If you use TSA-Chaotic Fault Generator (TSA-CFG) in Tencent Cloud and TSA-CFG is managed by different individuals that use your cloud account access keys, the following issues may arise:
The risk of your access keys being compromised is high since multiple users share the key.
Misoperations of these individuals may introduce security risks due to the lack of user access control.
To resolve these issues, you can use sub-accounts to enable different individuals to manage different businesses. By default, sub-accounts do not have permissions to use TSA-CFG. You need to create a policy to grant sub-accounts the necessary permissions.
Introduction
Cloud Access Management (CAM) is a set of web services provided by Tencent Cloud. CAM primarily helps users securely manage the permissions to access resources under their Tencent Cloud accounts. With CAM, you can create, manage, and delete users (or user groups), and control who can access and use specific Tencent Cloud resources through identity and policy management.
When using CAM, you can associate a policy with a user or a group of users. The policy can grant or deny one or more users the permissions to use specific resources to perform specific tasks.
If you do not need to manage CAM-related resource access for sub-accounts, you may skip this section. Skipping this section does not affect your understanding and use of the rest of the document.
Quick Start
A CAM policy must grant or deny the use of one or more TSA-CFG operations. It must also specify the resources that can be used for the operations (which can be all resources or specific resources for some operations). Additionally, the policy can include conditions set for operating the resources.
Some TSA-CFG API operations do not support resource-level authorization. This means that for these types of API operations, you are unable to specify a specific resource to use. Instead, you must specify all resources when calling these API operations.