AliyunServiceRolePolicyForHbrRd 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForHbrRd 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2025-11-24 14:00:32
更新时间:2025-11-24 14:00:32
当前版本:v1
策略内容
{
"Version": "1",
"Statement": [
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "rd.hbr.aliyuncs.com"
}
}
},
{
"Action": [
"hbr:ClientSendMessage",
"hbr:ClientReceiveMessage"
],
"Resource": "acs:hbr:*:*:messageClient/*",
"Effect": "Allow"
},
{
"Action": [
"ecs:RunCommand",
"ecs:CreateCommand",
"ecs:InvokeCommand",
"ecs:DeleteCommand",
"ecs:DescribeCommands",
"ecs:StopInvocation",
"ecs:DescribeInvocationResults",
"ecs:DescribeCloudAssistantStatus",
"ecs:DescribeInstances",
"ecs:DescribeInstanceRamRole",
"ecs:DescribeInvocations",
"ecs:CreateSnapshotGroup",
"ecs:DescribeSnapshotGroups",
"ecs:DeleteSnapshotGroup",
"ecs:CopySnapshot",
"ecs:DescribeSnapshotLinks",
"ecs:UntagResources",
"ecs:ModifySnapshotCategory",
"ecs:DescribeSecurityGroups",
"ecs:DescribeImages",
"ecs:CreateImage",
"ecs:DeleteImage",
"ecs:DescribeSnapshots",
"ecs:CreateSnapshot",
"ecs:ModifySnapshotAttribute",
"ecs:DeleteSnapshot",
"ecs:DescribeSnapshotLinks",
"ecs:DescribeAvailableResource",
"ecs:ModifyInstanceAttribute",
"ecs:CreateInstance",
"ecs:DeleteInstance",
"ecs:AllocatePublicIpAddress",
"ecs:CreateDisk",
"ecs:DescribeDisks",
"ecs:AttachDisk",
"ecs:DetachDisk",
"ecs:DeleteDisk",
"ecs:ResetDisk",
"ecs:StartInstance",
"ecs:StopInstance",
"ecs:ReplaceSystemDisk",
"ecs:ModifyResourceMeta",
"ecs:TagResources",
"ecs:GetSnapshotInfo",
"ecs:GetSnapshotBlock",
"ecs:ListSnapshotBlocks",
"ecs:ListChangedBlocks"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:AttachInstanceRamRole",
"ecs:DetachInstanceRamRole"
],
"Resource": [
"acs:ecs:*:*:instance/*",
"acs:ram:*:*:role/aliyunecsaccessinghbrrole"
],
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"nas:DescribeFileSystems",
"nas:CreateMountTargetSpecial",
"nas:DeleteMountTargetSpecial",
"nas:CreateMountTarget",
"nas:DeleteMountTarget",
"nas:DescribeMountTargets",
"nas:DescribeAccessGroups",
"nas:CreateAccessGroup",
"nas:CreateAccessRule",
"nas:DescribeSmbAcl",
"nas:DescribeAccessRules"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oss:ListBuckets",
"oss:GetBucketTagging",
"oss:GetBucketInventory",
"oss:HeadBucket",
"oss:GetBucket",
"oss:GetBucketAcl",
"oss:GetBucketLocation",
"oss:GetBucketInfo",
"oss:GetBucketStat",
"oss:GetBucketVersioning",
"oss:ListObjects"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oss:PutObject",
"oss:CopyObject",
"oss:GetObject",
"oss:AppendObject",
"oss:GetObjectMeta",
"oss:PutObjectACL",
"oss:GetObjectACL",
"oss:PutObjectTagging",
"oss:GetObjectTagging",
"oss:InitiateMultipartUpload",
"oss:UploadPart",
"oss:UploadPartCopy",
"oss:CompleteMultipartUpload",
"oss:AbortMultipartUpload",
"oss:ListMultipartUploads",
"oss:ListParts",
"oss:DeleteObject"
],
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEqualsIgnoreCase": {
"oss:BucketSysTag/acs:hbr:backup": "true"
}
}
},
{
"Action": [
"ots:ListInstance",
"ots:GetInstance",
"ots:ListTable",
"ots:CreateTable",
"ots:UpdateTable",
"ots:DescribeTable",
"ots:BatchWriteRow",
"ots:CreateTunnel",
"ots:DeleteTunnel",
"ots:ListTunnel",
"ots:DescribeTunnel",
"ots:ConsumeTunnel",
"ots:GetRange",
"ots:ListStream",
"ots:DescribeStream",
"ots:CreateIndex",
"ots:CreateSearchIndex",
"ots:DescribeSearchIndex",
"ots:ListSearchIndex"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "bssapi:QueryAvailableInstances",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cms:QueryMetricList"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kms:ListKeys",
"kms:ListAlias"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"tag:ListResourcesByTag",
"tag:ListTagResources",
"tag:ListTagKeys",
"tag:ListTagValues"
],
"Resource": "*",
"Effect": "Allow"
}
]
}相关文档
该文章对您有帮助吗?