AliyunCISDefaultRolePolicy_访问控制(RAM)-阿里云帮助中心

AliyunCISDefaultRolePolicy 是专用于服务角色的授权策略，通常会在创建对应的服务角色时同步完成授权，以允许服务角色代您访问其他云服务。本策略由对应的阿里云服务按需更新，请勿将本策略授权给服务角色之外的 RAM 身份使用。
策略详情

类型：系统策略
创建时间：2024-10-18 11:13:15
更新时间：2025-02-24 07:49:06
当前版本：v10
策略内容

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "ecs:DescribeInstances",
        "ecs:DescribeInstanceStatus",
        "ecs:DescribeInstanceTypes",
        "ecs:DescribeInstanceTypeFamilies",
        "ecs:DescribeInstanceAttribute",
        "ecs:DescribeDiagnosticReports",
        "ecs:DescribeDiagnosticReportAttributes",
        "ecs:DescribeDiagnosticMetricSets",
        "ecs:DescribeDiagnosticMetrics",
        "ecs:DescribeSecurityGroupAttribute",
        "ecs:DescribeSecurityGroups",
        "ecs:DescribeSecurityGroupReferences",
        "ecs:DescribeBandwidthLimitation",
        "ecs:DescribeCloudAssistantStatus",
        "ecs:DescribeCommands",
        "ecs:DescribeInvocationResults",
        "ecs:CreateCommand",
        "ecs:InvokeCommand",
        "ecs:StopInvocation",
        "ecs:CreateDiagnosticReport",
        "ecs:DescribeNetworkInterfaces",
        "ecs:DescribeDisks",
        "ecs:DescribeDeploymentSets",
        "ecs:DescribeCapacityReservations",
        "ecs:RunCommand"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "vpc:DescribeVpcs",
        "vpc:DescribeVpcAttribute",
        "vpc:DescribeVSwitches",
        "vpc:DescribeVSwitchAttributes",
        "vpc:DescribeRouteTableList",
        "vpc:DescribeRouteEntryList",
        "vpc:DescribeNatGateways",
        "vpc:DescribeRouteTables",
        "vpc:DescribeSnatTableEntries",
        "vpc:DescribeNetworkAcls",
        "vpc:DescribeNetworkAclAttributes",
        "vpc:DescribeEipAddresses"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "sls:GetLogStore"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "oss:GetBucketInfo"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "slb:DescribeLoadBalancers",
        "slb:DescribeLoadBalancerAttribute",
        "slb:DescribeVServerGroups",
        "slb:DescribeVServerGroupAttribute",
        "slb:DescribeLoadBalancerTCPListenerAttribute",
        "slb:DescribeLoadBalancerUDPListenerAttribute",
        "slb:DescribeAccessControlLists",
        "slb:DescribeAccessControlListAttribute",
        "slb:DescribeLoadBalancerListeners",
        "slb:DescribeHealthStatus"
      ],
      "Resource": [
        "*"
      ],
      "Effect": "Allow"
    },
    {
      "Action": [
        "grace:GetFile",
        "grace:AnalyzeFile",
        "grace:UploadFileByOSS",
        "grace:UploadFileByURL"
      ],
      "Resource": "acs:grace:*:*:*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "ram:GetRole",
        "ram:ListPoliciesForRole"
      ],
      "Resource": [
        "acs:ram:*:*:role/kubernetesworkerrole*",
        "acs:ram:*:*:role/aliyuncsmanagedautoscalerrole",
        "acs:ram:*:*:role/aliyunooslifecyclehook4csrole"
      ],
      "Effect": "Allow"
    },
    {
      "Action": [
        "cms:DescribeMetricData",
        "cms:DescribeMetricLast",
        "cms:DescribeMetricMetaList",
        "cms:DescribeMetricTop",
        "cms:QueryMetricMeta",
        "cms:QueryMetricTop",
        "cms:ListMetricMeta",
        "cms:ListMetricMetaProject",
        "cms:QueryMetricData",
        "cms:QueryMetricLast",
        "cms:DescribeMetricList",
        "cms:QueryMetricList",
        "cms:MetricMeta",
        "cms:DescribeAlertLogList",
        "cms:DescribeSystemEventAttribute",
        "cms:GetMetricStreamMeta"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "eflo:DescribeNode",
        "eflo:RunCommand",
        "eflo:DescribeInvocations"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "eci:DescribeContainerGroups",
        "eci:RunCommand",
        "eci:DescribeCommandResult",
        "eci:ListUsage"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "ess:DescribeScalingGroups",
        "ess:DescribeScalingInstances",
        "ess:DescribeScalingActivities",
        "ess:DescribeScalingConfigurations",
        "ess:DescribeScalingRules",
        "ess:DescribeScheduledTasks",
        "ess:DescribeLifecycleHooks",
        "ess:DescribeNotificationConfigurations",
        "ess:DescribeNotificationTypes",
        "ess:DescribeRegions",
        "ess:DescribeDiagnoseReports",
        "ess:CreateDiagnoseReport",
        "ess:DescribeElasticStrength",
        "ess:DescribeScalingGroupDetail",
        "ess:DescribePatternTypes"
      ],
      "Resource": [
        "*"
      ],
      "Effect": "Allow"
    },
    {
      "Action": [
        "cs:DescribeClusterDetail",
        "cs:DescribeClusterResources",
        "cs:DescribeTasks",
        "cs:DescribeTaskInfo",
        "cs:DescribeClusterNodePools",
        "cs:DescribeNodePoolVuls",
        "cs:DescribeKubernetesVersionMetadata",
        "cs:DescribeClusterNodes",
        "cs:ListClusterAddonInstances",
        "cs:DescribeAddon",
        "cs:DescribeClusterNodePoolDetail",
        "cs:DescribeClusterAddonsUpgradeStatus"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "quotas:ListProducts",
        "quotas:ListProductQuotas",
        "quotas:ListProductQuotas",
        "quotas:ListProductQuotaDimensions",
        "quotas:GetProductQuota",
        "quotas:GetProductQuotaDimension"
      ],
      "Resource": "acs:quotas:*:*:*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:CreateServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "selfservice.ecs.aliyuncs.com"
        }
      }
    }
  ]
}
策略详情

策略内容

相关文档
