AliyunDevsFCServicesDeployPolicy 是阿里云管理的产品系统策略,您可以将 AliyunDevsFCServicesDeployPolicy 授权给 RAM 身份(RAM 用户、RAM 用户组和 RAM 角色),本策略定义了FunctionAI部署函数类型服务所需策略。
策略详情
类型:系统策略
创建时间:2025-06-10 19:18:08
更新时间:2025-07-15 05:41:31
当前版本:v4
策略内容
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "devs:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"vpc:CreateVpc",
"vpc:CreateVSwitch",
"vpc:ModifyVpcAttribute",
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs",
"ecs:AuthorizeSecurityGroup",
"ecs:CreateSecurityGroup",
"ecs:DescribeSecurityGroups"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"vpc:DescribeVpcAttribute",
"vpc:DescribeVSwitchAttributes"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"oss:AbortMultipartUpload",
"oss:GetBucketAcl",
"oss:GetBucketInfo",
"oss:GetBucketStat",
"oss:PutBucket",
"oss:ListObjectVersions",
"oss:ListParts",
"oss:ListMultipartUploads",
"oss:GetBucketEventNotification",
"oss:PutBucketEventNotification",
"oss:DeleteBucketEventNotification",
"oss:GetObject",
"oss:PutObject",
"oss:ListObjects"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"nas:CreateFileSystem",
"nas:DeleteFileSystem",
"nas:DescribeFileSystems",
"nas:ModifyFileSystem",
"nas:DeleteMountTarget",
"nas:ModifyMountTarget",
"nas:DescribeMountTargets"
],
"Resource": "acs:nas:*:*:filesystem/*"
},
{
"Effect": "Allow",
"Action": "nas:CreateMountTarget",
"Resource": [
"acs:nas:*:*:filesystem/*",
"acs:vpc:*:*:vswitch/*"
]
},
{
"Effect": "Allow",
"Action": [
"nas:CreateAccessGroup",
"nas:CreateAccessRule"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"log:CreateProject",
"log:GetProject"
],
"Resource": [
"acs:log:*:*:project/*-logproject",
"acs:log:*:*:project/*-project",
"acs:log:*:*:project/aliyun-serverless-*",
"acs:log:*:*:project/serverless-*"
]
},
{
"Effect": "Allow",
"Action": [
"log:CreateLogStore",
"log:GetLogStore",
"log:CreateIndex",
"log:GetIndex",
"log:DeleteLogStore",
"log:GetLogStoreLogs",
"log:DeleteIndex"
],
"Resource": [
"acs:log:*:*:project/*-logproject/logstore/*",
"acs:log:*:*:project/*-project/logstore/*",
"acs:log:*:*:project/aliyun-serverless-*/logstore/*",
"acs:log:*:*:project/serverless-*/logstore/*"
]
},
{
"Effect": "Allow",
"Action": "fc:*",
"Resource": "*"
},
{
"Action": "ram:PassRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"acs:Service": "fc.aliyuncs.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"log:GetEtlJob",
"log:UpdateEtlJob",
"log:CreateEtlJob",
"log:DeleteEtlJob"
],
"Resource": "acs:log:*:*:*"
},
{
"Effect": "Allow",
"Action": "ram:PassRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"acs:Service": [
"log.aliyuncs.com"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"cdn:UpdateFCTrigger",
"cdn:DeleteFCTrigger",
"cdn:DescribeFCTrigger",
"cdn:AddFCTrigger"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ots:GetTrigger",
"ots:CreateTrigger",
"ots:DeleteTrigger"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ram:PassRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"acs:Service": [
"ots.aliyuncs.com"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"mns:Subscribe",
"mns:Unsubscribe",
"mns:GetSubscriptionAttributes"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"eventbridge:CreateEventBus",
"eventbridge:UpdateEventBus",
"eventbridge:GetEventBus",
"eventbridge:DeleteEventBus",
"eventbridge:CreateRule",
"eventbridge:GetRule",
"eventbridge:UpdateRule",
"eventbridge:EnableRule",
"eventbridge:DisableRule",
"eventbridge:DeleteRule",
"eventbridge:ListRules",
"eventbridge:DeleteTargets",
"eventbridge:ListTargets"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"log:UpdateIndex",
"log:UpdateLogStore"
],
"Resource": [
"acs:log:*:*:project/aliyun-serverless-*/logstore/default-logs",
"acs:log:*:*:project/serverless-*/logstore/default-logs"
]
},
{
"Effect": "Allow",
"Action": [
"log:CreateDashboard",
"log:UpdateDashboard"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"log:CreateSavedSearch",
"log:UpdateSavedSearch"
],
"Resource": [
"acs:log:*:*:project/aliyun-serverless-*/savedsearch/*",
"acs:log:*:*:project/serverless-*/savedsearch/*"
]
}
]
}相关文档
该文章对您有帮助吗?