AliyunAIPaaSDefaultRolePolicy

AliyunAIPaaSDefaultRolePolicy 是专用于服务角色的授权策略，通常会在创建对应的服务角色时同步完成授权，以允许服务角色代您访问其他云服务。本策略由对应的阿里云服务按需更新，请勿将本策略授权给服务角色之外的 RAM 身份使用。

策略详情

• 类型：系统策略

• 创建时间：2024-06-27 15:32:14

• 更新时间：2024-06-27 15:32:14

• 当前版本：v1

策略内容

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cr:Get*",
        "cr:List*",
        "cr:Update*",
        "cr:PullRepository",
        "cr:SearchRepo",
        "cr:StartImageScan",
        "cr:CreateArtifactBuildTask",
        "cr:PushRepository"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "cr-ee:Get*",
        "cr-ee:List*",
        "cr-ee:Update*",
        "cr-ee:PullRepository",
        "cr-ee:SearchRepo",
        "cr-ee:StartImageScan",
        "cr-ee:CreateArtifactBuildTask",
        "cr-ee:PushRepository"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "oss:Get*",
        "oss:List*",
        "oss:Put*",
        "oss:Describe*"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "nas:Describe*",
        "nas:CPFSDescribe*"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "CPFS:Describe*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "sls:List*",
        "sls:Get*",
        "sls:Create*"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "log:List*",
        "log:Get*",
        "log:Create*",
        "log:Update*"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "cs:Describe*",
        "cs:Get*",
        "cs:Check*",
        "cs:Query*",
        "cs:ScanClusterVuls",
        "cs:InstallClusterAddons",
        "cs:UnInstallClusterAddons",
        "cs:ModifyCluster"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "cms:QueryMetricLast",
        "cms:QueryMetricList",
        "cms:GetMyGroups",
        "cms:ListMyGroups",
        "cms:DescribeMetricData",
        "cms:DescribeMetricLast",
        "cms:DescribeMetricMetaList",
        "cms:DescribeMetricTop",
        "cms:QueryMetricMeta",
        "cms:QueryMetricTop",
        "cms:ListMetricMeta",
        "cms:ListMetricMetaProject",
        "cms:QueryMetricData",
        "cms:DescribeMetricList",
        "cms:MetricMeta"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "ascm:List*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "Ucs:DescribeCpfsClientCluster",
        "Ucs:DescribeNodesState"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "EasyAI:ListAckCluster",
        "EasyAI:ListAckClusterInstances",
        "EasyAI:DescribeAckCluster",
        "EasyAI:InstallAIAddOn",
        "EasyAI:DeleteAIAddOn",
        "EasyAI:ListAckInstanceType",
        "EasyAI:DescribeAckClusterLogs",
        "EasyAI:DescribeAckClusterAddon",
        "EasyAI:ListHistoryEvent",
        "EasyAI:ListBmcpMachineType",
        "EasyAI:GetClusterInfo",
        "EasyAI:GetClusterInstanceInfo",
        "EasyAI:TagResources"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "cs-inner:*"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ram:GetRole",
        "ram:GetPolicy"
      ],
      "Resource": [
        "acs:ram:*:*:role/AIStudioClusterRole-*",
        "acs:ram:*:*:policy/AIStudioClusterPolicy-*"
      ]
    }
  ]
}

相关文档

• 权限策略基本元素

• 普通服务角色