AliyunServiceRolePolicyForAcc 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForAcc 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2025-04-14 10:41:12
更新时间:2025-04-14 10:41:12
当前版本:v1
策略内容
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:CreateNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeInstanceAttribute",
"ecs:AssignPrivateIpAddresses",
"ecs:UnassignPrivateIpAddresses",
"ecs:DescribeInstances",
"ecs:DescribeInstanceTypes",
"ecs:AssignIpv6Addresses",
"ecs:UnassignIpv6Addresses",
"ecs:ModifyNetworkInterfaceAttribute",
"ecs:CreateNetworkInterfacePermission",
"ecs:DeleteNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:CreateSecurityGroup",
"ecs:ModifySecurityGroupEgressRule",
"ecs:ModifySecurityGroupPolicy",
"ecs:ModifySecurityGroupRule",
"ecs:DescribeSecurityGroups",
"ecs:RevokeSecurityGroup",
"ecs:RevokeSecurityGroupEgress",
"ecs:DeleteSecurityGroup",
"ecs:DescribeSecurityGroupAttribute",
"ecs:AuthorizeSecurityGroup",
"ecs:DescribeNetworkInterfaceAttribute",
"ecs:AuthorizeSecurityGroupEgress"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs",
"vpc:DescribeVpcAttribute",
"vpc:DescribeNatGateways",
"vpc:DescribeVSwitchAttributes"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"netana:DescribeNetworkQuotas",
"netana:DescribeIdleInstancesNum",
"netana:CreateNetworkQuotaRequest",
"netana:DescribeIdleInstances",
"netana:DescribeNetworkResourceCountForGlobal",
"netana:NetQueryIdleInstanceNotifyConfig",
"netana:NetModifyIdleInstanceNotifyConfig"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"cms:QueryMetricList"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"eci:DescribeRegions"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"quotas:GetProductQuota"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"cs:CreateCluster",
"cs:CreateClusterByResourcesGroup",
"cs:DeleteCluster",
"cs:DescribeClusterDetail",
"cs:DescribeClusterUserKubeconfig",
"cs:DescribeClusters",
"cs:DescribeClustersV1",
"cs:DescribeEvents",
"cs:DescribeTaskInfo",
"cs:GetClusters",
"cs:ListTagResources",
"cs:ModifyCluster",
"cs:ModifyClusterTags",
"cs:TagResources",
"cs:UpdateClusterName",
"cs:UntagResources",
"cs:DescribeClusterResources"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"arms:InstallManagedPrometheus",
"arms:UnInstallManagedPrometheus",
"arms:DeleteGrafanaResource",
"arms:GetManagedPrometheusStatus"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"cms:DescribeMetricData"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"bssapi:GetPayAsYouGoPrice"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"slb:AddBackendServers",
"slb:RemoveBackendServers",
"slb:DescribeLoadBalancerAttribute",
"slb:SetLoadBalancerTCPListenerAttribute",
"slb:DescribeHealthStatus",
"slb:DescribeLoadBalancers",
"slb:SetLoadBalancerTCPListenerAttribute",
"slb:DescribeLoadBalancerTCPListenerAttribute"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"ram:ListUserBasicInfos",
"ram:ListRoles"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"ram:CreateOIDCProvider",
"ram:GetOIDCProvider",
"ram:UpdateOIDCProvider",
"ram:DeleteOIDCProvider"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Condition": {
"StringLike": {
"ram:OidcIssuerUrl": [
"https://oidc-acs-*.aliyuncs.com/*"
]
}
}
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "acc.aliyuncs.com"
}
}
}
]
}相关文档
该文章对您有帮助吗?