AliyunDMSProcessingDataRolePolicy is the authorization policy dedicated to a service role. In most cases, when a service role is created, the policy is attached to the service role. Then, the service role is authorized to access other cloud services. This policy is updated by the relevant Alibaba Cloud service. Do not attach this policy to a RAM identity other than a service role.
Policy details
Type: service system policy
Creation time: 21:02:36 on June 20, 2024
Update time: 05:38:29 on January 26, 2026
Current version: v18
Policy content
{
"Version": "1",
"Statement": [
{
"Action": [
"oss:ListObjects",
"oss:GetBucketAcl",
"oss:GetBucketLocation",
"oss:GetBucketInfo",
"oss:GetBucketLogging",
"oss:GetBucketWebsite",
"oss:GetBucketReferer",
"oss:GetBucketLifecycle",
"oss:GetBucketEncryption",
"oss:GetBucketStat",
"oss:GetBucketMetadata",
"oss:GetBucketTagging",
"oss:GetBucketVersioning",
"oss:GetSimplifiedObjectMeta",
"oss:GetObjectMetadata",
"oss:GetBucketStorageCapacity",
"oss:GetBucketEncryption",
"oss:GetObject",
"oss:GetObjectAcl",
"oss:GetObjectTagging",
"oss:GetService",
"oss:HeadObject",
"oss:ListObjects",
"oss:ListParts",
"oss:ListBuckets",
"oss:ListVpcip",
"oss:ListVersions",
"oss:GetBucketCname",
"oss:GetBucketRequestPayment",
"oss:GetBucketVpcip",
"oss:DoesBucketExist",
"oss:DoesObjectExist",
"oss:ListObjectsV2",
"oss:PutBucket",
"oss:PutObject",
"oss:PutObjectTagging",
"oss:CopyObject",
"oss:RestoreObject",
"oss:UploadFile",
"oss:DownloadFile",
"oss:DeleteObject",
"oss:DeleteObjects",
"oss:ListObjectVersions",
"oss:AbortMultipartUpload",
"oss:InitiateMultipartUpload",
"oss:CompleteMultipartUpload",
"oss:ListMultipartUploads"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVSwitchAttributes",
"vpc:DescribeVSwitches",
"vpc:DescribeRouteTableList",
"vpc:DescribeRouteTables",
"vpc:DescribeVpcAttribute",
"vpc:CreateRouteEntry",
"vpc:DeleteRouteEntry",
"vpc:AcceptVpcPeerConnection"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"alb:AssociateResources",
"alb:DeleteLoadBalancer",
"alb:ReplaceServersInServerGroup",
"alb:ListServerGroupServers",
"alb:CreateServerGroup",
"alb:AddServersToServerGroup",
"alb:RemoveServersFromServerGroup",
"alb:ListServerGroups",
"alb:ListListeners",
"alb:CreateListener",
"alb:GetLoadBalancerAttribute",
"alb:CreateLoadBalancer",
"alb:ListLoadBalancers",
"alb:AssociateAclsWithListener",
"alb:AddEntriesToAcl",
"alb:DeleteAcl",
"alb:CreateAcl",
"alb:DeleteServerGroup",
"alb:RemoveServersFromServerGroup",
"alb:GetListenerAttribute",
"alb:listAcls"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:CreateNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:CreateNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:DeleteNetworkInterfacePermission",
"ecs:JoinSecurityGroup",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:LeaveSecurityGroup",
"ecs:CreateSecurityGroup",
"ecs:AuthorizeSecurityGroup",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroups",
"ecs:RevokeSecurityGroup"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"privatelink:CreateVpcEndpoint",
"privatelink:DeleteVpcEndpoint",
"privatelink:AddZoneToVpcEndpoint",
"privatelink:GetVpcEndpointAttribute",
"privatelink:ListVpcEndpointZones",
"privatelink:RemoveZoneFromVpcEndpoint"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"adb:DescribePolarDBAiEngine",
"adb:DescribeDBClusterPerformance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "gpdb:DescribeDBClusterPerformance",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"rds:DescribeRCClusterConfig",
"rds:DescribeRCClusters",
"rds:DescribeDBInstances",
"rds:DescribeDBInstanceAttribute"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "privatelink.aliyuncs.com"
}
}
},
{
"Action": [
"ecs:CreateNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:CreateNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:ModifyNetworkInterfaceAttribute",
"ecs:CreateSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroups",
"ecs:ModifySecurityGroupAttribute",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:RevokeSecurityGroup",
"ecs:RevokeSecurityGroupEgress",
"ecs:DescribeKeyPairs",
"ecs:ModifyImageSharePermission",
"ecs:CopyImage",
"ecs:DescribeImages",
"ecs:DescribeSnapshots"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVSwitches",
"vpc:AssociateEipAddress",
"vpc:UnassociateEipAddress",
"vpc:DescribeEipAddresses",
"vpc:DescribeVpcs"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cs:CreateClusterNodePool",
"cs:DeleteClusterNodepool",
"cs:DescribeClusterNodePoolDetail",
"cs:DescribeTaskInfo",
"cs:DescribeClustersV1",
"cs:GetClusters",
"cs:DescribeClustersForRegion",
"cs:DescribeClusterDetail",
"cs:DescribeClusterNodePools",
"cs:DescribeClusterAttachScripts",
"cs:DescribeClusterUserKubeconfig"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"resourcesharing:CreateResourceShare",
"resourcesharing:ListResourceShareAssociations",
"resourcesharing:DeleteResourceShare",
"resourcesharing:ListResourceShares"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"privatelink:CheckProductOpen",
"privatelink:OpenPrivateLinkService",
"privatelink:ListVpcEndpoints",
"privatelink:CreateVpcEndpoint",
"privatelink:GetVpcEndpointAttribute",
"privatelink:DeleteVpcEndpoint",
"privatelink:ListVpcEndpointZones",
"privatelink:CreateVpcEndpointService"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "privatelink.aliyuncs.com"
}
}
},
{
"Action": [
"nlb:CreateLoadBalancer",
"nlb:ListListeners",
"nlb:ListServerGroupServers",
"nlb:AddServersToServerGroup",
"nlb:GetListenerHealthStatus",
"nlb:CreateListener",
"nlb:StartListener",
"nlb:CreateServerGroup"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cr:GetInstanceVpcEndpoint",
"cr:GetInstanceEndpoint"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "nlb.aliyuncs.com"
}
}
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "alb.aliyuncs.com"
}
}
}
]
}