服务角色是某个云服务在某些情况下,为了完成自身的某个功能,需要获取其他云服务的访问权限而提供的RAM角色。您需要为ACK One服务账号授予对应的服务角色才能正常使用ACK One功能。本文为您介绍ACK One支持的服务角色以及角色的策略内容。
授权操作
仅在第一次使用ACK One服务时需要授权,使用阿里云账号(主账号)或者RAM管理员账号(子账号)授权一次即可。
服务角色无需手动创建,您在首次使用ACK One控制台和相关功能时,控制台界面会自动弹出授权提示,您只需要按照提示操作即可完成自动授权。
重要 仅阿里云账号(主账号)或RAM管理员账号可以完成服务角色的自动授权,普通RAM用户没有授权操作的权限。如果您在操作时系统提示权限不足,请将账号切换到阿里云(主账号)或RAM管理员账号完成授权。
服务关联角色
角色名称 | 角色权限说明 |
AliyunServiceRoleForAdcp | |
AliyunAdcpServerlessKubernetesRole | |
AliyunAdcpManagedMseRole | |
角色策略内容
AliyunServiceRoleForAdcp
ECS相关权限
ecs:CreateSecurityGroup
ecs:CreateSecurityGroupPermissions
ecs:DeleteSecurityGroup
ecs:DescribeAccountAttributes
ecs:DescribeSecurityGroups
ecs:AuthorizeSecurityGroup
ecs:RevokeSecurityGroup
ecs:AuthorizeSecurityGroupEgress
ecs:RevokeSecurityGroupEgress
ecs:DescribeNetworkInterfaces
ecs:DescribeZones
VPC相关权限
vpc:DescribeVpcAttribute
vpc:DescribeVSwitchAttributes
vpc:AllocateEipAddress
vpc:AssociateEipAddress
vpc:UnassociateEipAddress
vpc:ReleaseEipAddress
vpc:DescribeEipAddresses
vpc:TagResources
vpc:DeletionProtection
vpc:DescribeRouteTableList
vpc:CreateRouteEntry
vpc:DeleteeRouteEntry
vpc:AcceptVpcPeerConnection
vpc:GetVpcPeerConnectionAttribute
vpc:DescribeVSwitches
vpc:DescribeVpcs
SLB相关权限
slb:DescribeLoadBalancerAttribute
slb:CreateLoadBalancer
slb:DeleteLoadBalancer
slb:StartLoadBalancerListener
slb:StopLoadBalancerListener
slb:CreateLoadBalancerTCPListener
slb:CreateLoadBalancerHTTPListener
slb:DeleteLoadBalancerListener
slb:AddTags
slb:RemoveTags
slb:SetLoadBalancerDeleteProtection
slb:SetLoadBalancerModificationProtection
slb:DescribeZones
slb:CreateAccessControlList
slb:DescribeAccessControlLists
slb:AddAccessControlListEntry
slb:RemoveAccessControlListEntry
slb:SetLoadBalancerTCPListenerAttribute
服务网格相关权限
servicemesh:CreateServiceMesh
servicemesh:DeleteServiceMesh
servicemesh:DescribeServiceMeshDetail
servicemesh:DescribeServiceMeshes
servicemesh:DescribeServiceMeshKubeconfig
servicemesh:DescribeServiceMeshLogs
servicemesh:ModifyServiceMesh
servicemesh:ModifyServiceMeshName
servicemesh:DescribeClustersInServiceMesh
servicemesh:AddClusterIntoServiceMesh
servicemesh:RemoveClusterFromServiceMesh
servicemesh:UpdateMeshFeature
servicemesh:DescribeRegions
servicemesh:DescribeServiceMeshUpgradeStatus
servicemesh:DescribeVersions
servicemesh:RevokeKubeconfig
servicemesh:UpdateServiceMeshOwner
AliyunAdcpServerlessKubernetesRole
ECS 相关权限
ecs:DescribeSecurityGroups
ecs:CreateNetworkInterface
ecs:CreateNetworkInterfacePermission
ecs:DescribeNetworkInterfaces
ecs:AttachNetworkInterface
ecs:DetachNetworkInterface
ecs:DeleteNetworkInterface
ecs:DeleteNetworkInterfacePermission
ARMS相关权限
arms:GetManagedPrometheusStatus
arms:InstallManagedPrometheus
arms:UninstallManagedPrometheus
ECI相关权限
eci:CreateContainerGroup
eci:DeleteContainerGroup
eci:DescribeContainerGroups
eci:DescribeContainerGroupStatus
eci:DescribeContainerGroupEvents
eci:DescribeContainerLog
eci:UpdateContainerGroup
eci:UpdateContainerGroupByTemplate
eci:CreateContainerGroupFromTemplate
eci:RestartContainerGroup
eci:ExportContainerGroupTemplate
eci:DescribeContainerGroupMetric
eci:DescribeMultiContainerGroupMetric
eci:ResizeContainerGroupVolume
eci:ExecContainerCommand
eci:CreateImageCache
eci:DescribeImageCaches
eci:DeleteImageCache
RAM相关权限
ram:CreateServiceLinkedRole
AliyunAdcpManagedMseRole
MSE相关权限
mse:AddBlackWhiteList
mse:AddGateway
mse:AddServiceSource
mse:CreateApplication
mse:DeleteGateway
mse:DeleteServiceSource
mse:GetBlackWhiteList
mse:GetGateway
mse:GetGatewayDetail
mse:GetGatewayOption
mse:ListServiceSource
mse:ListTagResources
mse:ModifyLosslessRule
mse:TagResources
mse:UntagResources
mse:UpdateBlackWhiteList
mse:UpdateGatewayOption
mse:UpdateServiceSource
日志服务相关权限
log:CloseProductDataCollection
log:OpenProductDataCollection
log:GetProductDataCollection
RAM相关权限
ram:CreateServiceLinkedRole