Home PageResource Access ManagementDeveloper ReferenceSystem Policy ReferenceAliyunServiceRolePolicyForADBPG
Search for Help Content

AliyunServiceRolePolicyForADBPG

Updated at: 2025-03-12 13:05
Product
Community

AliyunServiceRolePolicyForADBPG is the authorization policy dedicated to a service-linked role. The policy is automatically attached to a service role when the service role is created. Then, the service-linked role is authorized to access other cloud services. This policy is updated by the relevant Alibaba Cloud service. Do not attach this policy to a RAM identity other than a service-linked role.

Policy details

  • Type: service system policy

  • Creation time: 12:08:23 on August 10, 2020

  • Update time: 13:04:33 on March 12, 2025

  • Current version: v13

Policy content

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "ecs:CreateNetworkInterface",
        "ecs:DeleteNetworkInterface",
        "ecs:AttachNetworkInterface",
        "ecs:DetachNetworkInterface",
        "ecs:DescribeNetworkInterfaces",
        "ecs:CreateNetworkInterfacePermission",
        "ecs:DescribeNetworkInterfacePermissions",
        "ecs:CreateSecurityGroup",
        "ecs:DeleteSecurityGroup",
        "ecs:DescribeSecurityGroupAttribute",
        "ecs:DescribeSecurityGroups",
        "ecs:ModifySecurityGroupAttribute",
        "ecs:AuthorizeSecurityGroup",
        "ecs:AuthorizeSecurityGroupEgress",
        "ecs:RevokeSecurityGroup",
        "ecs:RevokeSecurityGroupEgress",
        "ecs:ModifyNetworkInterfaceAttribute",
        "ecs:DescribeNetworkInterfaceAttribute"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "kms:Listkeys",
        "kms:Listaliases",
        "kms:ListResourceTags",
        "kms:DescribeKey",
        "kms:UntagResource",
        "kms:TagResource",
        "kms:DescribeAccountKmsStatus"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "kms:Encrypt",
        "kms:Decrypt",
        "kms:GenerateDataKey"
      ],
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEqualsIgnoreCase": {
          "kms:tag/acs:adbpg:instance-encryption": "true"
        }
      }
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "adbpg.aliyuncs.com"
        }
      }
    },
    {
      "Action": [
        "vpc:DescribeVSwitches",
        "vpc:DescribeVpcs"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "alb:TagResources",
        "alb:UnTagResources",
        "alb:ListServerGroups",
        "alb:ListServerGroupServers",
        "alb:AddServersToServerGroup",
        "alb:RemoveServersFromServerGroup",
        "alb:ReplaceServersInServerGroup",
        "alb:CreateLoadBalancer",
        "alb:DeleteLoadBalancer",
        "alb:UpdateLoadBalancerAttribute",
        "alb:UpdateLoadBalancerEdition",
        "alb:EnableLoadBalancerAccessLog",
        "alb:DisableLoadBalancerAccessLog",
        "alb:EnableDeletionProtection",
        "alb:DisableDeletionProtection",
        "alb:ListLoadBalancers",
        "alb:GetLoadBalancerAttribute",
        "alb:ListListeners",
        "alb:CreateListener",
        "alb:GetListenerAttribute",
        "alb:UpdateListenerAttribute",
        "alb:ListListenerCertificates",
        "alb:AssociateAdditionalCertificatesWithListener",
        "alb:DissociateAdditionalCertificatesFromListener",
        "alb:DeleteListener",
        "alb:CreateRule",
        "alb:DeleteRule",
        "alb:UpdateRuleAttribute",
        "alb:CreateRules",
        "alb:UpdateRulesAttribute",
        "alb:DeleteRules",
        "alb:ListRules",
        "alb:CreateServerGroup",
        "alb:DeleteServerGroup",
        "alb:UpdateServerGroupAttribute",
        "alb:DescribeZones"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "yundun-cert:DescribeUserCertificateList",
        "yundun-cert:DescribeUserCertificateDetail"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "emr:GetCluster",
        "emr:ListApplicationConfigs",
        "emr:ListClusters",
        "emr:ListNodes"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "rds:DescribeDBInstanceAttribute",
        "rds:DescribeDBInstanceIPArrayList",
        "rds:DescribeDBInstanceNetInfo",
        "rds:DescribeDBInstanceSSL",
        "rds:DescribeDBInstances",
        "rds:DescribeDatabases",
        "rds:DescribeOssDownloads",
        "rds:DescribeRegions",
        "rds:DescribeResourceUsage",
        "rds:ModifySecurityIps"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "gpdb:DescribeDBInstanceAttribute",
        "gpdb:DescribeDBInstances",
        "gpdb:DescribeRegions",
        "gpdb:DescribeDBInstanceIPArrayList",
        "gpdb:DescribeDBClusterIPArrayList",
        "gpdb:ModifySecurityIps",
        "gpdb:DescribeDBInstanceNetInfo",
        "gpdb:DescribeDBClusterPerformance",
        "gpdb:ListStreamingDataServices",
        "gpdb:CreateStreamingDataService",
        "gpdb:DeleteStreamingDataService",
        "gpdb:DescribeStreamingDataService"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "polardb:DescribeDBClusterIPArrayList",
        "polardb:DescribeDBClusterNetInfo",
        "polardb:DescribeDBClusters",
        "polardb:DescribeRegions",
        "polardb:DescribeDBClusterEndpoints",
        "polardb:DescribeDBClusterAccessWhiteList",
        "polardb:ModifyDBClusterAccessWhitelist",
        "polardb:ModifySecurityIps",
        "polardb:DescribeDBClusterAttribute"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "dts:DescribeDtsJobs",
        "dts:ModifyDtsJobEndpoint"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "dds:DescribeDBInstanceAttribute",
        "dds:DescribeReplicaSetRole",
        "dds:DescribeSecurityIps",
        "dds:DescribeDBInstances",
        "dds:ModifySecurityIps",
        "dds:DescribeShardingNetworkAddress"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "lindorm:UpdateInstanceIpWhiteList",
        "lindorm:GetLindormInstanceEngineList",
        "lindorm:GetLindormInstanceList",
        "lindorm:GetLindormInstance",
        "lindorm:GetInstanceIpWhiteList"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "rds:DescribeAvailableZones",
        "dbs:DescribeBackupDataList"
      ],
      "Resource": "*",
      "Effect": "Allow"
    }
  ]
}

References

Previous: AliyunServiceRolePolicyForAlbGaNext: AliyunServiceRolePolicyForAliyunServiceRoleForAIdocAccessingOSS
  • On this page (1)
  • Policy details
  • Policy content
  • References
Feedback
phone Contact Us

Chat now with Alibaba Cloud Customer Service to assist you in finding the right products and services to meet your needs.

alicare alicarealicarealicare