Using RAM to realize the ECS resource access of the sub account to the main account
An ECS instance created by a user is a resource owned by that user. By default, users have full operational rights to their resources, and you can use all the APIs listed in this document to manipulate resources.
But in the master account of the scene, the child account just created is not eligible to operate the main account resources. The ability to give a child account the right to operate the primary account resource is required through RAM authorization.
Before you learn how to use RAM to authorize and access an ECS instance, make sure that you have read the RAM product documentation and API documentation in detail.
If you do not need to authorize and access an ECS instance resource across accounts, you can skip this section. Skipping these sections does not affect your understanding and use of the rest of the document.
Authorized ECS resource types in RAM
The Action that can authorize an ECS resource in RAM
Authentication rule When the ECS API occurs when a child account accesses the primary account resource