AliyunServiceRolePolicyForDevCloud 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForDevCloud 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2024-01-05 14:29:41
更新时间:2024-01-05 14:29:41
当前版本:v1
策略内容
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:RunInstances",
"ecs:DeleteInstance",
"ecs:DescribeInstances",
"ecs:DescribeInstanceStatus",
"ecs:DescribeImages",
"ecs:StopInstance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:DescribeSecurityGroups",
"ecs:CreateSecurityGroup",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:RevokeSecurityGroup",
"ecs:RevokeSecurityGroupEgress",
"ecs:JoinSecurityGroup",
"ecs:LeaveSecurityGroup",
"ecs:DescribeSecurityGroupAttribute",
"ecs:ModifySecurityGroupAttribute",
"ecs:ModifySecurityGroupRule",
"ecs:ModifySecurityGroupEgressRule",
"ecs:DeleteSecurityGroup"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVSwitches",
"vpc:AssociateEipAddress",
"vpc:ReleaseEipAddress",
"vpc:DescribeEipAddresses",
"vpc:DescribeIpv6Addresses",
"vpc:DescribeVpcs",
"vpc:CreateVpc",
"vpc:DeleteVpc",
"vpc:CreateVSwitch",
"vpc:DeleteVSwitch"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"rds:DescribeDBInstanceAttribute",
"rds:CreateDBInstance",
"rds:DescribeDBInstances",
"rds:StopDBInstance",
"rds:StartDBInstance",
"rds:DeleteDBInstance",
"rds:AllocateInstancePublicConnection",
"rds:ReleaseInstanceConnection",
"rds:AddTagsToResource",
"rds:TagResources",
"rds:ListTagResources",
"rds:DescribeTags",
"rds:DescribeDBInstanceByTags",
"rds:UntagResources",
"rds:RemoveTagsFromResource",
"rds:DescribeDatabases",
"rds:DescribeResourceUsage",
"rds:DescribeDBInstancePerformance",
"rds:DescribeDBInstanceNetInfo"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oss:DeleteAccessPoint",
"oss:DeleteAccessPointPolicy",
"oss:DeleteBucket",
"oss:DeleteBucketCors",
"oss:DeleteBucketEncryption",
"oss:DeleteBucketInventory",
"oss:DeleteBucketLifecycle",
"oss:DeleteBucketLogging",
"oss:DeleteBucketPolicy",
"oss:DeleteBucketReplication",
"oss:DeleteBucketTagging",
"oss:DeleteBucketWebsite",
"oss:DeleteLiveChannel",
"oss:DeleteObject",
"oss:DeleteObjectTagging",
"oss:DeleteStyle",
"oss:ListObjects",
"oss:ListBuckets",
"oss:ActivateProduct",
"oss:PutBucket",
"oss:PutBucketTagging",
"oss:GetBucketTagging",
"oss:ListObjectVersions"
],
"Resource": [
"acs:oss:*:*:adc-lab-*",
"acs:oss:*:*:adc-lab-*/"
],
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"oss:OpenOssService"
],
"Resource": "*"
},
{
"Action": [
"ros:GetStack",
"ros:DeleteStack",
"ros:CreateStack",
"ros:UpdateStack",
"ros:CancelUpdateStack",
"ros:GetStackResource",
"ros:ListStackResources",
"ros:ListResourceTypes",
"ros:GetTemplate",
"ros:ValidateTemplate",
"ros:ListStackEvents",
"ros:DetectStackDrift",
"ros:GetStackDriftDetectionStatus",
"ros:ListStackResourceDrifts",
"ros:UpdateStackTemplateByResources",
"ros:GetStackPolicy",
"ros:ListStackOperationRisks",
"ros:ListStacks",
"ros:GetTemplateParameterConstraints",
"ros:GetTemplateEstimateCost"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "bss:InstanceOperationExpire",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "bss:InstanceOperationReleased",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "devcloud.aliyuncs.com"
}
}
}
]
}相关文档
反馈
- 本页导读 (1)
文档反馈