AliyunKMSSecretAdminAccess 是阿里云管理的产品系统策略,您可以将 AliyunKMSSecretAdminAccess 授权给 RAM 身份(RAM 用户、RAM 用户组和 RAM 角色),本策略定义了在KMS中管理凭据的权限。
策略详情
类型:系统策略
创建时间:2020-03-04 14:44:44
更新时间:2023-06-26 13:51:26
当前版本:v5
策略内容
{
"Version": "1",
"Statement": [
{
"Action": "kms:*",
"Resource": "acs:kms:*:*:secret*",
"Effect": "Allow"
},
{
"Action": "kms:GetRandomPassword",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"rds:DescribeDBInstances",
"rds:DescribeDBInstanceAttribute",
"rds:DescribeDatabases",
"rds:DescribeAccounts",
"rds:DescribeDBInstanceNetInfo",
"rds:CreateAccount",
"rds:GrantAccountPrivilege"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ecs:DescribeInstances",
"Resource": "acs:ecs:*:*:instance/*",
"Effect": "Allow"
},
{
"Action": ["ecs:TagResources","ecs:UntagResources","ecs:ListTagResources"],
"Resource": ["acs:kms:*:*:key/*","acs:kms:*:*:secret/*"],
"Effect": "Allow"
},
{
"Action": "ram:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"secretsmanager-rds.kms.aliyuncs.com",
"secretsmanager-ecs.kms.aliyuncs.com"
]
}
},
"Resource": "*",
"Effect": "Allow"
}
]
}相关文档
文档内容是否对您有帮助?