AliyunCSAIAssistantRolePolicy 是专用于服务角色的授权策略,通常会在创建对应的服务角色时同步完成授权,以允许服务角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2024-08-16 09:43:29
更新时间:2025-12-03 05:43:23
当前版本:v4
策略内容
{
"Version": "1",
"Statement": [
{
"Action": [
"cs:DescribeClusterVuls",
"cs:DescribeKubernetesVersionMetadata",
"cs:DescribeClusterEndpoints",
"cs:DescribePolicyInstancesStatus",
"cs:GetClusterCheckResult",
"cs:GetCostCheckItem",
"cs:CheckControlPlaneLogEnable",
"cs:GetClusterAuditProject",
"cs:DescribeClusterDetail",
"cs:DescribeClusters",
"cs:CreateClusterDiagnosis",
"cs:CreateClusterInspectConfig",
"cs:GetClusterDiagnosisResult",
"cs:RunClusterInspect",
"cs:RunClusterCheck",
"cs:ListClusterInspectReports",
"cs:GetClusterInspectReportDetail",
"cs:ListClusterChecks",
"cs:GetClusters"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"yundun-sas:DescribeSuspEvents",
"yundun-sas:DescribeVulDetails"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cr:CreateClusterImageAnalysisTask",
"cr:GetClusterImageAnalysisTask"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"arms:GetPrometheusInstance",
"arms:GetCloudClusterAllUrl"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"log:ListProject",
"log:ListTagResources",
"log:ListLogStores",
"log:ListConsumerGroup",
"log:GetProject",
"log:GetAlert",
"log:GetIndex",
"log:GetLogStore",
"log:GetLogStoreLogs"
],
"Resource": "*"
}
]
}相关文档
该文章对您有帮助吗?