AliyunServiceRolePolicyForMagic 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForMagic 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2026-04-15 15:21:56
更新时间:2026-04-29 07:51:47
当前版本:v23
策略内容
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:PutBucket",
"oss:ListOssBucket",
"oss:ListBuckets",
"oss:GetBucketAcl",
"oss:PutBucketTagging"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cms:PutWorkspace",
"ram:CreateServiceLinkedRole",
"cms:CreateEntityStore",
"cms:CreateUmodel",
"cms:ListWorkspaces",
"log:GetLogStoreLogs"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"airegistry:GetNamespace",
"airegistry:ListNamespaces",
"airegistry:ListSkills",
"airegistry:Read",
"airegistry:Write",
"mse:ListSkills",
"airegistry:GetSkillDetail",
"mse:GetSkillDetail",
"airegistry:GetSkillVersionDetail",
"mse:GetSkillVersionDetail",
"airegistry:CreateSkillDraft",
"mse:CreateSkillDraft",
"airegistry:UpdateSkillDraft",
"mse:UpdateSkillDraft",
"airegistry:DeleteSkillDraft",
"mse:DeleteSkillDraft",
"airegistry:DownloadSkillVersion",
"mse:DownloadSkillVersion"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"oss:GetObject",
"oss:GetObjectAcl",
"oss:GetObjectTagging",
"oss:DeleteObject",
"oss:DeleteObjectTagging",
"oss:PutObject",
"oss:PutObjectAcl",
"oss:PutObjectTagging",
"oss:RestoreObject",
"oss:ListObjects",
"oss:ListObjectVersions"
],
"Resource": "acs:oss:*:*:hiclaw-*"
},
{
"Effect": "Allow",
"Action": [
"apig:CreateGateway",
"apig:DeleteGateway",
"apig:GetGateway",
"apig:GetConsumer",
"apig:BatchDeleteConsumerAuthorizationRule",
"apig:CreateConsumer",
"apig:CreateConsumerAuthorizationRule",
"apig:CreateConsumerAuthorizationRules",
"apig:DeleteConsumer",
"apig:DeleteConsumerAuthorizationRule",
"apig:GetConsumerAuthorizationRule",
"apig:ListConsumerAuthorizationRules",
"apig:QueryConsumerAuthorizationRules",
"apig:RemoveConsumerAuthorizationRule",
"apig:UpdateConsumer",
"apig:UpdateConsumerAuthorizationRule",
"apig:ListConsumers",
"apig:CreateService",
"apig:CreateHttpApi",
"apig:UpdateService",
"apig:DeleteHttpApi",
"apig:DeleteService",
"apig:ListHttpApis",
"apig:ListServices",
"apig:DeployHttpApi",
"apig:CreateHttpApiRoute",
"apig:CreatePolicy",
"apig:CreatePolicyAttachment",
"apig:DeletePolicy",
"apig:ListHttpApiRoutes",
"apig:UpdateHttpApiRoute",
"apig:CreateMcpServer",
"apig:DeployMcpServer",
"apig:GetMcpServer",
"apig:ImportHttpApi",
"apig:ListPluginClasses",
"apig:CreatePluginAttachment",
"apig:CreateAndAttachPolicy",
"apig:UpdateMcpServer",
"apig:UpdatePluginAttachment",
"apig:ListPolicies",
"apig:UpdateAndAttachPolicy",
"apig:UnDeployMcpServer",
"apig:DeleteMcpServer",
"apig:ListMcpServers",
"apig:ListDomains",
"apig:CreateDomain",
"apig:GetHttpApi",
"apig:GetService",
"apig:GetEnvironment",
"apig:UpdateHttpApi",
"apig:InvokeHttpApi",
"apig:ListSslCerts",
"apig:UpdateDomain",
"apig:UndeployHttpApi"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ecs:BatchValidateSecurityGroup",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroupReferences",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSecurityGroupSnapshotAttributes",
"ecs:ValidateSecurityGroup",
"ecs:ApplySecurityGroupSnapshot",
"ecs:AssociateSecurityGroupSnapshotPolicy",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:ConfigureSecurityGroupPermissions",
"ecs:CreateSecurityGroup",
"ecs:CreateSecurityGroupSnapshotPolicy",
"ecs:DeleteSecurityGroup",
"ecs:DeleteSecurityGroupSnapshotPolicy",
"ecs:ModifySecurityGroupAttribute",
"ecs:ModifySecurityGroupEgressRule",
"ecs:ModifySecurityGroupPolicy",
"ecs:ModifySecurityGroupRule",
"ecs:ModifySecurityGroupSnapshotPolicy",
"ecs:RevokeSecurityGroup",
"ecs:RevokeSecurityGroupEgress",
"ecs:UnassociateSecurityGroupSnapshotPolicy",
"ecs:DescribeSecurityGroupSnapshotPolicies",
"ecs:DescribeSecurityGroupSnapshots",
"ecs:DescribeSnapshotPolicyAssociatedSecurityGroups",
"ecs:DescribeNetworkInterfaces",
"ecs:CreateNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:CreateNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:DeleteNetworkInterfacePermission",
"ecs:DescribeNetworkInterfaceAttribute",
"ecs:AddTags",
"ecs:DescribeEipAddresses",
"ecs:ListTagResources"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"vpc:DescribeVSwitchAttributes",
"vpc:DescribeVpcs"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"privatelink:CreateVpcEndpoint",
"privatelink:DeleteVpcEndpoint",
"privatelink:UpdateVpcEndpointAttribute",
"privatelink:GetVpcEndpointAttribute",
"privatelink:ListVpcEndpointServicesByEndUser"
],
"Resource": "*"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "magic.aliyuncs.com"
}
}
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "privatelink.aliyuncs.com"
}
}
}
]
}相关文档
该文章对您有帮助吗?