All Products
Search
Document Center

Resource Access Management:AliyunServiceRolePolicyForAlbGa

Last Updated:Apr 03, 2024

AliyunServiceRolePolicyForAlbGa is the authorization policy dedicated to a service-linked role. The policy is automatically attached to a service role when the service role is created. Then, the service-linked role is authorized to access other cloud services. This policy is updated by the relevant Alibaba Cloud service. Do not attach this policy to a RAM identity other than a service-linked role.

Policy details

  • Type: service system policy

  • Creation time: 14:50:18 on January 09, 2024

  • Update time: 14:50:18 on January 09, 2024

  • Current version: v1

Policy content

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ga:UpdateAcceleratorCrossBorderStatus",
        "ga:ListAvailableAccelerateAreas",
        "ga:DeleteAccelerator",
        "ga:DescribeAccelerator",
        "ga:ListEndpointGroupIpAddressCidrBlocks",
        "ga:ListListeners",
        "ga:ListEndpointGroups",
        "ga:CreateAccelerator",
        "ga:DeployAccelerator",
        "ga:ListAvailableBusiRegions"
      ],
      "Resource": "*"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "ga.alb.aliyuncs.com"
        }
      }
    },
    {
      "Action": "ram:CreateServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": [
            "cdt.ga.aliyuncs.com",
            "alb.ga.aliyuncs.com",
            "ssl.ga.aliyuncs.com",
            "vpcendpoint.ga.aliyuncs.com"
          ]
        }
      }
    }
  ]
}

References