AliyunServiceRolePolicyForAlikafkaInstanceEncryption

AliyunServiceRolePolicyForAlikafkaInstanceEncryption 是专用于服务关联角色的授权策略，会在创建服务关联角色 AliyunServiceRoleForAlikafkaInstanceEncryption 时自动授权，以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新，请勿将本策略授权给服务关联角色之外的 RAM 身份使用。

策略详情

• 类型：系统策略

• 创建时间：2025-10-23 17:09:32

• 更新时间：2025-10-23 17:09:32

• 当前版本：v1

策略内容

{
  "Version": "1",
  "Statement": [ 
  	{
  		"Action": [ 
      	  "kms:Listkeys",
  		  "kms:Listaliases", 
          "kms:ListResourceTags", 
          "kms:DescribeKey", 
          "kms:TagResource", 
          "kms:UntagResource"
  		],
  		"Resource": "*", 
      "Effect": "Allow"
  	},
  	{
      "Action": [ 
        "kms:Encrypt",
        "kms:Decrypt",
        "kms:GenerateDataKey" 
      ],	
      "Resource": "*", 
      "Effect": "Allow",
      "Condition": {
        "StringEqualsIgnoreCase": { 
          "kms:tag/acs:alikafka:instance-encryption": "true"
        }
      }
  	},
  	{
      "Action": "ram:DeleteServiceLinkedRole", 
      "Resource": "*",
      "Effect": "Allow",
      "Condition": { 
        "StringEquals": {
          "ram:ServiceName": "instanceencryption.alikafka.aliyuncs.com"
        }
      }
  	}
  ]
}

相关文档

• 权限策略基本元素

• 服务关联角色