AliyunServiceRolePolicyForNativeApiGw 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForNativeApiGw 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2024-06-05 14:33:45
更新时间:2024-06-05 14:33:45
当前版本:v1
策略内容
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cs:DescribeClusterDetail",
"cs:DescribeClusterInnerServiceKubeconfig",
"cs:RevokeClusterInnerServiceKubeconfig",
"cs:GetUserConfig",
"cs:DescribeClusterUserKubeconfig",
"cs:GetClusterById",
"cs:GetClustersByUid",
"cs:DescribeClustersV1",
"cs:ListClusters",
"cs:GetClusters",
"cs:DescribeClusterNodePools"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"fc:ListAliases",
"fc:ListServices",
"fc:ListServiceVersions",
"fc:ListFunctions",
"fc:ListFunctionVersions",
"fc:ListTriggers",
"fc:InvokeFunction",
"fc:CreateFunction",
"fc:DeleteFunction",
"fc:GetFunctionCode",
"fc:GetFunction"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"yundun-waf:DeleteCloudResourceProtection",
"yundun-waf:CreateCloudResourceProtection",
"yundun-waf:DescribeInstanceCompatible",
"yundun-waf:CreateInstance"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"sae:DescribeNamespaces",
"sae:DescribeNamespaceResources",
"sae:ListApplications",
"sae:DescribeApplicationConfig"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"slb:SetLoadBalancerName",
"slb:CreateLoadBalancer",
"slb:AddBackendServers",
"slb:SetBackendServers",
"slb:RemoveBackendServers",
"slb:CreateLoadBalancerTCPListener",
"slb:DescribeLoadBalancerTCPListenerAttribute",
"slb:SetLoadBalancerTCPListenerAttribute",
"slb:CreateLoadBalancerHTTPListener",
"slb:DescribeLoadBalancerHTTPListenerAttribute",
"slb:SetLoadBalancerHTTPListenerAttribute",
"slb:CreateLoadBalancerHTTPSListener",
"slb:DescribeLoadBalancerHTTPSListenerAttribute",
"slb:SetLoadBalancerHTTPSListenerAttribute",
"slb:StartLoadBalancerListener",
"slb:StopLoadBalancerListener",
"slb:DeleteLoadBalancerListener",
"slb:DescribeLoadBalancers",
"slb:DescribeLoadBalancerAttribute",
"slb:DescribeHealthStatus",
"slb:CreateLoadBalancerForCloudService",
"slb:DeleteLoadBalancer",
"slb:ModifyLoadBalancerInternetSpec",
"slb:RemoveTags",
"slb:AddTags",
"slb:SetLoadBalancerUDPListenerAttribute",
"slb:CreateLoadBalancerUDPListener",
"slb:CreateVServerGroup",
"slb:DeleteVServerGroup",
"slb:SetVServerGroupAttribute",
"slb:ModifyVServerGroupBackendServers",
"slb:AddVServerGroupBackendServers",
"slb:ModifyLoadBalancerInstanceChargeType",
"slb:ModifyLoadBalancerInstanceSpec",
"slb:ModifyLoadBalancerInternetSpec",
"slb:RemoveVServerGroupBackendServers",
"slb:SetLoadBalancerModificationProtection",
"slb:SetLoadBalancerDeleteProtection",
"slb:DescribeLoadBalancerUDPListenerAttribute ",
"slb:DescribeTags",
"slb:DescribeVServerGroups",
"slb:DescribeVServerGroupAttribute",
"slb:DescribeLoadBalancerListeners",
"slb:ListTagResources",
"slb:TagResources",
"slb:UntagResources"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"edas:ReadNamespace",
"edas:ReadService",
"edas:ListUserDefineRegion"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ecs:CreateSecurityGroup",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:RevokeSecurityGroup",
"ecs:RevokeSecurityGroupEgress",
"ecs:DeleteSecurityGroup",
"ecs:JoinSecurityGroup",
"ecs:LeaveSecurityGroup",
"ecs:DescribeSecurityGroups",
"ecs:DescribeInstances",
"ecs:CreateNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:CreateNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:DeleteNetworkInterfacePermission",
"ecs:DescribeSecurityGroupAttribute",
"ecs:AddTags",
"ecs:DescribeEipAddresses",
"ecs:DescribeNetworkInterfaceAttribute",
"ecs:ModifyNetworkInterfaceAttribute",
"ecs:AssignPrivateIpAddresses",
"ecs:UnassignPrivateIpAddresses",
"ecs:AssignIpv6Addresses",
"ecs:UnassignIpv6Addresses",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:ListTagResources"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"vpc:AllocateEipAddress",
"vpc:AllocateEipAddressPro",
"vpc:DescribeEipAddresses",
"vpc:AssociateEipAddress",
"vpc:UnassociateEipAddress",
"vpc:ReleaseEipAddress",
"vpc:ModifyEipAddressAttribute",
"vpc:ModifyBypassToaAttribute",
"vpc:AddCommonBandwidthPackageIp",
"vpc:RemoveCommonBandwidthPackageIp",
"vpc:TagResources",
"vpc:DescribeVSwitches",
"vpc:DescribeVSwitchAttributes",
"vpc:DescribeVpcs",
"vpc:CreateVSwitch",
"vpc:DescribeVpcAttribute",
"vpc:DescribeVRouters",
"vpc:DescribeRouteTables",
"vpc:DescribeRouteEntryList"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"mse:ListAnsServices",
"mse:ListEngineNamespaces",
"mse:ListClusters",
"mse:QueryConfig",
"mse:QueryClusterInfo"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"nlb:TagResources",
"nlb:UnTagResources",
"nlb:ListTagResources",
"nlb:CreateLoadBalancer",
"nlb:DeleteLoadBalancer",
"nlb:GetLoadBalancerAttribute",
"nlb:ListLoadBalancers",
"nlb:UpdateLoadBalancerAttribute",
"nlb:UpdateLoadBalancerAddressTypeConfig",
"nlb:UpdateLoadBalancerZones",
"nlb:CreateListener",
"nlb:DeleteListener",
"nlb:ListListeners",
"nlb:UpdateListenerAttribute",
"nlb:StopListener",
"nlb:StartListener",
"nlb:GetListenerAttribute",
"nlb:GetListenerHealthStatus",
"nlb:CreateServerGroup",
"nlb:DeleteServerGroup",
"nlb:UpdateServerGroupAttribute",
"nlb:AddServersToServerGroup",
"nlb:RemoveServersFromServerGroup",
"nlb:UpdateServerGroupServersAttribute",
"nlb:ListServerGroups",
"nlb:ListServerGroupServers",
"nlb:LoadBalancerLeaveSecurityGroup",
"nlb:LoadBalancerJoinSecurityGroup",
"nlb:GetJobStatus",
"nlb:UpdateLoadBalancerProtection"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"arms:OpenArmsService",
"arms:GetAlertRules",
"arms:ReportCustomIncidents",
"arms:AddPrometheusInstance",
"arms:GetAuthToken",
"arms:GetClusterAllUrl",
"arms:OpenArmsServiceSecondVersion",
"arms:CheckServiceStatus",
"arms:OpenVCluster",
"arms:GetPrometheusApiToken",
"arms:ListDashboards",
"arms:GetExploreUrl",
"arms:CreateDefaultCloudProductPrometheusAlertRule",
"arms:ListNotificationPolicies",
"arms:ListDispatchRule",
"arms:CreateDispatchRule",
"arms:CreateOrUpdateNotificationPolicy",
"arms:DescribeContactGroups",
"arms:SearchContactGroup",
"arms:CreatePrometheusAlertRule"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cms:DescribeMetricRuleList",
"cms:DescribeContactGroupList",
"cms:PutResourceMetricRule",
"cms:PutResourceMetricRules"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"alidns:AddDomainRecord",
"alidns:DescribeDomains"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"log:DeleteLogstore",
"log:CreateLogstore",
"log:CreateIndex",
"log:UpdateIndex",
"log:GetIndex"
],
"Resource": "acs:log:*:*:project/*/logstore/apig_*"
},
{
"Effect": "Allow",
"Action": [
"log:ListProject",
"log:GetProject",
"log:ListLogStores",
"log:GetLogstore"
],
"Resource": "acs:log:*:*:project/*"
},
{
"Effect": "Allow",
"Action": [
"log:PostLogStoreLogs",
"log:OpenProductDataCollection",
"log:CloseProductDataCollection",
"log:GetProductDataCollection",
"log:OpenSlsService",
"log:GetSlsService"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "xtrace:GetToken",
"Resource": "*"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "nativeapigw.aliyuncs.com"
}
}
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"nlb.aliyuncs.com",
"eipaccess.slb.aliyuncs.com",
"middlewarelens.log.aliyuncs.com",
"securitylens.log.aliyuncs.com",
"ai-lens.log.aliyuncs.com",
"storagelens.log.aliyuncs.com"
]
}
}
},
{
"Effect": "Allow",
"Action": "mns:SendMessage",
"Resource": "acs:mns:*:*:/queues/*/messages"
}
]
}
相关文档
文档内容是否对您有帮助?