AliyunServiceRolePolicyForRdcStandard 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForRdcStandard 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2025-06-24 10:06:27
更新时间:2026-02-05 15:32:20
当前版本:v14
策略内容
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "cs:DescribeUserPermission",
"Resource": "*"
},
{
"Action": [
"fc:CreateService",
"fc:ListServices",
"fc:GetService",
"fc:UpdateService",
"fc:DeleteService",
"fc:CreateFunction",
"fc:ListFunctions",
"fc:GetFunction",
"fc:UpdateFunction",
"fc:DeleteFunction",
"fc:InvokeFunction",
"fc:CreateTrigger",
"fc:ListTriggers",
"fc:GetTrigger",
"fc:UpdateTrigger",
"fc:DeleteTrigger",
"fc:PublishServiceVersion",
"fc:ListServiceVersions",
"fc:DeleteServiceVersion",
"fc:CreateAlias",
"fc:GetAlias",
"fc:UpdateAlias",
"fc:ListAliases",
"fc:DeleteAlias",
"fc:PutProvisionConfig",
"fc:GetProvisionConfig",
"fc:ListProvisionConfigs",
"fc:DeleteProvisionConfig",
"fc:CreateCustomDomain",
"fc:GetCustomDomain",
"fc:UpdateCustomDomain",
"fc:ListCustomDomains",
"fc:DeleteCustomDomain",
"fc:PutFunctionOnDemandConfig",
"fc:GetFunctionOnDemandConfig",
"fc:ListFunctionOnDemandConfigs",
"fc:DeleteFunctionOnDemandConfig",
"fc:ListFunctionAsyncInvokeConfigs",
"fc:ListConcurrencyConfigs",
"fc:DeleteConcurrencyConfig",
"fc:PutConcurrencyConfig",
"fc:GetConcurrencyConfig",
"fc:ListInstances",
"fc:PublishFunctionVersion",
"fc:ListFunctionVersions",
"fc:DeleteFunctionVersion",
"fc:CreateVpcBinding",
"fc:ListVpcBindings",
"fc:DeleteVpcBinding",
"fc:DeleteFunctionAsyncInvokeConfig",
"fc:GetFunctionAsyncInvokeConfig",
"fc:GetFunctionCode",
"fc:PutFunctionAsyncInvokeConfig",
"fc:GetLayerVersionByArn",
"fc:ListLayers",
"fc:PutLayerACL",
"fc:ListLayerVersions",
"fc:CreateLayerVersion",
"fc:DeleteLayerVersion",
"fc:GetLayerVersion",
"fc:TagResources",
"fc:UntagResources",
"fc:ListTagResources"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"sae:DescribeApplicationConfig",
"sae:VirtualServerProxy",
"sae:DescribeRegions",
"sae:DescribeInstanceLog",
"sae:DescribeComponents",
"sae:DescribeEdasContainers",
"sae:DescribeApplicationImage",
"sae:DescribeApplicationInstances",
"sae:DescribeApplicationGroups",
"sae:ListApplications",
"sae:QueryResourceStatics",
"sae:ListLogConfigs",
"sae:DescribeApplicationStatus",
"sae:DescribeNamespaces",
"sae:DeployApplication",
"sae:CreateApplication",
"sae:DeleteApplication",
"sae:StopApplication",
"sae:RescaleApplicationVertically",
"sae:StartApplication",
"sae:ConfirmPipelineBatch",
"sae:ListChangeOrders",
"sae:AbortAndRollbackChangeOrder",
"sae:DescribeChangeOrder",
"sae:DescribeInstanceSpecifications",
"sae:RescaleApplication",
"sae:RestartApplication",
"sae:AbortChangeOrder",
"sae:UpdateJob",
"sae:DescribeJob",
"sae:ListJobs",
"sae:CreateCredential",
"sae:GetWebshellToken"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"pvtz:AddZone",
"pvtz:DeleteZone",
"pvtz:DescribeZones",
"pvtz:DescribeZoneInfo",
"pvtz:BindZoneVpc",
"pvtz:AddZoneRecord",
"pvtz:UpdateZoneRecord",
"pvtz:DeleteZoneRecord",
"pvtz:DescribeZoneRecords"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"pvtz:AddZone",
"pvtz:DeleteZone",
"pvtz:DescribeZones",
"pvtz:DescribeZoneInfo",
"pvtz:BindZoneVpc",
"pvtz:AddZoneRecord",
"pvtz:UpdateZoneRecord",
"pvtz:DeleteZoneRecord",
"pvtz:DescribeZoneRecords"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"privatelink:CheckProductOpen",
"privatelink:OpenPrivateLinkService",
"privatelink:CreateVpcEndpoint",
"privatelink:GetVpcEndpointAttribute",
"privatelink:UpdateVpcEndpointAttribute",
"privatelink:DeleteVpcEndpoint",
"privatelink:ListVpcEndpoints",
"privatelink:ListVpcEndpointZones",
"privatelink:RemoveZoneFromVpcEndpoint",
"privatelink:ListVpcEndpointSecurityGroups",
"privatelink:EnableVpcEndpointConnection",
"privatelink:ListVpcEndpointConnections",
"privatelink:UpdateVpcEndpointConnectionAttribute",
"privatelink:DisableVpcEndpointConnection",
"privatelink:AddUserToVpcEndpointService",
"privatelink:ListVpcEndpointServiceUsers",
"privatelink:DescribeZones",
"privatelink:RemoveUserFromVpcEndpointService"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcAttribute",
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches",
"vpc:DescribeVSwitchAttributes",
"vpc:DescribeNatGateways",
"vpc:GetNatGatewayAttribute",
"vpc:DescribeNatGatewayAssociateNetworkInterfaces",
"vpc:VpcDescribeVpcNatGatewayNetworkInterfaceQuota",
"vpc:ListNatIps",
"vpc:CreateFullNatEntry",
"vpc:DeleteFullNatEntry",
"vpc:ModifyFullNatEntryAttribute",
"vpc:ListEnhanhcedNatGatewayAvailableZones",
"vpc:ListFullNatEntries"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ecs:DescribeSecurityGroupAttribute",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "standard.rdc.aliyuncs.com"
}
}
},
{
"Action": [
"oss:ListBuckets",
"oss:PutBucket",
"oss:GetBucketLocation",
"oss:ListObjects",
"oss:GetObject",
"oss:PutObject",
"oss:DeleteObject",
"oss:PutBucketAcl",
"oss:GetBucketAcl",
"oss:GetObjectAcl",
"oss:PutObjectAcl"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oss:PutObject",
"oss:GetObject",
"oss:DeleteObject"
],
"Resource": [
"acs:oss:*:*:*/repositories/*",
"acs:oss:*:*:*/archive/*"
],
"Effect": "Allow"
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "privatelink.aliyuncs.com"
}
}
},
{
"Action": [
"cs:GetClusterToken",
"cs:GetClusterEndpoints",
"cs:GetClusters",
"cs:GetClusterById",
"cs:GetClusterCerts",
"cs:GetClusterProjects",
"cs:DescribeClusterAddonsUpgradeStatus",
"cs:DescribeClusterAddonsVersion",
"cs:DescribeClusterUserKubeconfig",
"cs:InstallClusterAddons"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cr:GetRepository",
"cr:ListRepositoryTag",
"cr:ListRepository",
"cr:PullRepository",
"cr:PushRepository",
"cr:ListNamespace",
"cr:GetAuthorizationToken",
"cr:CreateRepository",
"cr:CreateNamespace",
"cr:GetNamespace",
"cr:ListNamespace",
"cr:ListInstance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:CreateNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:CreateNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:CreateSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:ListTagResources",
"ecs:RunInstances",
"ecs:DescribeManagedInstances",
"ecs:StartInstance",
"ecs:AllocatePublicIpAddress",
"ecs:StopInstance",
"ecs:DeleteInstance",
"ecs:DescribeInstances",
"ecs:DescribeInstanceAttribute",
"ecs:ModifyInstanceAttribute",
"ecs:DescribeImages",
"ecs:DescribeSnapshots",
"ecs:DescribeKeyPairs",
"ecs:DescribeSecurityGroups",
"ecs:CreateCommand",
"ecs:RunCommand",
"ecs:InstallCloudAssistant",
"ecs:InvokeCommand",
"ecs:StopInvocation",
"ecs:DeleteCommand",
"ecs:DescribeCloudAssistantStatus",
"ecs:DescribeCommands",
"ecs:DescribeInvocations",
"ecs:DescribeInvocationResults",
"slb:DescribeLoadBalancerAttribute",
"slb:RemoveBackendServers",
"slb:DescribeHealthStatus",
"slb:AddBackendServers",
"slb:SetBackendServers",
"ess:DescribeScalingGroups",
"ess:DescribeLifecycleHooks",
"ess:DescribeScalingInstances",
"ess:ModifyLifecycleHook",
"ess:CreateLifecycleHook",
"ess:ResumeProcesses",
"ess:SuspendProcesses",
"ess:DescribeEciScalingConfigurations",
"ess:ModifyEciScalingConfiguration",
"eci:UpdateContainerGroup",
"eci:DescribeContainerGroups",
"ess:EnterStandby",
"ess:ExitStandBy",
"ecs:DescribeInstances",
"ecs:TagResources",
"ecs:DescribeInvocations",
"ecs:DescribeInvocationResults",
"ecs:RunCommand"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"bss:ModifyInstance"
],
"Resource": "*",
"Effect": "Allow"
}
]
}相关文档
该文章对您有帮助吗?