AliyunServiceRolePolicyForSas 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForSas 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2020-04-01 06:58:41
更新时间:2024-10-23 06:54:43
当前版本:v82
策略内容
{
"Version": "1",
"Statement": [
{
"Action": [
"actiontrail:DescribeTrails",
"actiontrail:GetTrailStatus",
"actiontrail:CreateServiceTrail",
"actiontrail:DeleteServiceTrail",
"actiontrail:GetServiceTrail"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cdn:DescribeUserDomains",
"cdn:DescribeDomainCustomLogConfig",
"cdn:DescribeDomainRealtimeLogDelivery"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cms:DescribeMonitoringAgentHosts",
"cms:DescribeMonitoringAgentStatuses",
"cms:DescribeMonitoringAgentAccessKey"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cr:GetRepository",
"cr:GetInstanceEndpoint",
"cr:GetAuthorizationToken",
"cr:PullRepository",
"cr:GetInstanceVpcEndpoint",
"cr:GetImageScan",
"cr:GetRegionList",
"cr:GetRepoBuildList",
"cr:ListRepository",
"cr:GetScan*",
"cr:ListRepositoryTag",
"cr:ListInstance",
"cr:ListRepoTag",
"cr:ListInstanceEndpoint",
"cr:CreateArtifactBuildTask",
"cr:GetArtifactBuildTask",
"cr:CancelArtifactBuildTask",
"cr:ListArtifactBuildTaskLog",
"cr:GetRepositoryTag"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cs:UpdateKritisAttestationAuthority",
"cs:GetKritisAttestationAuthority",
"cs:InstallKritisAttestationAuthority",
"cs:DeleteKritisAttestationAuthority",
"cs:UpdateKritisGenericAttestationPolicy",
"cs:InstallKritisGenericAttestationPolicy",
"cs:DeleteKritisGenericAttestationPolicy",
"cs:InstallKritis",
"cs:DescribeClusterNamespaces",
"cs:DescribeClusters",
"cs:CheckKritisInstall",
"cs:GetClusterAuditProject",
"cs:GetClusterAudit",
"cs:GetClusters",
"cs:GetUserClusterResource",
"cs:QueryUserClusterResource",
"cs:GetUserInstanceResource",
"cs:DescribeClusterNodes",
"cs:DescribeClusterInnerServiceKubeconfig",
"cs:RevokeClusterInnerServiceKubeconfig",
"cs:DescribePolicies",
"cs:DescribePoliceDetails",
"cs:DescribePolicyGovernanceInCluster",
"cs:DescribePolicyInstances",
"cs:DescribePolicyInstancesStatus",
"cs:DeployPolicyInstance",
"cs:DeletePolicyInstance",
"cs:ModifyPolicyInstance",
"cs:DescribeClusterDetail",
"cs:DescribeClustersV1",
"cs:DescribeClusterAddonsVersion",
"cs:DescribeUserPermission",
"cs:InstallClusterAddons",
"cs:UnInstallClusterAddons",
"cs:DescribeClusterAddonMetadata",
"cs:ModifyClusterAddon",
"cs:UpgradeK8sComponents",
"cs:PauseComponentUpgrade",
"cs:ResumeComponentUpgrade",
"cs:CancelComponentUpgrade",
"cs:DescribeAddons",
"cs:DescribeClusterAddonsUpgradeStatus",
"cs:Queryk8sComponentsUpdateVersion"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dds:DescribeSecurityIps",
"dds:DescribeDBInstances",
"dds:DescribeAuditPolicy",
"dds:DescribeBackupPolicy",
"dds:DescribeDBInstanceSSL",
"dds:DescribeReplicaSetRole",
"dds:DescribeShardingNetworkAddress",
"dds:DescribeDBInstanceAttribute",
"dds:DescribeDBInstanceTDEInfo"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:CreateCommand",
"ecs:InstallCloudAssistant",
"ecs:InvokeCommand",
"ecs:StopInvocation",
"ecs:DeleteCommand",
"ecs:DescribeCloudAssistantStatus",
"ecs:DescribeCommands",
"ecs:DescribeInvocations",
"ecs:DescribeInvocationResults",
"ecs:ModifyCommand",
"ecs:DescribeInstances",
"ecs:DescribeDisks",
"ecs:DescribeSnapshots",
"ecs:CreateSnapshot",
"ecs:DescribeInstanceAttribute",
"ecs:CreateSecurityGroup",
"ecs:AuthorizeSecurityGroup",
"ecs:RevokeSecurityGroup",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroups",
"ecs:JoinSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:LeaveSecurityGroup",
"ecs:RevokeSecurityGroupEgress",
"ecs:CreateNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:CreateNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:DeleteNetworkInterfacePermission",
"ecs:DescribeSecurityGroupReferences",
"ecs:DetachNetworkInterface",
"ecs:AttachNetworkInterface",
"ecs:ModifySecurityGroupAttribute",
"ecs:ModifySecurityGroupPolicy",
"ecs:ModifySecurityGroupRule",
"ecs:CreateActivation",
"ecs:DescribeResourceByTags",
"ecs:ListTagResources",
"ecs:CreateImage",
"ecs:DescribeImages",
"ecs:CopyImage",
"ecs:ModifyImageSharePermission",
"ecs:DeleteImage",
"ecs:DeleteSnapshot",
"ecs:DescribeZones"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"gpdb:DescribeDBInstances",
"gpdb:DescribeDBInstanceIPArrayList",
"gpdb:DescribeDBInstanceAttribute",
"gpdb:DescribeSQLCollectorPolicy",
"gpdb:DescribeDBInstanceNetInfo",
"gpdb:DescribeBackupPolicy",
"gpdb:DescribeAccounts",
"gpdb:DescribeDBInstanceSSL",
"gpdb:DescribeDBInstanceOnECSAttribute"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"hbr:BrowseFiles",
"hbr:CancelBackupJob",
"hbr:CancelJob",
"hbr:CreateBackupPlan",
"hbr:CreateClients",
"hbr:CreateJobs",
"hbr:CreateRestore",
"hbr:CreateRestoreJob",
"hbr:CreateVault",
"hbr:DeleteBackupClient",
"hbr:DeleteBackupClientResource",
"hbr:DeleteBackupPlan",
"hbr:DeleteClients",
"hbr:DeleteJob",
"hbr:DeleteVault",
"hbr:DisableBackupPlan",
"hbr:DisableJob",
"hbr:EnableBackupPlan",
"hbr:EnableJob",
"hbr:ExecuteBackupPlan",
"hbr:ExecuteJob",
"hbr:InstallBackupClients",
"hbr:UninstallBackupClients",
"hbr:UninstallClient",
"hbr:UpdateBackupPlan",
"hbr:UpdateJob",
"hbr:UpdateClientSettings",
"hbr:SearchHistoricalSnapshots",
"hbr:DeleteSnapshot",
"hbr:DiscoverDatabase",
"hbr:GetDiscoveredDatabase",
"hbr:CancelDiscoveringDatabase",
"hbr:UpdateUniBackupInstance",
"hbr:PreCheckDatabase",
"hbr:InstallUniBackupAgent",
"hbr:UninstallUniBackupAgent",
"hbr:UpgradeUniBackupAgent",
"hbr:CreateUniBackupPlan",
"hbr:UpdateUniBackupPlan",
"hbr:DeleteUniBackupPlan",
"hbr:CreateUniRestorePlan",
"hbr:DeleteUniRestorePlan",
"hbr:CreateUniBackupVault",
"hbr:UpdateUniBackupVault",
"hbr:DeleteUniBackupVault",
"hbr:ControlUniBackupPlan",
"hbr:GenerateInstallLocalBackupClientScript",
"hbr:GenerateUninstallLocalBackupClientScript",
"hbr:InstallLocalBackupClients",
"hbr:UninstallLocalBackupClients",
"hbr:ControlUniBackupJob",
"hbr:UpgradeClient",
"hbr:UpgradeBackupClients",
"hbr:Get*",
"hbr:Check*",
"hbr:Describe*"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kms:DescribeKeyVersion",
"kms:GetPublicKey",
"kms:DescribeAccountKmsStatus",
"kms:Decrypt"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kvstore:DescribeInstances",
"kvstore:DescribeSecurityIps",
"kvstore:DescribeInstanceAttribute",
"kvstore:DescribeBackupPolicy",
"kvstore:DescribeDBInstanceNetInfo",
"kvstore:DescribeInstanceSSL",
"kvstore:DescribeAuditLogConfig",
"kvstore:DescribeEngineVersion",
"kvstore:DescribeParameters",
"kvstore:DescribeAccounts"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"log:PostLogStoreLogs",
"log:GetProject",
"log:ListProject",
"log:GetLogStore",
"log:ListLogStores",
"log:CreateLogStore",
"log:CreateProject",
"log:GetIndex",
"log:CreateIndex",
"log:UpdateIndex",
"log:CreateDashboard",
"log:ClearLogStoreStorage",
"log:UpdateLogStore",
"log:UpdateDashboard",
"log:CreateSavedSearch",
"log:UpdateSavedSearch",
"log:DeleteLogStore",
"log:DeleteSavedSearch",
"log:GetSavedSearch",
"log:ListSavedSearch",
"log:DeleteDashboard",
"log:GetDashboard",
"log:ListDashboard",
"log:DeleteProject",
"log:ListShards",
"log:GetCursorOrData",
"log:GetConsumerGroupCheckPoint",
"log:UpdateConsumerGroup",
"log:ConsumerGroupHeartBeat",
"log:ConsumerGroupUpdateCheckPoint",
"log:ListConsumerGroup",
"log:CreateConsumerGroup",
"log:GetSlsService"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oss:ListBuckets",
"oss:GetBucketAcl",
"oss:GetBucketLogging",
"oss:GetBucketReplication",
"oss:GetBucketEncryption",
"oss:GetBucketReferer",
"oss:GetBucketPolicy",
"oss:GetBucketVersioning",
"oss:PutBucketAcl",
"oss:ListBucketInventory",
"oss:GetBucketInventory",
"oss:GetObject",
"oss:GetObjectMetadata",
"oss:GetBucketStat",
"oss:ListBuckets",
"oss:ListObjects"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"polardb:DescribeDBClusters",
"polardb:DescribeDBClusterEndpoints",
"polardb:DescribeDBClusterAccessWhitelist",
"polardb:DescribeBackupPolicy",
"polardb:DescribeSQLExplorerPolicy",
"polardb:DescribeDBClusterAuditLogCollector",
"polardb:DescribeDBClusterTDE",
"polardb:DescribeDBClusterSSL",
"polardb:DescribeAccounts",
"polardb:DescribeGlobalDatabaseNetworks"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ram:ListUsers",
"ram:GetLoginProfile",
"ram:ListPolicies",
"ram:GetPolicy",
"ram:ListGroupsForUser",
"ram:ListEntitiesForPolicy",
"ram:ListGroups",
"ram:ListRoles",
"ram:GetAccountAlias",
"ram:ListAccessKeys",
"ram:GetUserSsoSettings",
"ram:GetUserMFAInfo",
"ram:GetSecurityPreference",
"ram:GetPasswordPolicy",
"ram:GetAccountSecurityPracticeReport",
"ram:GetAccessKeyLastUsed",
"ram:ListPoliciesForUser",
"ram:ListPoliciesForRole",
"ram:GetRole",
"ram:ListPoliciesForGroup",
"ims:GetAccountMFAInfo"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"rds:DescribeDBInstances",
"rds:DescribeDBInstanceIPArrayList",
"rds:DescribeDBInstanceSSL",
"rds:DescribeDBInstanceTDE",
"rds:DescribeSQLCollectorPolicy",
"rds:DescribeInstanceCrossBackupPolicy",
"rds:DescribeBackupPolicy",
"rds:DescribeDBInstanceNetInfo",
"rds:DescribeDBInstanceAttribute",
"rds:DescribeSqlLogInstances",
"rds:DescribeSQLCollectorRetention",
"rds:DescribeSQLLogRecords",
"rds:DescribeSQLLogFiles",
"rds:DescribeDBInstanceEncryptionKey",
"rds:DescribeAccounts"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"resourcemanager:GetResourceDirectory",
"resourcemanager:ListAccounts",
"resourcemanager:GetAccount",
"resourcemanager:ListPolicyAttachments",
"resourcemanager:ListFoldersForParent",
"resourcemanager:RegisterDelegatedAdministrator"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"slb:DescribeLoadBalancers",
"slb:DescribeListenerAccessControlAttribute",
"slb:DescribeLoadBalancerAttribute",
"slb:DescribeLoadBalancerHTTPListenerAttribute",
"slb:DescribeLoadBalancerHTTPSListenerAttribute",
"slb:DescribeLoadBalancerTCPListenerAttribute",
"slb:DescribeLoadBalancerUDPListenerAttribute",
"slb:DescribeAccessControlListAttribute",
"slb:DescribeHealthStatus",
"slb:DescribeCACertificates",
"slb:DescribeServerCertificates",
"slb:DescribeAccessLogsDownloadAttribute",
"slb:DescribeVServerGroups",
"slb:DescribeVServerGroupAttribute",
"alb:ListLoadBalancers",
"alb:GetLoadBalancerAttribute",
"alb:ListListeners",
"alb:ListAclEntries",
"alb:GetListenerHealthStatus",
"alb:GetListenerAttribute",
"alb:ListServerGroupServers",
"alb:ListListenerCertificates",
"nlb:GetLoadBalancerAttribute",
"nlb:ListListeners",
"nlb:ListServerGroupServers"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"yundun-ddoscoo:DescribeRegions",
"yundun-ddoscoo:DescribePayInfo",
"yundun-ddoscoo:DescribeBackSourceCidr",
"yundun-ddoscoo:DescribeInstances",
"yundun-ddoscoo:DescribeDDosAllEventList",
"yundun-ddoscoo:DescribeInstanceDetails",
"yundun-ddoscoo:DescribeWebRules",
"yundun-ddoscoo:DescribeNetworkRules",
"yundun-high:DescribeBackSourceCidr",
"yundun-high:DescribeDomainConfigPage",
"yundun-antiddosbag:DescribeInstanceList",
"yundun-antiddosbag:DescribeAttackingIpCount",
"yundun-antiddosbag:DescribeDdosEvent"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"yundun-sas:ModifyOperateVul",
"yundun-sas:OperateSuspiciousTargetConfig",
"yundun-sas:OperateSuspiciousOverallConfig",
"yundun-sas:ModifyModuleConfig",
"yundun-sas:OperateCommonOverallConfig",
"yundun-sas:ModifyClientConfStrategy",
"yundun-sas:ModifyClientConfSetup",
"yundun-sas:ModifyStrategy",
"yundun-sas:ModifyStrategyTarget",
"yundun-sas:CreateUserSetting",
"yundun-sas:ModifyVulConfig",
"yundun-sas:ModifyVulTarget",
"yundun-sas:ModifyCycleTask",
"yundun-sas:ModifyAutoDelConfig",
"yundun-sas:ModifyConcernNecessity",
"yundun-sas:DeleteStrategy",
"yundun-sas:DeleteCycleTask",
"yundun-sas:CreateCycleTask",
"yundun-sas:ModifyAppVulScanCycle",
"yundun-sas:ListVulAutoRepairConfig",
"yundun-sas:GetCheckSummary",
"yundun-sas:CheckStsTokenAuth",
"yundun-sas:Describe*",
"yundun-aegis:DescribeNoticeConfig",
"yundun-aegis:DescribeEventLevelCount"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"yundun-waf:DescribeRegions",
"yundun-waf:DescribePayInfo",
"yundun-waf:DescribeWafSourceIpSegment",
"yundun-waf:DescribeWafSourceIpv6Segment",
"yundun-waf:DescribeDomainNames",
"yundun-waf:DescribeDomainConfig",
"yundun-waf:DescribeInstanceInfo",
"yundun-waf:DescribeWebAttackLogs",
"yundun-waf:DescribeDomainList",
"yundun-waf:DescribeDomain"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeNatGateways",
"vpc:DescribeForwardTableEntries",
"vpc:DescribeVpnGateways",
"vpc:DescribeVpcAttribute",
"vpc:DescribeVSwitchAttributes",
"vpc:DescribeRegions",
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches",
"vpc:DescribeNetworkAcls",
"vpc:DescribeEipAddresses"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "sas.aliyuncs.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"bss:ModifyInstance"
],
"Resource": [
"*"
],
"Condition": {
"StringEquals": {
"bssapi:ProductCode": [
"hbr"
]
}
}
},
{
"Action": [
"yundun-sddp:DescribeUserStatus",
"yundun-sddp:DescribeOssObjects",
"yundun-sddp:DescribeOssObjectDetail",
"yundun-sddp:DescribeDSCRisk",
"yundun-sddp:DescribeInstances"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"rdc:ListOrganizationSecurityScores",
"rdc:ListOrganizations"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"yundun-cloudfirewall:DescribeControlPolicy",
"yundun-cloudfirewall:DescribeRiskEventGroup",
"yundun-cloudfirewall:DescribeUserBuyVersion",
"yundun-dbaudit:DescribeInstances",
"yundun-dbaudit:DescribeAuditLogsVerFourAsyncResult",
"yundun-bastionhost:DescribeInstanceBastionhost",
"yundun-bastionhost:ListAuditManagementLogs",
"yundun-cert:DescribeUserCertificateList",
"yundun-cert:DescribeUserCertificateDetail"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"mse:ListClusters",
"mse:QueryClusterDetail",
"nas:DescribeFileSystems",
"nas:DescribeAccessGroups",
"nas:DescribeAccessRules",
"nas:CreateMountTarget",
"nas:DeleteMountTarget",
"nas:DescribeMountTargets",
"eipanycast:ListAnycastEipAddresses",
"eipanycast:DescribeAnycastEipAddress"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"apigateway:DescribeInstances",
"apigateway:DescribeApiGroups",
"apigateway:DescribeApis",
"apigateway:DescribeApi"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"resourcesharing:CreateResourceShare",
"resourcesharing:ListResourceShares",
"resourcesharing:DeleteResourceShare",
"resourcesharing:AssociateResourceShare",
"resourcesharing:ListResourceShareAssociations",
"resourcesharing:DisassociateResourceShare"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"quotas:GetProductQuota"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"eiam:ListInstances",
"eiam:GetForgetPasswordConfiguration",
"eiam:GetPasswordComplexityConfiguration",
"eiam:GetSecondFactorAuthentication",
"eiam:GetLoginConfiguration",
"eiam:GetPasswordExpirationConfiguration",
"eiam:ListAuthenticationSources",
"eiam:GetPasswordHistoryConfiguration"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"privatelink:CreateVpcEndpoint",
"privatelink:UpdateVpcEndpointAttribute",
"privatelink:GetVpcEndpointAttribute"
],
"Resource": "*",
"Effect": "Allow"
}
]
}相关文档
文档内容是否对您有帮助?