Bastionhost:Import ECS secrets from KMS

Prerequisites

• ECS secrets are hosted in KMS. For more information, see Manage and use ECS secrets.

• ECS instances are imported to Bastionhost. For more information, see Import ECS instances.

• The AliyunYundunBastionHostFullAccess policy is attached to the RAM user that you want to use to manage Bastionhost. You must use the Alibaba Cloud account to which the RAM user belongs to attach the policy. For more information, see Grant permissions to RAM users.

Procedure

1. Log on to the console of a bastion host. For more information, see Log on to the console of a bastion host.

2. In the left-side navigation pane, choose Assets > Hosts.

3. In the host list, find the host that you want to manage and click Import KMS Secret in the Actions column.

4. In the Import KMS Secret dialog box, select the ECS secrets that you want to import and click Import.

   After the ECS secrets are imported, you can click the name of the host in the host list. On the Host Account tab, view and manage the imported ECS secrets.

What to do next

In the host list, you can click the name of the host. On the Host Account tab, manage the imported ECS secrets.

• Delete ECS secrets: You can select one or more ECS secrets and delete the ECS secrets. After you delete an ECS secret, the ECS secret is deleted only from your bastion host. The ECS secret is not deleted from KMS.

  Note

  After you delete an ECS secret from KMS, the ECS secret in your bastion host is marked as deleted and cannot be used.

• Turn on Enable Only SFTP Permission: If you turn on Enable Only SFTP Permission for an account, SSH-based logon is disabled for the account.

References

• For more information about how to grant permissions on ECS instances and secrets to Bastionhost users, see Authorize a user to manage hosts.

• For more information about how to manage O&M operations that are performed by Bastionhost users, see Configure a control policy.