AliyunServiceRolePolicyForTSDB 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForTSDB 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2025-09-26 18:57:07
更新时间:2025-09-26 18:57:07
当前版本:v1
策略内容
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:CreateNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:DeleteNetworkINterface",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:CreateNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:DeleteNetworkInterfacePermission",
"ecs:CreateSecurityGroup",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DeleteSecurityGroup",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:RevokeSecurityGroup",
"ecs:RevokeSecurityGroupEgress",
"ecs:DettachNetworkInterface",
"ecs:DescribeInstances"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs",
"vpc:AllocateEipAddress",
"vpc:AssociateEipAddress",
"vpc:ReleaseEipAddress",
"vpc:UnassociateEipAddress",
"vpc:DescribeVpcAttribute",
"vpc:DescribeVSwitchAttributes"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dds:DescribeDBInstances",
"dds:DescribeDBInstanceAttribute"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kvstore:DescribeRegions",
"kvstore:DescribeInstances",
"kvstore:DescribeInstanceAttribute"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "hitsdb.aliyuncs.com"
}
}
},
{
"Action": [
"arms:OpenArmsService",
"arms:OpenArmsServiceSecondVersion",
"arms:ListDashboards",
"arms:GetPrometheusApiToken",
"arms:OpenVCluster",
"arms:CheckServiceStatus"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"slb:AddBackendServers",
"slb:AddTags",
"slb:AddVServerGroupBackendServers",
"slb:CreateLoadBalancer",
"slb:CreateLoadBalancerForCloudService",
"slb:CreateLoadBalancerHTTPListener",
"slb:CreateLoadBalancerHTTPSListener",
"slb:CreateLoadBalancerTCPListener",
"slb:CreateLoadBalancerUDPListener",
"slb:CreateVServerGroup",
"slb:DeleteLoadBalancer",
"slb:DeleteLoadBalancerListener",
"slb:DeleteVServerGroup",
"slb:DescribeLoadBalancerAttribute",
"slb:DescribeLoadBalancerHTTPListenerAttribute",
"slb:DescribeLoadBalancerHTTPSListenerAttribute",
"slb:DescribeLoadBalancerListeners",
"slb:DescribeLoadBalancerTCPListenerAttribute",
"slb:DescribeLoadBalancerUDPListenerAttribute",
"slb:DescribeLoadBalancers",
"slb:DescribeTags",
"slb:DescribeVServerGroupAttribute",
"slb:DescribeVServerGroups",
"slb:ModifyLoadBalancerInstanceSpec",
"slb:ModifyLoadBalancerInternetSpec",
"slb:ModifyVServerGroupBackendServers",
"slb:RemoveBackendServers",
"slb:RemoveTags",
"slb:RemoveVServerGroupBackendServers",
"slb:SetLoadBalancerDeleteProtection",
"slb:SetLoadBalancerHTTPListenerAttribute",
"slb:SetLoadBalancerHTTPSListenerAttribute",
"slb:SetLoadBalancerModificationProtection",
"slb:SetLoadBalancerName",
"slb:SetLoadBalancerTCPListenerAttribute",
"slb:SetLoadBalancerUDPListenerAttribute",
"slb:SetVServerGroupAttribute",
"slb:StartLoadBalancerListener",
"slb:StopLoadBalancerListener",
"vpc:ModifyBypassToaAttribute"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"alb:TagResources",
"alb:UnTagResources",
"alb:ListServerGroups",
"alb:ListServerGroupServers",
"alb:AddServersToServerGroup",
"alb:RemoveServersFromServerGroup",
"alb:ReplaceServersInServerGroup",
"alb:CreateLoadBalancer",
"alb:DeleteLoadBalancer",
"alb:UpdateLoadBalancerAttribute",
"alb:UpdateLoadBalancerEdition",
"alb:EnableLoadBalancerAccessLog",
"alb:DisableLoadBalancerAccessLog",
"alb:EnableDeletionProtection",
"alb:DisableDeletionProtection",
"alb:ListLoadBalancers",
"alb:GetLoadBalancerAttribute",
"alb:ListListeners",
"alb:CreateListener",
"alb:GetListenerAttribute",
"alb:UpdateListenerAttribute",
"alb:ListListenerCertificates",
"alb:AssociateAdditionalCertificatesWithListener",
"alb:DissociateAdditionalCertificatesFromListener",
"alb:DeleteListener",
"alb:CreateRule",
"alb:DeleteRule",
"alb:UpdateRuleAttribute",
"alb:CreateRules",
"alb:UpdateRulesAttribute",
"alb:DeleteRules",
"alb:ListRules",
"alb:CreateServerGroup",
"alb:DeleteServerGroup",
"alb:UpdateServerGroupAttribute",
"alb:DescribeZones"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"yundun-cert:DescribeUserCertificateList",
"yundun-cert:DescribeUserCertificateDetail"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"nlb:TagResources",
"nlb:UnTagResources",
"nlb:ListTagResources",
"nlb:CreateLoadBalancer",
"nlb:DeleteLoadBalancer",
"nlb:GetLoadBalancerAttribute",
"nlb:ListLoadBalancers",
"nlb:UpdateLoadBalancerAttribute",
"nlb:UpdateLoadBalancerAddressTypeConfig",
"nlb:UpdateLoadBalancerZones",
"nlb:CreateListener",
"nlb:DeleteListener",
"nlb:ListListeners",
"nlb:UpdateListenerAttribute",
"nlb:StopListener",
"nlb:StartListener",
"nlb:GetListenerAttribute",
"nlb:GetListenerHealthStatus",
"nlb:CreateServerGroup",
"nlb:DeleteServerGroup",
"nlb:UpdateServerGroupAttribute",
"nlb:AddServersToServerGroup",
"nlb:RemoveServersFromServerGroup",
"nlb:UpdateServerGroupServersAttribute",
"nlb:ListServerGroups",
"nlb:ListServerGroupServers",
"nlb:LoadBalancerLeaveSecurityGroup",
"nlb:LoadBalancerJoinSecurityGroup",
"nlb:GetJobStatus"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"privatelink:CreateVpcEndpoint",
"privatelink:DeleteVpcEndpoint",
"privatelink:ListVpcEndpointZones",
"privatelink:RemoveZoneFromVpcEndpoint",
"privatelink:GetVpcEndpointAttribute",
"privatelink:CheckProductOpen",
"privatelink:OpenPrivateLinkService",
"privatelink:UpdateVpcEndpointAttribute",
"privatelink:ListVpcEndpoints",
"privatelink:ListVpcEndpointServicesByEndUser",
"privatelink:EnableVpcEndpointConnection",
"privatelink:AddZoneToVpcEndpoint",
"privatelink:EnableVpcEndpointZoneConnection",
"privatelink:UpdateVpcEndpointZoneConnectionResourceAttribute",
"privatelink:DisableVpcEndpointZoneConnection",
"privatelink:AcceptVpcEndpointConnections",
"privatelink:AttachSecurityGroupToVpcEndpoint",
"privatelink:ListVpcEndpointSecurityGroups",
"privatelink:DetachSecurityGroupFromVpcEndpoint",
"privatelink:DeleteVpcEndpoint",
"privatelink:UpdateVpcEndpointConnectionAttribute"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"lindorm:UpgradeLindormV2StreamEngine",
"lindorm:GetLindormV2StreamEngineInfo"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"nlb.aliyuncs.com",
"eipaccess.slb.aliyuncs.com",
"privatelink.aliyuncs.com"
]
}
}
}
]
}相关文档
该文章对您有帮助吗?