AliyunRDCRolePolicy 是专用于服务角色的授权策略,通常会在创建对应的服务角色时同步完成授权,以允许服务角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2026-06-12 15:56:47
更新时间:2026-06-12 15:56:47
当前版本:v1
策略内容
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "cs:DescribeUserPermission",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"vpc:DescribeVSwitchAttributes",
"vpc:DescribeVSwitches",
"ecs:CreateNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:CreateNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:CreateSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:DescribeSecurityGroupAttribute",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:TagResources",
"ecs:ListTagResources"
],
"Resource": "*"
},
{
"Action": [
"cs:GetClusterToken",
"cs:GetClusterEndpoints",
"cs:GetClusters",
"cs:GetClusterById",
"cs:GetClusterCerts",
"cs:GetClusterProjects",
"cs:DescribeClusterAddonsUpgradeStatus",
"cs:DescribeClusterAddonsVersion",
"cs:DescribeClusterUserKubeconfig",
"cs:InstallClusterAddons"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:CreateInstance",
"ecs:RunInstances",
"ecs:ListTagResources",
"ecs:DescribeManagedInstances",
"ecs:StartInstance",
"ecs:AllocatePublicIpAddress",
"ecs:StopInstance",
"ecs:DeleteInstance",
"ecs:DescribeInstances",
"ecs:DescribeInstanceAttribute",
"ecs:ModifyInstanceAttribute",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeImages",
"ecs:DescribeSnapshots",
"ecs:DescribeKeyPairs",
"ecs:DescribeSecurityGroups",
"ecs:CreateCommand",
"ecs:RunCommand",
"ecs:InstallCloudAssistant",
"ecs:InvokeCommand",
"ecs:StopInvocation",
"ecs:DeleteCommand",
"ecs:DescribeCloudAssistantStatus",
"ecs:DescribeCommands",
"ecs:DescribeInvocations",
"ecs:DescribeInvocationResults",
"slb:DescribeLoadBalancerAttribute",
"slb:RemoveBackendServers",
"slb:DescribeHealthStatus",
"slb:AddBackendServers",
"slb:SetBackendServers",
"ess:DescribeScalingGroups",
"ess:DescribeLifecycleHooks",
"ess:DescribeScalingInstances",
"ess:ModifyLifecycleHook",
"ess:CreateLifecycleHook",
"ess:ResumeProcesses",
"ess:SuspendProcesses",
"ess:DescribeEciScalingConfigurations",
"ess:ModifyEciScalingConfiguration",
"eci:UpdateContainerGroup",
"eci:DescribeContainerGroups",
"ess:EnterStandby",
"ess:ExitStandBy",
"ecs:DescribeInstances",
"ecs:TagResources",
"ecs:DescribeInvocations",
"ecs:DescribeInvocationResults",
"ecs:RunCommand"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribeSnatTableEntries",
"vpc:DescribeNatGateways",
"vpc:DescribeVSwitches"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cms:ListMyGroups",
"cms:ListContactGroup",
"cms:QueryContactGroup",
"cms:ListMyGroupInstances",
"cms:AddMyGroupInstances",
"cms:CreateMyGroups",
"cms:DeleteMyGroupInstances",
"cms:NodeInstall"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cr:ListRepositoryTag",
"cr:ListRepository",
"cr:PullRepository",
"cr:PushRepository",
"cr:ListNamespace",
"cr:GetAuthorizationToken",
"cr:CreateRepository",
"cr:CreateNamespace",
"cr:GetNamespace",
"cr:ListNamespace",
"cr:GetRepository",
"cr:ListInstance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oss:ListBuckets",
"oss:PutBucket",
"oss:ListObjects",
"oss:GetObject",
"oss:PutObject",
"oss:DeleteObject",
"oss:GetBucketLocation",
"oss:PutBucketAcl",
"oss:GetBucketAcl",
"oss:GetObjectAcl",
"oss:PutObjectAcl"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oos:CancelExecution",
"oos:DeleteExecutions",
"oos:GenerateExecutionPolicy",
"oos:GetExecutionTemplate",
"oos:ListExecutionLogs",
"oos:ListExecutions",
"oos:ListTaskExecutions",
"oos:NotifyExecution",
"oos:StartExecution",
"oos:ListApplications",
"oos:ListApplicationGroups",
"oos:GetApplicationGroup"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"edas:BindSlb",
"edas:ListUserDefineRegion",
"edas:ChangeDeployGroup",
"edas:ContinuePipeline",
"edas:DeleteDeployGroup",
"edas:GetApplication",
"edas:GetContainerConfiguration",
"edas:GetJvmConfiguration",
"edas:GetScalingRules",
"edas:InsertDeployGroup",
"edas:ListApplication",
"edas:ListBuildPack",
"edas:ListComponents",
"edas:ListDeployGroup",
"edas:ModifyScalingRule",
"edas:QueryApplicationStatus",
"edas:GetSecureToken",
"edas:UnbindSlb",
"edas:UpdateApplicationBaseInfo",
"edas:UpdateContainerConfiguration",
"edas:UpdateHealthCheckUrl",
"edas:UpdateJvmConfiguration",
"edas:DeleteApplication",
"edas:DeployApplication",
"edas:GetChangeOrderInfo",
"edas:InsertApplication",
"edas:ListHistoryDeployVersion",
"edas:ListRecentChangeOrder",
"edas:ResetApplication",
"edas:RollbackApplication",
"edas:ScaleInApplication",
"edas:ScaleOutApplication",
"edas:StartApplication",
"edas:StopApplication",
"edas:DeleteConfigCenter",
"edas:InsertConfigCenter",
"edas:ListConfigCenters",
"edas:QueryConfigCenter",
"edas:DeleteDegradeControl",
"edas:DeleteFlowControl",
"edas:DisableDegradeControl",
"edas:DisableFlowControl",
"edas:EnableDegradeControl",
"edas:EnableFlowControl",
"edas:InsertDegradeControl",
"edas:InsertFlowControl",
"edas:ListDegradeControls",
"edas:ListFlowControls",
"edas:UpdateDegradeControl",
"edas:UpdateFlowControl",
"edas:BindK8sSlb",
"edas:DeleteK8sApplication",
"edas:DeployK8sApplication",
"edas:GetK8sApplication",
"edas:ImportK8sCluster",
"edas:InsertK8sApplication",
"edas:ScaleK8sApplication",
"edas:UnbindK8sSlb",
"edas:UpdateContainer",
"edas:UpdateK8sApplicationConfig",
"edas:UpdateK8sSlb",
"edas:CreateNamespace",
"edas:ReadNamespace",
"edas:DeleteNamespace",
"edas:ReadNamespace",
"edas:ManageNamespace",
"edas:ReadNamespace",
"edas:CreateCluster",
"edas:ReadCluster",
"edas:DeleteCluster",
"edas:ReadCluster",
"edas:ManageCluster",
"edas:ReadCluster",
"edas:CreateApplication",
"edas:ReadApplication",
"edas:DeleteApplication",
"edas:ReadApplication",
"edas:ManageApplication",
"edas:ReadApplication",
"edas:ConfigApplication",
"edas:ReadApplication",
"edas:ReadApplication",
"edas:ManageAppLog",
"edas:ReadService",
"edas:ReadService",
"edas:ManageService",
"edas:ManageSystem",
"edas:ReadOperationLog",
"edas:ManageOperation",
"edas:ManageCommercialization"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"sae:DescribeApplicationConfig",
"sae:VirtualServerProxy",
"sae:DescribeRegions",
"sae:DescribeInstanceLog",
"sae:DescribeComponents",
"sae:DescribeEdasContainers",
"sae:DescribeApplicationImage",
"sae:DescribeApplicationInstances",
"sae:DescribeApplicationGroups",
"sae:ListApplications",
"sae:QueryResourceStatics",
"sae:ListLogConfigs",
"sae:DescribeApplicationStatus",
"sae:DescribeNamespaces",
"sae:DeployApplication",
"sae:CreateApplication",
"sae:DeleteApplication",
"sae:StopApplication",
"sae:RescaleApplicationVertically",
"sae:StartApplication",
"sae:ConfirmPipelineBatch",
"sae:ListChangeOrders",
"sae:AbortAndRollbackChangeOrder",
"sae:DescribeChangeOrder",
"sae:DescribeInstanceSpecifications",
"sae:RescaleApplication",
"sae:RestartApplication",
"sae:AbortChangeOrder",
"sae:UpdateJob",
"sae:DescribeJob",
"sae:ListJobs",
"sae:CreateCredential",
"sae:GetWebshellToken"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:PassRole",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"fc:CreateService",
"fc:ListServices",
"fc:GetService",
"fc:UpdateService",
"fc:DeleteService",
"fc:CreateFunction",
"fc:ListFunctions",
"fc:GetFunction",
"fc:UpdateFunction",
"fc:DeleteFunction",
"fc:InvokeFunction",
"fc:CreateTrigger",
"fc:ListTriggers",
"fc:GetTrigger",
"fc:UpdateTrigger",
"fc:DeleteTrigger",
"fc:PublishServiceVersion",
"fc:ListServiceVersions",
"fc:DeleteServiceVersion",
"fc:CreateAlias",
"fc:GetAlias",
"fc:UpdateAlias",
"fc:ListAliases",
"fc:DeleteAlias",
"fc:PutProvisionConfig",
"fc:GetProvisionConfig",
"fc:ListProvisionConfigs",
"fc:DeleteProvisionConfig",
"fc:CreateCustomDomain",
"fc:GetCustomDomain",
"fc:UpdateCustomDomain",
"fc:ListCustomDomains",
"fc:DeleteCustomDomain",
"fc:PutFunctionOnDemandConfig",
"fc:GetFunctionOnDemandConfig",
"fc:ListFunctionOnDemandConfigs",
"fc:DeleteFunctionOnDemandConfig",
"fc:ListFunctionAsyncInvokeConfigs",
"fc:ListConcurrencyConfigs",
"fc:DeleteConcurrencyConfig",
"fc:PutConcurrencyConfig",
"fc:GetConcurrencyConfig",
"fc:ListInstances",
"fc:PublishFunctionVersion",
"fc:ListFunctionVersions",
"fc:DeleteFunctionVersion",
"fc:CreateVpcBinding",
"fc:ListVpcBindings",
"fc:DeleteVpcBinding",
"fc:DeleteFunctionAsyncInvokeConfig",
"fc:GetFunctionAsyncInvokeConfig",
"fc:GetFunctionCode",
"fc:PutFunctionAsyncInvokeConfig",
"fc:GetLayerVersionByArn",
"fc:ListLayers",
"fc:PutLayerACL",
"fc:ListLayerVersions",
"fc:CreateLayerVersion",
"fc:DeleteLayerVersion",
"fc:GetLayerVersion",
"fc:TagResources",
"fc:UntagResources",
"fc:ListTagResources"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ros:CreateStack",
"ros:UpdateStack",
"ros:GetStack",
"ros:ListStacks",
"ros:PreviewStack",
"ros:GetTemplateEstimateCost",
"ros:CancelUpdateStack",
"ros:ContinueCreateStack",
"ros:SetStackPolicy",
"ros:GetStackPolicy",
"ros:GetTemplate",
"ros:CreateChangeSet",
"ros:GetChangeSet",
"ros:ListChangeSets",
"ros:ListStackEvents",
"ros:ListStackResources",
"ros:GetStackResource"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"mhub:ListProducts",
"mhub:ListApps",
"mhub:CreateProduct",
"mhub:CreateApp",
"mhub:DeleteApp"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"emasdevops:ListPipelineDefinitions",
"emasdevops:TriggerPipeline",
"emasdevops:QueryArtifactSignature",
"emasdevops:DescribePipelineDetail",
"emasdevops:CreateAndroidCert",
"emasdevops:InitAppPipeline"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"tag:ListTagResources",
"tag:ListTagKeys",
"tag:ListTagValues"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"arms:ListDashboards"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "fc.aliyuncs.com"
}
}
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "systemeventoperator.oos.aliyuncs.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"log:Get*",
"log:List*"
],
"Resource": "acs:log:*:*:*"
},
{
"Action": [
"cms:CreateThread",
"cms:CreateChat",
"cms:GetPrometheusInstance",
"cms:UpsertUmodelCommonSchemaRef",
"starops:CreateThread",
"starops:CreateChat"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"cms:Get*",
"cms:List*"
],
"Resource": [
"acs:cms:*:*:workspace/*",
"acs:cms:*:*:cloudresource"
]
},
{
"Action": [
"log:CreateProject",
"log:DeleteProject",
"log:GetProject",
"log:ListProject",
"log:UpdateProject",
"log:ListTagResources",
"log:TagResources",
"log:UntagResources",
"log:CreateLogStore",
"log:DeleteLogStore",
"log:GetLogStore",
"log:UpdateLogStore",
"log:ListLogStores",
"log:GetLogs",
"log:GetHistograms",
"log:GetContextLogs",
"log:GetLogStoreHistogram",
"log:GetLogStoreContextLogs",
"log:PostLogStoreLogs",
"log:ListShards",
"log:SplitShard",
"log:MergeShards",
"log:GetCursorOrData",
"log:CreateIndex",
"log:DeleteIndex",
"log:GetIndex",
"log:UpdateIndex",
"log:CreateDashboard",
"log:DeleteDashboard",
"log:GetDashboard",
"log:UpdateDashboard",
"log:ListDashboard"
],
"Resource": "*",
"Effect": "Allow"
}
]
}相关文档
该文章对您有帮助吗?