AI 助理
备案控制台
官方文档
输入文档关键字查找
首页 访问控制 开发参考 系统策略参考 AliyunServiceRolePolicyForESAMssp

AliyunServiceRolePolicyForESAMssp

更新时间:
产品详情
我的收藏

AliyunServiceRolePolicyForESAMssp 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForESAMssp 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。

策略详情

  • 类型:系统策略

  • 创建时间:2025-07-14 16:05:20

  • 更新时间:2025-07-14 16:05:20

  • 当前版本:v1

策略内容

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "esa:Check*",
        "esa:Describe*",
        "esa:Get*",
        "esa:List*",
        "esa:Transform*",
        "esa:*Waf*",
        "esa:*Ddos*",
        "esa:*DDoS*",
        "esa:UpdateCustomScenePolicy"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "log:GetConfig",
        "log:GetIndex",
        "log:GetCursor",
        "log:GetCursorTime",
        "log:GetLogStore",
        "log:GetProject",
        "log:GetSavedSearch",
        "log:ListSavedsearch",
        "log:GetSlsService",
        "log:GetAlert",
        "log:ListAlert",
        "log:GetLogs",
        "log:GetHistograms",
        "log:GetLogging",
        "log:GetLogStoreLogs",
        "log:GetProjectLogs",
        "log:ListLogStores",
        "log:ListProject",
        "log:ListConfig",
        "log:ListDomains"
      ],
      "Resource": [
        "acs:log:*:*:project/esa-mss-security-alert/logstore/*",
        "acs:log:*:*:project/esa-access-log-cn/logstore/*",
        "acs:log:*:*:project/esa-security-log-cn/logstore/*",
        "acs:log:*:*:project/esa-access-log/logstore/*",
        "acs:log:*:*:project/esa-security-log/logstore/*"
      ]
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "esa.mssp.aliyuncs.com"
        }
      }
    }
  ]
}

相关文档

上一篇:AliyunServiceRolePolicyForDysmsLog下一篇:AliyunServiceRolePolicyForESAEdgeImage