AliyunDTSRolePolicy 是专用于服务角色的授权策略,通常会在创建对应的服务角色时同步完成授权,以允许服务角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2016-09-12 13:34:45
更新时间:2016-09-12 13:34:45
当前版本:v1
策略内容
{
"Version": "1",
"Statement": [
{
"Action": [
"rds:Describe*",
"rds:CreateDBInstance",
"rds:CreateAccount*",
"rds:CreateDataBase*",
"rds:ModifySecurityIps",
"rds:GrantAccountPrivilege",
"rds:ReceiveDBInstance",
"rds:CreateMigrateTask",
"rds:DescribeMigrateTaskById",
"rds:CreateOnlineDatabaseTask"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeInstances",
"ecs:DescribeRegions",
"ecs:AuthorizeSecurityGroup",
"ecs:CreateSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:DescribeSecurityGroups",
"ecs:JoinSecurityGroup",
"ecs:LeaveSecurityGroup",
"ecs:RevokeSecurityGroup"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dhs:ListProject",
"dhs:GetProject",
"dhs:CreateTopic",
"dhs:ListTopic",
"dhs:GetTopic",
"dhs:UpdateTopic",
"dhs:ListShard",
"dhs:MergeShard",
"dhs:SplitShard",
"dhs:PutRecords",
"dhs:GetRecords",
"dhs:GetCursors"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"elasticsearch:DescribeInstance",
"elasticsearch:ListInstance",
"elasticsearch:UpdateAdminPwd",
"elasticsearch:UpdatePublicNetwork",
"elasticsearch:UpdateBlackIps",
"elasticsearch:UpdateKibanaIps",
"elasticsearch:UpdatePublicIps",
"elasticsearch:UpdatePrivateNetworkWhiteIps",
"elasticsearch:UpdatePublicWhiteIps",
"elasticsearch:UpdateWhiteIps",
"elasticsearch:ModifyWhiteIps"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"drds:DescribeDrds*",
"drds:ModifyDrdsIpWhiteList",
"drds:DescribeRegions",
"drds:DescribeRdsList",
"drds:CreateDrdsDB",
"drds:CreateDrdsAccount",
"drds:DescribeShardDBs"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"polardb:DescribeDBClusterIPArrayList",
"polardb:DescribeDBClusterNetInfo",
"polardb:DescribeDBClusters",
"polardb:DescribeRegions",
"polardb:DescribeDBClusterEndpoints",
"polardb:DescribeDBClusterAccessWhiteList",
"polardb:ModifyDBClusterAccessWhitelist",
"polardb:ModifySecurityIps",
"polardb:DescribeDBClusterAttribute",
"polardb:DescribeDBClusterVersion",
"polardb:DescribeGlobalDatabaseNetworks"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dds:DescribeDBInstanceAttribute",
"dds:DescribeReplicaSetRole",
"dds:DescribeSecurityIps",
"dds:DescribeDBInstances",
"dds:ModifySecurityIps",
"dds:DescribeShardingNetworkAddress",
"dds:DescribeRegions"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kvstore:DescribeSecurityIps",
"kvstore:DescribeInstances",
"kvstore:DescribeRegions",
"kvstore:ModifySecurityIps",
"kvstore:DescribeAccounts",
"kvstore:CreateAccount",
"kvstore:DescribeDBInstanceNetInfoForInner",
"kvstore:DescribeDBInstanceNetInfo",
"kvstore:AllocateInstancePrivateConnection",
"kvstore:SyncDtsStatus",
"kvstore:GetDbMasterInfo"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"petadata:DescribeInstanceInfo",
"petadata:DescribeSecurityIPs",
"petadata:DescribeInstances",
"petadata:ModifySecurityIPs"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"adb:DescribeDBClusters",
"adb:DescribeDBClusterAttribute",
"adb:DescribeRegions",
"adb:DescribeDBClusterNetInfo",
"adb:DescribeDBClusterAccessWhiteList",
"adb:ModifyDBClusterAccessWhiteList",
"adb:DescribeDBClusterPerformance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"gpdb:DescribeDBInstanceAttribute",
"gpdb:DescribeDBInstances",
"gpdb:DescribeRegions",
"gpdb:DescribeDBInstanceIPArrayList",
"gpdb:DescribeDBClusterIPArrayList",
"gpdb:ModifySecurityIps",
"gpdb:DescribeDBInstanceNetInfo",
"gpdb:DescribeDBClusterPerformance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"clickhouse:DescribeRegions",
"clickhouse:DescribeDBClusters",
"clickhouse:DescribeDBClusterAttribute",
"clickhouse:DescribeDBClusterNetInfoItems",
"clickhouse:DescribeDBClusterAccessWhiteList",
"clickhouse:ModifyDBClusterAccessWhiteList",
"clickhouse:DescribeAllDataSource",
"clickhouse:DescribeDBInstances",
"clickhouse:DescribeDBInstanceAttribute",
"clickhouse:DescribeEndpoints",
"clickhouse:DescribeSecurityIPList",
"clickhouse:ModifySecurityIPList"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ots:ListInstance",
"ots:GetInstance",
"ots:GetRow",
"ots:PutRow",
"ots:UpdateRow",
"ots:DeleteRow",
"ots:BatchWriteRow",
"ots:BulkImport",
"ots:CreateTable",
"ots:DescribeTable",
"ots:ListTable"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dg:GetUserDatabases",
"dg:GetUserGateways"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cen:DeleteRouteServiceInCen",
"cen:DescribeCenAttachedChildInstances",
"cen:DescribeCens",
"cen:DescribeRouteServicesInCen",
"cen:ResolveAndRouteServiceInCen"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"polardbx:DescribeDBInstances",
"polardbx:DescribeDBInstanceAttribute",
"polardbx:DescribeSecurityIps",
"polardbx:ModifySecurityIps"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dms:GetUserActiveTenant",
"dms:GetInstance",
"dms:GetLogicDatabase",
"dms:ListLogicDatabases",
"dms:GetDBTopology",
"dms:ListLogicTables",
"dms:GetTableDBTopology"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribeVpcAttribute",
"vpc:DescribeVSwitchAttributes"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"lindorm:GetLindormInstanceListForDMS",
"lindorm:GetLindormInstanceForDMS",
"lindorm:UpdateInstanceIpWhiteList",
"lindorm:GetLindormInstanceEngineList",
"lindorm:GetLindormInstanceList",
"lindorm:GetLindormInstance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"hbase:DescribeClusterConnection",
"hbase:DescribeInstance",
"hbase:DescribeInstances",
"hbase:ModifyIpWhitelist"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"bss:ModifyInstance",
"nis:ListNetworkPath",
"nis:DeleteNetworkPath",
"nis:CreateNetworkPath",
"nis:CreateNetworkReachableAnalysis",
"nis:GetNetworkReachableAnalysis",
"nis:IsOpenService",
"nis:CheckHasNisSLR",
"nis:BindServiceLinkRoleToUser"
],
"Resource": "*"
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "nis.aliyuncs.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"privatelink:CreateVpcEndpoint",
"privatelink:GetVpcEndpointAttribute",
"privatelink:ListVpcEndpoints",
"privatelink:AddZoneToVpcEndpoint",
"privatelink:ListVpcEndpointZones",
"privatelink:CheckProductOpen",
"privatelink:OpenPrivateLinkService",
"privatelink:RemoveZoneFromVpcEndpoint",
"privatelink:DeleteVpcEndpoint",
"ram:CreateServiceLinkedRole",
"ecs:DescribeSecurityGroups",
"ecs:CreateSecurityGroup",
"vpc:DescribeVSwitches"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"fc:InvokeFunction",
"fc:ListServices",
"fc:ListFunctions",
"fc:ListServiceVersions",
"fc:ListAliases"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cms:DescribeEventRuleList",
"cms:PutEventRule",
"cms:DescribeContactGroupList",
"cms:PutEventRuleTargets"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cdt:GetCdtServiceStatus",
"cdt:GetCdtCbServiceStatus",
"cdt:OpenCdtService",
"cdt:OpenCdtCbService"
],
"Resource": "acs:cdt:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"alikafka:ListInstance",
"alikafka:ListTopic",
"alikafka:UpdateInstance"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"selectdb:DescribeDBInstances",
"selectdb:DescribeDBInstanceAttribute",
"selectdb:DescribeDBInstanceNetInfo",
"selectdb:DescribeSecurityIPList",
"selectdb:ModifySecurityIPList"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"oceanbase:DescribeInstances",
"oceanbase:DescribeTenants",
"oceanbase:DescribeTenant",
"oceanbase:DescribeTenantSecurityIpGroups",
"oceanbase:ModifyTenantSecurityIpGroup"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"es-serverless:GetApp",
"es-serverless:UpdateApp",
"es-serverless:ListApps"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"dts:CreateDtsInstance",
"dts:ConfigureDtsJob",
"dts:ReverseTwoWayDirection",
"dts:DeleteDtsJob"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"log:ListLogStores",
"log:ListProject",
"log:GetIndex",
"log:GetProject",
"log:ListShards",
"log:GetCursor",
"log:GetCursorOrData"
],
"Resource": "*"
}
]
}相关文档
文档内容是否对您有帮助?