d’opération que vous souhaitez effectuer sur les permissions. Cet attribut requiert l’un des éléments suivants :-
add
: Une ou plusieurs permissions à ajouter. -
remove
: Une ou plusieurs permissions à retirer.
-
-
(optionnel)
users-ids
: L’ID d’un ou de plusieurs comptes pour lesquels vous souhaitez ajouter ou retirer des permissions. -
(optionnel)
group
: Le group pour lequel vous souhaitez ajouter ou supprimer des permissions (all
si public, sinon laissé vide). -
endpoint
: Le endpoint correspondant à la Région à laquelle vous voulez envoyer la requête. Pour en savoir plus, voir Installer et configurer AWS CLI.
Les autorisations pour ce snapshot sont modifiées.
Pages connexes
Méthodes API correspondantes
AWS™ et Amazon Web Services™ sont des marques de commerce d'Amazon Technologies, Inc. ou de ses affiliées aux États-Unis et/ou dans les autres pays.