AliyunServiceRolePolicyForFC 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForFC 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2025-06-03 18:31:06
更新时间:2025-07-29 12:01:29
当前版本:v8
策略内容
{
"Version": "1",
"Statement": [
{
"Action": [
"vpc:DescribeVSwitchAttributes",
"vpc:DescribeVpcAttribute",
"vpc:DescribeVSwitches"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:CreateNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribeSecurityGroups",
"ecs:CreateNetworkInterfacePermission",
"ecs:DeleteNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:DescribeSecurityGroupAttribute",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:TagResources",
"ecs:ListTagResources"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cr:PullRepository",
"cr:GetArtifactTag",
"cr:GetAuthorizationToken",
"cr:GetRepository",
"cr:GetRepositoryTag",
"cr:ListRepositoryTag",
"cr:GetRepoTagManifest",
"cr:GetRepositoryManifest",
"cr:GetInstanceVpcEndpoint",
"cr:GetInstance",
"cr:ListInstance",
"cr:GetNamespace",
"cr:GetArtifactBuildRule",
"cr:CreateArtifactBuildTask"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"fc:InvokeFunction",
"eventbridge:PutEvents",
"mq:PUB",
"mq:OnsInstanceBaseInfo",
"mns:SendMessage",
"mns:PublishMessage",
"fnf:ReportTaskSucceeded",
"fnf:ReportTaskFailed"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"log:CreateProject",
"log:CreateLogStore",
"log:GetProject",
"log:GetLogStore",
"log:DeleteProject",
"log:DeleteLogStore",
"log:GetLogStoreLogs"
],
"Resource": [
"acs:log:*:*:project/aliyun-fc-*",
"acs:log:*:*:project/*/logstore/function-log*"
],
"Effect": "Allow"
},
{
"Action": [
"log:PostLogStoreLogs"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ram:GetRole"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"ram:ServiceName": "fc.aliyuncs.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"oss:DeleteBucketEventNotification",
"oss:PutBucketEventNotification",
"oss:GetBucketEventNotification",
"oss:GetBucketAcl",
"oss:ListBuckets"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"log:CreateETLJob",
"log:UpdateETLJob",
"log:DeleteETLJob",
"log:GetETLJob"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ots:GetTrigger",
"ots:CreateTrigger",
"ots:DeleteTrigger"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cdn:DescribeFCTrigger",
"cdn:UpdateFCTrigger",
"cdn:AddFCTrigger",
"cdn:DeleteFCTrigger"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"mns:Subscribe",
"mns:Unsubscribe",
"mns:GetSubscriptionAttributes"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"eventbridge:GetEventBus",
"eventbridge:ListEventBuses",
"eventbridge:CreateEventBus",
"eventbridge:DeleteEventBus",
"eventbridge:CreateEventSource",
"eventbridge:DeleteEventSource",
"eventbridge:UpdateEventSource",
"eventbridge:ListUserDefinedEventSources",
"eventbridge:ListPartnerEventSources",
"eventbridge:ListAliyunOfficialEventSources",
"eventbridge:GetRule",
"eventbridge:ListRules",
"eventbridge:CreateRule",
"eventbridge:DeleteRule",
"eventbridge:DisableRule",
"eventbridge:UpdateRule",
"eventbridge:CreateTargets",
"eventbridge:DeleteTargets",
"eventbridge:GetEventStreaming",
"eventbridge:CreateEventStreaming",
"eventbridge:DeleteEventStreaming",
"eventbridge:PauseEventStreaming",
"eventbridge:StartEventStreaming",
"eventbridge:UpdateEventStreaming",
"eventbridge:ListEventStreamings"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"alb:ListServerGroupServers",
"alb:DeleteServerGroup",
"alb:CreateServerGroup",
"alb:RemoveServersFromServerGroup",
"alb:AddServersToServerGroup",
"alb:ListRules",
"alb:CreateRule",
"alb:DeleteRule"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ram:PassRole",
"Resource": "acs:ram::*:role/*",
"Condition": {
"StringEquals": {
"acs:Service": [
"log.aliyuncs.com",
"ots.aliyuncs.com"
]
}
}
}
]
}相关文档
该文章对您有帮助吗?