AliyunServiceRolePolicyForEfloVcc 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForEfloVcc 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2025-10-23 15:20:48
更新时间:2025-10-23 15:20:48
当前版本:v1
策略内容
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:CreateNetworkInterface",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:CreateSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:RevokeSecurityGroup",
"ecs:RevokeSecurityGroupEgress",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSecurityGroupAttribute",
"ecs:ModifyInstanceAttribute",
"ecs:ModifyNetworkInterfaceAttribute"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribeVpcAttribute",
"vpc:DescribeVSwitches",
"vpc:DescribeVSwitchAttributes",
"vpc:ConfirmPhysicalConnection",
"vpc:CreateVirtualBorderRouter",
"vpc:DeleteVirtualBorderRouter",
"vpc:DescribeVirtualBorderRouters",
"vpc:CreateBgpGroup",
"vpc:DeleteBgpGroup",
"vpc:DescribeBgpGroups",
"vpc:CreateBgpPeer",
"vpc:DeleteBgpPeer",
"vpc:DescribeBgpPeers",
"cen:AttachCenChildInstance",
"cen:DetachCenChildInstance",
"vpc:DescribeRouteEntryList",
"vpc:AddBgpNetwork",
"vpc:DeleteBgpNetwork",
"vpc:DescribeBgpNetworks",
"vpc:TerminatePhysicalConnection",
"vpc:RecoverPhysicalConnection",
"vpc:DeletePhysicalConnection",
"vpc:OpenPhysicalConnectionService",
"vpc:GetPhysicalConnectionServiceStatus",
"vpc:DescribePhysicalConnections",
"vpc:CreatePhysicalConnectionOccupancyOrder",
"vpc:UpdateVirtualPhysicalConnection",
"vpc:CreateRouterInterface",
"vpc:DeleteRouterInterface",
"vpc:DeactivateRouterInterface",
"vpc:DescribeRouterInterfaces",
"vpc:DescribeRouteTableList",
"vpc:CreateRouteEntries",
"vpc:DeleteRouteEntries",
"vpc:CreateRouteEntry",
"vpc:DeleteRouteEntry",
"vpc:DescribeGrantRulesToCen",
"vpc:GrantInstanceToCen",
"vpc:RevokeInstanceFromCen",
"vpc:CreatePhysicalConnectionNew",
"vpc:ModifyVirtualBorderRouterAttribute",
"vpc:AssociatePhysicalConnectionToVirtualBorderRouter",
"vpc:UnassociatePhysicalConnectionFromVirtualBorderRouter",
"bssapi:SetRenewal",
"vpc:CancelPhysicalConnection"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cen:CreateTransitRouterRouteEntry",
"cen:ListTransitRouterRouteEntries",
"cen:DeleteTransitRouterRouteEntry",
"cen:ResolveAndRouteServiceInCen",
"cen:DescribeRouteServicesInCen",
"cen:DeleteRouteServiceInCen",
"cen:CreateTransitRouterVbrAttachment",
"cen:DeleteTransitRouterVbrAttachment",
"cen:ListTransitRouterVbrAttachments",
"cen:ListTransitRouterVpcAttachments",
"cen:DisableTransitRouterRouteTablePropagation",
"cen:EnableTransitRouterRouteTablePropagation",
"cen:ListTransitRouterRouteTablePropagations",
"cen:AssociateTransitRouterAttachmentWithRouteTable",
"cen:DissociateTransitRouterAttachmentFromRouteTable",
"cen:ListTransitRouterRouteTableAssociations",
"cen:ListTransitRouterRouteTables",
"cen:ListTransitRouters",
"cen:ListTransitRouterAvailableResource",
"cen:ResolveAndRouteServiceInCen",
"cen:DescribeRouteServicesInCen",
"cen:DeleteRouteServiceInCen",
"cen:DescribeCenAttachedChildInstances",
"cen:DescribeCenAttachedChildInstanceAttribute",
"cen:DescribeCens"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ros:ListStacks",
"ros:GetStack",
"ros:ListStackEvents",
"ros:ListStackResources",
"ros:GetStackResource",
"ros:CreateStack",
"ros:DeleteStack",
"ros:PreviewStack"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "vcc.eflo.aliyuncs.com"
}
}
}
]
}相关文档
该文章对您有帮助吗?