AliyunServiceRolePolicyForConfig 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForConfig 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2020-02-28 03:51:12
更新时间:2023-07-24 08:47:17
当前版本:v57
策略内容
{
"Version": "1",
"Statement": [
{
"Effect": "Deny",
"Action": [
"arms:GetPrometheusApiToken"
],
"Resource": "*"
},
{
"Action": [
"alikafka:List*",
"alikafka:Get*",
"cr:List*",
"cr:GetInstance",
"cr:GetNamespace",
"cr:GetRepository",
"oceanbase:Describe*",
"oceanbase:List*",
"bpstudio:Get*",
"bpstudio:List*",
"opensearch:List*",
"opensearch:Describe*",
"smartag:Describe*",
"smartag:List*",
"smartag:Get*",
"alb:List*",
"alb:Get*",
"emr:List*",
"emr:Describe*",
"iot:List*",
"iot:Get*",
"iot:Query*",
"eventbridge:Get*",
"eventbridge:List*",
"*:ListTagResources",
"ecs:Describe*",
"ess:Describe*",
"vpc:Describe*",
"vpc:List*",
"vpc:Get*",
"rds:DescribeDBInstance*",
"rds:DescribeRegions",
"rds:DescribeBackup*",
"rds:DescribeParameters",
"rds:DescribeSQLCollector*",
"rds:DescribeActionEventPolicy",
"rds:DescribeParameterGroup*",
"rds:DescribeGadInstance*",
"rds:DescribeInstanceAutoRenewalAttribute",
"rds:DescribeSecurityGroupConfiguration",
"slb:Describe*",
"*:DescribeTags",
"oss:GetService",
"oss:GetBucket*",
"oss:ListBuckets",
"oss:ListObjects",
"oss:GetObjectAcl",
"ram:List*",
"ram:Get*",
"actiontrail:LookupEvents",
"actiontrail:Describe*",
"actiontrail:Get*",
"actiontrail:List*",
"ots:BatchGet*",
"ots:Describe*",
"ots:Get*",
"ots:List*",
"ocs:Describe*",
"cms:Get*",
"cms:List*",
"cms:Query*",
"cms:BatchQuery*",
"cms:Describe*",
"kvstore:Describe*",
"fc:Get*",
"fc:List*",
"kms:DescribeKey",
"kms:DescribeRegions",
"kms:ListAliases",
"kms:ListAliasesByKeyId",
"kms:ListKeys",
"kms:DescribeKeyVersion",
"kms:ListKeyVersions",
"kms:GenerateDataKey",
"kms:Decrypt",
"kms:Encrypt",
"kms:ListResourceTags",
"kms:ListKmsInstances",
"kms:GetKmsInstance",
"cdn:Describe*",
"yundun*:Get*",
"yundun*:Describe*",
"yundun*:Query*",
"yundun*:List*",
"polardb:Describe*",
"dds:Describe*",
"cen:Describe*",
"cen:List*",
"mns:List*",
"mns:Get*",
"composer:DescribeFlow",
"composer:List*",
"composer:Get*",
"nas:Describe*",
"nas:Get*",
"hbase:Describe*",
"hbase:Get*",
"hbase:List*",
"hbase:Query*",
"cs:CheckControlPlaneLogEnable",
"cs:Get*",
"cs:List*",
"cs:Describe*",
"dms:List*",
"dms:Get*",
"mq:OnsInstanceInServiceList",
"mq:OnsInstanceBaseInfo",
"mq:OnsTopicList",
"mq:OnsGroupList",
"mq:QueryInstanceBaseInfo",
"mq:PUB",
"mq:SUB",
"alidns:Describe*",
"alidns:List*",
"mse:Query*",
"mse:List*",
"ros:Describe*",
"ros:Get*",
"ros:List*",
"elasticsearch:List*",
"elasticsearch:Describe*",
"dcdn:Describe*",
"hcs-sgw:Describe*",
"eci:Describe*",
"kms:ListSecrets",
"kms:DescribeSecret",
"privatelink:List*",
"privatelink:Get*",
"brain-industrial:List*",
"brain-industrial:Get*",
"imagesearch:List*",
"imagesearch:Describe*",
"hitsdb:Describe*",
"apigateway:Describe*",
"sas:DescribeGroupedVul",
"sas:DescribeFieldStatistics",
"cmn:List*",
"cmn:Get*",
"ledgerdb:Describe*",
"pvtz:Describe*",
"oos:Search*",
"oos:List*",
"oos:Get*",
"adb:Describe*",
"edas:Read*",
"drds:Describe*",
"gpdb:Describe*",
"log:ListProject",
"log:GetProject",
"log:ListLogStores",
"log:GetLogStore",
"dts:Describe*",
"arms:Get*",
"arms:List*",
"arms:Describe*",
"arms:Search*",
"arms:Check*",
"arms:Query*",
"polardbx:Describe*",
"hbr:Describe*",
"live:Describe*",
"vod:Describe*",
"vod:List*",
"vod:Get*",
"lindorm:Get*",
"ga:List*",
"ga:Describe*",
"ga:Get*",
"searchengine:Get*",
"searchengine:List*",
"smc:Describe*",
"dysms:QuerySmsTemplate*",
"dysms:ListTagResources",
"ddi:List*",
"ddi:Describe*",
"cloudsso:List*",
"cloudsso:Get*",
"baas:DescribeFabricOrganizations",
"baas:DescribeFabricOrganization",
"baas:DescribeFabricConsortiums",
"cloudphone:List*",
"scdn:Describe*",
"mse:Get*",
"dm:QueryTemplate*",
"dm:DescTemplate*",
"dm:QueryDomain*",
"dm:DescDomain*",
"fnf:List*",
"fnf:Describe*",
"ebs:Describe*",
"rocketmq:List*",
"rocketmq:Get*",
"resourcemanager:Get*",
"resourcemanager:List*",
"resourcesharing:List*",
"domain:Query*",
"dyvms:List*",
"dbs:Describe*",
"clickhouse:Describe*",
"dhs:List*",
"dhs:Get*",
"gdb:Describe*",
"gdb:List*",
"eipanycast:List*",
"eipanycast:Describe*",
"eais:Describe*",
"odps:List*",
"odps:Get*",
"dataworks:List*",
"dataworks:Get*",
"cen:List*",
"cen:Get*",
"cs:Describe*",
"yundun-cert:List*",
"yundun-cert:Get*",
"nlb:List*",
"nlb:Get*",
"yundun-waf:Describe*",
"hologram:Get*",
"hologram:List*",
"swas:List*",
"swas-open:List*",
"computenest:Get*",
"computenest:List*",
"eiam:Get*",
"eiam:List*",
"quotas:Get*",
"quotas:List*",
"bssapi:QueryAvailableInstances",
"dfs:Get*",
"dfs:List*",
"dfs:Describe*",
"acc:Describe*",
"dysms:MessageTemplateQueryPage"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oss:PutObject",
"fc:InvokeFunction",
"mns:PublishMessage",
"composer:GroupInvokeFlow",
"composer:CreateFlow",
"log:PostLogStoreLogs",
"resourcecenter:EnableResourceCenter"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"config:*"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "config.aliyuncs.com"
}
}
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "rmc.resourcemanager.aliyuncs.com"
}
}
}
]
}相关文档
反馈
- 本页导读 (1)
文档反馈