AliyunServiceRolePolicyForAnalyticDBForMySQL 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForAnalyticDBForMySQL 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2020-07-15 16:29:21
更新时间:2020-07-15 16:29:21
当前版本:v1
策略内容
{
"Version": "1",
"Statement": [
{
"Action": [
"oss:GetBucket",
"oss:GetBucketAcl",
"oss:GetBucketLocation",
"oss:GetBucketInfo",
"oss:GetBucketLogging",
"oss:GetBucketWebsite",
"oss:GetBucketReferer",
"oss:GetBucketLifecycle",
"oss:GetBucketEncryption",
"oss:GetBucketStat",
"oss:GetBucketMetadata",
"oss:GetBucketTagging",
"oss:GetBucketVersioning",
"oss:GetSimplifiedObjectMeta",
"oss:GetObjectMetadata",
"oss:GetBucketStorageCapacity",
"oss:GetBucketEncryption",
"oss:GetObject",
"oss:GetObjectMeta",
"oss:GetObjectAcl",
"oss:GetSymlink",
"oss:GetObjectTagging",
"oss:GetService",
"oss:ListObjects",
"oss:ListMultipartUploads",
"oss:ListParts",
"oss:ListBuckets",
"oss:ListVpcip",
"oss:ListVersions",
"oss:GetBucketCname",
"oss:GetBucketRequestPayment",
"oss:GetBucketVpcip",
"oss:DoesBucketExist",
"oss:DoesObjectExist",
"oss:ListObjectsV2",
"oss:SelectObject",
"oss:HeadObject",
"oss:PutBucket",
"oss:PutObject",
"oss:PutObjectTagging",
"oss:CopyObject",
"oss:InitiateMultipartUpload",
"oss:UploadPart",
"oss:UploadPartCopy",
"oss:CompleteMultipartUpload",
"oss:AbortMultipartUpload",
"oss:RestoreObject",
"oss:PostObject",
"oss:UploadFile",
"oss:DownloadFile",
"oss:AppendObject",
"oss:DeleteObject",
"oss:DeleteObjects",
"oss:DeleteObjectVersion",
"oss:ListObjectVersions",
"oss:HeadBucket",
"oss:PostDataLakeStorageFileOperation",
"oss:PostDataLakeStorageAdminOperation"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ots:ListInstance",
"ots:GetInstance",
"ots:ListDeliveryTask",
"ots:DescribeDeliveryTask",
"ots:GetRow",
"ots:BatchGetRow",
"ots:GetRange",
"ots:GetShardIterator",
"ots:GetStreamRecord",
"ots:ListStream",
"ots:ListTable",
"ots:ListSearchIndex",
"ots:DescribeStream",
"ots:DescribeTable",
"ots:DescribeSearchIndex",
"ots:ComputeSplitPointsBySize",
"ots:CreateTable",
"ots:UpdateTable",
"ots:DeleteTable",
"ots:PutRow",
"ots:UpdateRow",
"ots:DeleteRow",
"ots:BatchWriteRow",
"ots:CreateIndex",
"ots:DropIndex",
"ots:CreateSearchIndex",
"ots:DeleteSearchIndex",
"ots:Search",
"ots:ComputeSplits",
"ots:ParallelScan",
"ots:BulkImport",
"ots:BulkExport"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"log:GetProject",
"log:ListProject",
"log:GetCursorTime",
"log:BatchGetLog",
"log:GetLogs",
"log:GetHistograms",
"log:GetContextLogs",
"log:GetLogStoreLogs",
"log:GetLogStoreHistogram",
"log:GetLogStore",
"log:ListLogStores",
"log:GetConfig",
"log:ListConfig",
"log:GetShipper",
"log:ListShipper",
"log:GetShipperConfig",
"log:GetShipperTasks",
"log:GetShipperStatus",
"log:GetIndex",
"log:GetCheckPoint",
"log:HeartBeat",
"log:UpdateCheckPoint",
"log:PostLogStoreLogs",
"log:CreateConsumerGroup",
"log:UpdateConsumerGroup",
"log:DeleteConsumerGroup",
"log:ListConsumerGroup",
"log:ConsumerGroupUpdateCheckPoint",
"log:ConsumerGroupHeartBeat",
"log:GetConsumerGroupCheckPoint",
"log:CreateExport",
"log:GetExport",
"log:ListExport",
"log:UpdateExport",
"log:DeleteExport",
"log:CreateJob",
"log:GetJob",
"log:ListJobs",
"log:UpdateJob",
"log:DeleteJob",
"log:GetCursor",
"log:PullLogs",
"log:GetCursorOrData",
"log:ListShards",
"dts:CreateSynchronizationJob",
"dts:ConfigureSynchronizationJob",
"dts:DescribeSynchronizationJobStatus",
"dts:StartSynchronizationJob",
"dts:DeleteSynchronizationJob",
"dts:DescribeSynchronizationJobs",
"vpc:DescribeVpcAttribute",
"vpc:DescribeVSwitches",
"vpc:DescribeVSwitchAttributes",
"privatelink:CreateVpcEndpoint",
"privatelink:DeleteVpcEndpoint",
"privatelink:ListVpcEndpointZones",
"privatelink:RemoveZoneFromVpcEndpoint",
"privatelink:GetVpcEndpointAttribute",
"rds:CreateAccount",
"rds:DeleteAccount",
"ecs:CreateSecurityGroup",
"ecs:DescribeNetworkInterfaces",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:DeleteSecurityGroup",
"ecs:CreateNetworkInterface",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:CreateNetworkInterfacePermission",
"ecs:DeleteNetworkInterfacePermission",
"ecs:DeleteNetworkInterface",
"ecs:DescribeSecurityGroups",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:CreateSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:DescribeSecurityGroupAttribute",
"ecs:ModifySecurityGroupAttribute",
"ecs:ModifySecurityGroupEgressRule",
"ecs:ModifySecurityGroupRule",
"ecs:RevokeSecurityGroup",
"ecs:RevokeSecurityGroupEgress",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:ModifyNetworkInterfaceAttribute",
"ecs:TagResources",
"ecs:ListTagResources",
"ecs:UntagResources",
"ecs:DescribeInstanceAttribute",
"ecs:DescribeInstanceStatus",
"ecs:DescribeInstanceTypeFamilies",
"ecs:DescribeInstanceTypes",
"ecs:DescribeInstances",
"ecs:DescribeInstancesFullStatus",
"ecs:DescribeNetworkInterfaceAttribute",
"ecs:DescribeRegions",
"ecs:DescribeZones",
"privatelink:CheckProductOpen",
"privatelink:OpenPrivateLinkService",
"privatelink:UpdateVpcEndpointAttribute",
"privatelink:ListVpcEndpoints",
"privatelink:ListVpcEndpointServicesByEndUser",
"privatelink:EnableVpcEndpointConnection",
"privatelink:AddZoneToVpcEndpoint",
"privatelink:EnableVpcEndpointZoneConnection",
"privatelink:UpdateVpcEndpointZoneConnectionResourceAttribute",
"privatelink:DisableVpcEndpointZoneConnection",
"privatelink:AcceptVpcEndpointConnections",
"privatelink:AttachSecurityGroupToVpcEndpoint",
"privatelink:ListVpcEndpointSecurityGroups",
"privatelink:DetachSecurityGroupFromVpcEndpoint",
"privatelink:DeleteVpcEndpoint",
"privatelink:UpdateVpcEndpointConnectionAttribute",
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "ads.aliyuncs.com"
}
}
},
{
"Action": "ram:GetUser",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "acs:ram:*:*:role/*",
"Condition": {
"StringEquals": {
"ram:ServiceName": "privatelink.aliyuncs.com"
}
},
"Effect": "Allow"
},
{
"Action": [
"rds:DescribeDBInstances",
"rds:DescribeDBInstanceAttribute",
"rds:DescribeDBInstanceNetInfo",
"rds:DescribeDBInstanceHAConfig",
"rds:DescribeDBInstanceIPArrayList",
"rds:DescribeSecurityGroupConfiguration",
"rds:ModifySecurityGroupConfiguration",
"rds:DescribeCharacterSetName",
"rds:ModifySecurityIps",
"dds:DescribeDBInstances",
"dds:DescribeDBInstanceAttribute",
"dds:DescribeSecurityIps",
"dds:ModifySecurityIps",
"polardb:DescribeDBClusters",
"polardb:DescribeDBClusterAttribute",
"polardb:DescribeDBClusterEndpoints",
"polardb:DescribeDBClusterAccessWhitelist",
"polardb:DescribeCharacterSetName",
"polardb:ModifyDBClusterAccessWhitelist",
"polardb:DescribeDBClusterIPArrayList",
"polardb:DescribeDBClusterNetInfo",
"polardb:DescribeRegions",
"polardb:ModifySecurityIps"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"alikafka:PUB",
"alikafka:CreateGroup",
"alikafka:DeleteGroup"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"emr:ListClusters",
"emr:GetCluster",
"emr:ListNodes"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"adb:CreateAccount",
"adb:ModifyAccountPrivileges",
"adb:DescribeDBClusterAttribute",
"adb:DescribeDBClusters",
"adb:DescribeRegions",
"adb:DescribeDBClusterNetInfo",
"adb:DescribeDBClusterAccessWhiteList",
"adb:ModifyDBClusterAccessWhiteList",
"adb:ModifyClusterAccessWhiteList",
"adb:DescribeDBClusterPerformance"
],
"Resource": "*"
},
{
"Action": [
"cr:GetAuthorizationToken",
"cr:PullRepository"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"fc:InvokeFunction"
],
"Resource": "*",
"Effect": "Allow"
}
]
}相关文档
反馈
- 本页导读 (1)
文档反馈