AliyunServiceRolePolicyForSAE 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForSAE 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2025-08-05 10:06:39
更新时间:2025-08-05 10:06:39
当前版本:v1
策略内容
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"eflo:*Interface",
"eflo:GetNodeInfoForPod"
],
"Resource": "*"
},
{
"Action": [
"alb:TagResources",
"alb:UnTagResources",
"alb:ListServerGroups",
"alb:ListServerGroupServers",
"alb:AddServersToServerGroup",
"alb:RemoveServersFromServerGroup",
"alb:ReplaceServersInServerGroup",
"alb:CreateLoadBalancer",
"alb:DeleteLoadBalancer",
"alb:UpdateLoadBalancerAttribute",
"alb:UpdateLoadBalancerEdition",
"alb:EnableLoadBalancerAccessLog",
"alb:DisableLoadBalancerAccessLog",
"alb:EnableDeletionProtection",
"alb:DisableDeletionProtection",
"alb:ListLoadBalancers",
"alb:GetLoadBalancerAttribute",
"alb:ListListeners",
"alb:CreateListener",
"alb:GetListenerAttribute",
"alb:UpdateListenerAttribute",
"alb:ListListenerCertificates",
"alb:AssociateAdditionalCertificatesWithListener",
"alb:DissociateAdditionalCertificatesFromListener",
"alb:DeleteListener",
"alb:CreateRule",
"alb:DeleteRule",
"alb:UpdateRuleAttribute",
"alb:CreateRules",
"alb:UpdateRulesAttribute",
"alb:DeleteRules",
"alb:ListRules",
"alb:CreateServerGroup",
"alb:DeleteServerGroup",
"alb:UpdateServerGroupAttribute",
"alb:DescribeZones",
"alb:ListAclEntries",
"alb:ListAclRelations",
"alb:AddEntriesToAcl",
"alb:AssociateAclsWithListener",
"alb:CreateAcl",
"alb:DeleteAcl",
"alb:DissociateAclsFromListener",
"alb:RemoveEntriesFromAcl",
"alb:SerializeAcl",
"alb:UnSerializeAcl",
"alb:UpdateAclAttribute",
"alb:ListAcls"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:ListTagResources",
"ecs:TagResources",
"ecs:UnTagResources",
"ecs:CreateNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:CreateNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:DeleteNetworkInterfacePermission",
"ecs:ModifyNetworkInterfaceAttribute",
"ecs:JoinSecurityGroup",
"ecs:LeaveSecurityGroup",
"ecs:CreateSecurityGroup",
"ecs:AuthorizeSecurityGroup",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroups",
"ecs:RevokeSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:ModifySecurityGroupAttribute",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:RevokeSecurityGroupEgress",
"ecs:ModifySecurityGroupRule",
"ecs:DescribeSecurityGroupReferences",
"ecs:ModifySecurityGroupPolicy",
"ecs:DescribeInstances",
"ecs:DescribeInstanceMonitorData"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"slb:AddTags",
"slb:RemoveTags",
"slb:CreateLoadBalancer",
"slb:ModifyLoadBalancerInternetSpec",
"slb:DeleteLoadBalancer",
"slb:SetLoadBalancerStatus",
"slb:SetLoadBalancerName",
"slb:DescribeLoadBalancers",
"slb:DescribeLoadBalancerAttribute",
"slb:ModifyLoadBalancerPayType",
"slb:ModifyLoadBalancerInstanceSpec",
"slb:CreateLoadBalancerHTTPListener",
"slb:CreateLoadBalancerHTTPSListener",
"slb:CreateLoadBalancerTCPListener",
"slb:CreateLoadBalancerUDPListener",
"slb:DeleteLoadBalancerListener",
"slb:StartLoadBalancerListener",
"slb:StopLoadBalancerListener",
"slb:DescribeLoadBalancerListeners",
"slb:SetLoadBalancerHTTPListenerAttribute",
"slb:SetLoadBalancerHTTPSListenerAttribute",
"slb:SetLoadBalancerTCPListenerAttribute",
"slb:SetLoadBalancerUDPListenerAttribute",
"slb:SetListenerAccessControlStatus",
"slb:DescribeLoadBalancerHTTPListenerAttribute",
"slb:DescribeLoadBalancerHTTPListenerAttributes",
"slb:DescribeLoadBalancerHTTPSListenerAttribute",
"slb:DescribeLoadBalancerTCPListenerAttribute",
"slb:DescribeLoadBalancerUDPListenerAttribute",
"slb:DescribeListenerAccessControlAttribute",
"slb:AddListenerWhiteListItem",
"slb:RemoveListenerWhiteListItem",
"slb:AddBackendServers",
"slb:RemoveBackendServers",
"slb:SetBackendServers",
"slb:DescribeHealthStatus",
"slb:UploadServerCertificate",
"slb:DeleteServerCertificate",
"slb:DescribeServerCertificates",
"slb:DescribeCACertificates",
"slb:SetServerCertificateName",
"slb:DescribeRegions",
"slb:CreateVServerGroup",
"slb:DescribeVServerGroupAttribute",
"slb:DescribeVServerGroups",
"slb:AddVServerGroupBackendServers",
"slb:SetVServerGroupAttribute",
"slb:ModifyVServerGroupBackendServers",
"slb:RemoveVServerGroupBackendServers",
"slb:DescribeRules",
"slb:SetRule",
"slb:CreateRules",
"slb:DeleteRules",
"slb:DescribeTags",
"slb:DeleteVServerGroup",
"slb:SetLoadBalancerDeleteProtection"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"nlb:TagResources",
"nlb:UnTagResources",
"nlb:ListTagResources",
"nlb:CreateLoadBalancer",
"nlb:DeleteLoadBalancer",
"nlb:GetLoadBalancerAttribute",
"nlb:ListLoadBalancers",
"nlb:UpdateLoadBalancerAttribute",
"nlb:UpdateLoadBalancerAddressTypeConfig",
"nlb:UpdateLoadBalancerZones",
"nlb:CreateListener",
"nlb:DeleteListener",
"nlb:ListListeners",
"nlb:UpdateListenerAttribute",
"nlb:StopListener",
"nlb:StartListener",
"nlb:GetListenerAttribute",
"nlb:GetListenerHealthStatus",
"nlb:CreateServerGroup",
"nlb:DeleteServerGroup",
"nlb:UpdateServerGroupAttribute",
"nlb:AddServersToServerGroup",
"nlb:RemoveServersFromServerGroup",
"nlb:UpdateServerGroupServersAttribute",
"nlb:ListServerGroups",
"nlb:ListServerGroupServers",
"nlb:LoadBalancerLeaveSecurityGroup",
"nlb:LoadBalancerJoinSecurityGroup",
"nlb:DisableLoadBalancerIpv6Internet",
"nlb:EnableLoadBalancerIpv6Internet",
"nlb:UpdateLoadBalancerProtection",
"nlb:GetJobStatus"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"nas:DescribeRegions",
"nas:CreateFileSystem",
"nas:DeleteFileSystem",
"nas:DescribeFileSystems",
"nas:ModifyFileSystem",
"nas:CreateMountTarget",
"nas:DeleteMountTarget",
"nas:DescribeMountTargets",
"nas:ModifyMountTarget",
"nas:CreateAccessGroup",
"nas:DeleteAccessGroup",
"nas:DescribeAccessGroups",
"nas:ModifyAccessGroup",
"nas:CreateAccessRule",
"nas:DeleteAccessRule",
"nas:DescribeAccessRules",
"nas:ModifyAccessRule",
"nas:SetUserVolumeCountLimit"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oss:ListObjects",
"oss:GetObject",
"oss:PutObject",
"oss:DeleteObject",
"oss:AbortMultipartUpload",
"oss:ListParts"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs",
"vpc:CreateVpc",
"vpc:DescribeZones",
"vpc:CreateVSwitch",
"vpc:DescribeVSwitchAttributes",
"vpc:DescribeEipAddresses",
"vpc:AssociateEipAddress",
"vpc:UnassociateEipAddress",
"vpc:AllocateEipAddress",
"vpc:ReleaseEipAddress",
"vpc:DescribeEipMonitorData",
"vpc:DescribeVpcAttribute"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cr:GetUserInfo",
"cr:GetRegionList",
"cr:GetNamespaceList",
"cr:GetRepoListByNamespace",
"cr:GetRepoTags",
"cr:GetRepoList",
"cr:GetRepo",
"cr:GetInstanceVpcEndpoint",
"cr:ListNamespace",
"cr:ListInstanceEndpoint",
"cr:CreateNamespace",
"cr:DeleteNamespace",
"cr:UpdateNamespace",
"cr:GetNamespace",
"cr:CreateRepository",
"cr:DeleteRepository",
"cr:UpdateRepository",
"cr:GetRepository",
"cr:ListRepository",
"cr:ListRepositoryTag",
"cr:DeleteRepositoryTag",
"cr:GetRepositoryManifest",
"cr:GetRepositoryLayers",
"cr:PullRepository",
"cr:PushRepository",
"cr:GetAuthorizationToken",
"cr:GetArtifactTag",
"cr:GetRepositoryTag",
"cr:ListInstance",
"cr:GetInstance",
"cr:GetRepoTagManifest"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ram:GetRole"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:PassRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"acs:Service": "oos.aliyuncs.com"
}
}
},
{
"Action": [
"log:GetLogStore",
"log:ListLogStores",
"log:CreateLogStore",
"log:DeleteLogStore",
"log:UpdateLogStore",
"log:GetCursorOrData",
"log:ListShards",
"log:PostLogStoreLogs",
"log:CreateConfig",
"log:UpdateConfig",
"log:DeleteConfig",
"log:GetConfig",
"log:ListConfig",
"log:CreateMachineGroup",
"log:UpdateMachineGroup",
"log:DeleteMachineGroup",
"log:GetMachineGroup",
"log:ListMachineGroup",
"log:ListMachines",
"log:ApplyConfigToGroup",
"log:RemoveConfigFromGroup",
"log:GetAppliedMachineGroups",
"log:GetAppliedConfigs",
"log:GetLogStoreLogs",
"log:GetLogStoreHistogram",
"log:CreateProject",
"log:GetProject",
"log:GetIndex",
"log:CreateIndex",
"log:DeleteIndex",
"log:UpdateIndex",
"log:GetMachineGroups",
"log:RemoveConfigFromMachineGroup",
"log:DeleteProject",
"log:OpenProductDataCollection",
"log:CloseProductDataCollection",
"log:GetProductDataCollection",
"log:GetLogtailPipelineConfig",
"log:DeleteLogtailPipelineConfig",
"log:CreateLogtailPipelineConfig"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"yundun-cert:DescribeUserCertificate*",
"yundun-cert:GetUserCertificateDetail"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"bss:DescribePrice",
"bss:DescribeInstances",
"bss:ModifyInstance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"arms:QueryMetric",
"arms:OpenVCluster",
"arms:GetClusterAllUrl",
"arms:GetCloudClusterAllUrl",
"arms:ListDashboards",
"arms:OpenArmsService",
"arms:ListServerlessTopNApps",
"arms:CreateAlertContact",
"arms:SearchAlertContact",
"arms:UpdateAlertContact",
"arms:DeleteAlertContact",
"arms:CreateAlertContactGroup",
"arms:SearchAlertContactGroup",
"arms:UpdateAlertContactGroup",
"arms:DeleteAlertContactGroup",
"arms:GetAgentDownloadUrl",
"arms:GetJavaAgentDownloadUrl",
"arms:CreateOrUpdateIMRobot",
"arms:DeleteIMRobot",
"arms:DescribeIMRobots",
"arms:CreateContact",
"arms:SearchContact",
"arms:DeleteContact",
"arms:UpdateContact",
"arms:CheckCommercialStatus",
"arms:GetCommercialStatus",
"arms:OpenArmsServiceSecondVersion",
"arms:GetTraceApp",
"arms:TagResources",
"arms:UntagResources",
"arms:GetAppJVMConfig"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oos:ListExecutions",
"oos:StartExecution",
"oos:DeleteExecutions",
"oos:CancelExecution",
"oos:GetTemplate",
"oos:CreateTemplate",
"oos:UpdateTemplate",
"oos:ListTriggerTimes"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"mse:CreateApplication",
"mse:RemoveApplication",
"mse:FetchRoutePolicyList",
"mse:AddRoutePolicy",
"mse:UpdateRoutePolicy",
"mse:RemoveRoutePolicy",
"mse:GetServiceDetail",
"mse:GetServiceListPage",
"mse:GetServiceList",
"mse:ListClusters",
"mse:QueryClusterDetail",
"mse:GetGateway",
"mse:ListGateway",
"mse:ListGatewayDomain",
"mse:AddServiceSource",
"mse:ImportServices",
"mse:ListGatewayService",
"mse:GetGatewayRouteDetail",
"mse:AddGatewayRoute",
"mse:UpdateGatewayRoute",
"mse:ApplyGatewayRoute",
"mse:OfflineGatewayRoute",
"mse:DeleteGatewayRoute",
"mse:ListAnsServices",
"mse:ListAnsInstances",
"mse:GetLosslessRuleByApp",
"mse:ModifyLosslessRule",
"mse:ListServiceSource",
"mse:AddGatewayServiceVersion",
"mse:UpdateGatewayRouteTimeout",
"mse:UpdateGatewayRouteRetry",
"mse:ListGatewayRoute",
"mse:CreateOrUpdateSwimmingLaneGroup",
"mse:QueryAllSwimmingLaneGroup",
"mse:DeleteSwimmingLaneGroup",
"mse:GetTagsBySwimmingLaneGroupId",
"mse:ListAppBySwimmingLaneGroupTags",
"mse:CreateOrUpdateSwimmingLane",
"mse:QueryAllSwimmingLane",
"mse:QuerySwimmingLaneById",
"mse:ListSwimmingLaneGatewayRoute",
"mse:ListEngineNamespaces",
"mse:InitializeServiceLinkRole",
"mse:GetUserStatus"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"apig:GetGateway",
"apig:*HttpApi",
"apig:ListHttpApis",
"apig:CreateEnvironment",
"apig:UpdateEnvironment",
"apig:ListEnvironments",
"apig:GetEnvironment",
"apig:GetDomain",
"apig:ListDomains",
"apig:ListHttpApiRoutes",
"apig:GetHttpApiRoute",
"apig:DeleteHttpApiRoute",
"apig:ListPolicies",
"apig:CreateAndAttachPolicy",
"apig:UpdateAndAttachPolicy",
"apig:CreateHttpApiRoute",
"apig:UpdateHttpApiRoute",
"apig:CreateServiceVersion",
"apig:CreateService",
"apig:ListServices",
"apig:ListSources",
"apig:CreateSource",
"apig:DetectHttpApiConflicts"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"eventbridge:CreateEventBus",
"eventbridge:GetEventBus",
"eventbridge:DeleteEventBus",
"eventbridge:ListEventBuses",
"eventbridge:CreateRule",
"eventbridge:GetRule",
"eventbridge:UpdateRule",
"eventbridge:EnableRule",
"eventbridge:DisableRule",
"eventbridge:DeleteRule",
"eventbridge:ListRules",
"eventbridge:UpdateTargets",
"eventbridge:DeleteTargets",
"eventbridge:ListTargets",
"eventbridge:PutEvents",
"eventbridge:CreateEventSource",
"eventbridge:UpdateEventSource",
"eventbridge:DeleteEventSource",
"eventbridge:ListAliyunOfficialEventSources",
"eventbridge:ListUserDefinedEventSources"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"alikafka:ListInstance",
"alikafka:ListTopic"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cms:EnableActiveMetricRule",
"cms:DescribeMetricLast",
"cms:DescribeMetricList",
"cms:QueryMetricLast",
"cms:GetServiceObservability",
"cms:CreateServiceObservability",
"cms:CreateService",
"cms:DeleteService",
"cms:GetService",
"cms:UpdateService"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"privatelink:CreateVpcEndpoint",
"privatelink:DeleteVpcEndpoint",
"privatelink:ListVpcEndpoints",
"privatelink:RemoveZoneFromVpcEndpoint",
"privatelink:OpenPrivateLinkService"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "sae.aliyuncs.com"
}
}
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"privatelink.aliyuncs.com",
"middlewarelens.log.aliyuncs.com",
"eipaccess.slb.aliyuncs.com",
"systemeventoperator.oos.aliyuncs.com",
"securitylens.log.aliyuncs.com",
"ai-lens.log.aliyuncs.com",
"storagelens.log.aliyuncs.com",
"diagnosis.mse.aliyuncs.com",
"nlb.aliyuncs.com"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"sae:*WebApplicationInner",
"sae:UpdateWebApplication",
"sae:UpdateApplication",
"sae:ListApplicationVersions",
"sae:UpdateApplicationScaleConfig",
"sae:GetApplicationScaleConfig",
"sae:DescribeNamespace",
"sae:CreateNamespace",
"sae:BindSlb",
"sae:CreateApplication",
"sae:DescribeApplicationSlbs",
"sae:DescribeChangeOrder",
"sae:DescribeApplicationStatus",
"sae:ListApplications",
"sae:BatchStopApplications",
"sae:BatchStartApplications",
"sae:*WebApplication",
"sae:GetApplication",
"sae:ListWebApplications",
"sae:*NamespaceV2",
"sae:DescribeApplicationConfig",
"sae:DeployApplication",
"sae:*ConfigMap",
"sae:*Secret",
"sae:*Ingress",
"sae:*ApplicationScalingRules"
],
"Resource": "*"
},
{
"Action": [
"yundun-sas:GetServerlessAppAuthDetail",
"yundun-sas:GetServerlessAuthSummary",
"yundun-sas:DescribeUuidsByAppId",
"yundun-sas:DescribeEventLevelCount",
"yundun-sas:GetInstanceAlarmStatistics"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"Ims:GetOIDCProvider",
"Ims:CreateOIDCProvider"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"netana:DescribeNetworkQuotas",
"netana:DescribeIdleInstancesNum",
"netana:CreateNetworkQuotaRequest",
"netana:DescribeIdleInstances",
"netana:DescribeNetworkResourceCountForGlobal",
"netana:NetQueryIdleInstanceNotifyConfig",
"netana:NetModifyIdleInstanceNotifyConfig"
],
"Resource": "*"
},
{
"Action": [
"quotas:GetProductQuota"
],
"Resource": "*",
"Effect": "Allow"
}
]
}相关文档
该文章对您有帮助吗?