AliyunServiceRolePolicyForDAS is the authorization policy dedicated to a service-linked role. The policy is automatically attached to a service role when the service role is created. Then, the service-linked role is authorized to access other cloud services. This policy is updated by the relevant Alibaba Cloud service. Do not attach this policy to a RAM identity other than a service-linked role.
Policy details
Type: service system policy
Creation time: 11:30:49 on July 28, 2020
Update time: 05:53:04 on January 05, 2026
Current version: v22
Policy content
{
"Version": "1",
"Statement": [
{
"Action": [
"rds:DescribeRegions",
"rds:DescribeDBInstances",
"rds:DescribeDatabases",
"rds:DescribeDBInstanceNetInfo",
"rds:DescribeDBInstanceAttribute",
"rds:DescribeAccounts",
"rds:DescribeDBInstanceIPArrayList",
"rds:DescribeDBInstancePerformance",
"rds:ModifySecurityIps",
"rds:CreateAccount",
"rds:GrantAccountPrivilege",
"rds:RevokeAccountPrivilege",
"rds:CreateDatabase",
"rds:ModifyDBInstanceDescription",
"rds:DescribeSlowLogRecords",
"rds:DescribeSlowLogs",
"rds:DescribeResourceUsage",
"rds:DescribeSQLCollectorPolicy",
"rds:ModifyDBInstanceSpec",
"rds:DescribeTasks",
"rds:DescribeTaskIdByRequestID",
"rds:ModifyDBNodeClass",
"rds:DescribeParameters",
"rds:ModifyParameter",
"rds:DescribeBackups",
"rds:CloneDBInstance",
"rds:DescribeLocalAvailableRecoveryTime",
"rds:DescribeSupportOnlineResizeDisk"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribePhysicalConnections",
"vpc:DescribeVpnGateways",
"vpc:DescribeRouterInterfaces",
"vpc:DescribeVirtualBorderRouters",
"vpc:DescribeVSwitches",
"vpc:DescribeVSwitchAttributes",
"vpc:ModifyVSwitchAttribute"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:DescribeInstances",
"ecs:DescribeInstanceAttribute",
"ecs:DescribeInstanceStatus",
"ecs:DescribeInstanceMonitorData",
"ecs:DescribeSecurityGroups",
"ecs:JoinSecurityGroup",
"ecs:DescribeSecurityGroupAttribute",
"ecs:AuthorizeSecurityGroup",
"ecs:RevokeSecurityGroup",
"ecs:DescribeDisks",
"ecs:RunInstances",
"ecs:CreateSecurityGroup",
"ecs:DescribeAvailableResource",
"ecs:DescribeImages"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kvstore:DescribeCacheAnalysisReport",
"kvstore:DescribeCacheAnalysisReportList",
"kvstore:CreateCacheAnalysisTask",
"kvstore:DescribeAccounts",
"kvstore:CreateAccount",
"kvstore:DescribeRegions",
"kvstore:DescribeInstances",
"kvstore:DescribeInstanceAttribute",
"kvstore:DescribeHistoryMonitorValues",
"kvstore:DescribeMonitorItems",
"kvstore:VerifyPassword",
"kvstore:DescribeSecurityIps",
"kvstore:ModifySecurityIps",
"kvstore:ModifyInstanceAttribute",
"kvstore:ModifyInstanceSpec",
"kvstore:AddShardingNode",
"kvstore:DeleteShardingNode",
"kvstore:DescribeRoleZoneInfo",
"kvstore:EnableAdditionalBandwidth",
"kvstore:RenewAdditionalBandwidth",
"kvstore:DescribeIntranetAttribute",
"kvstore:DescribeClusterMemberInfo",
"kvstore:DescribeAuditLogConfig",
"kvstore:DescribeAuditRecords",
"kvstore:DescribeRunningLogRecords",
"kvstore:DescribeSlowLogRecords",
"kvstore:ModifyAuditLogConfig"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dts:DescribeMigrationJobs",
"dts:DescribeMigrationJobDetail",
"dts:DescribeMigrationJobStatus",
"dts:CreateMigrationJob",
"dts:ConfigureMigrationJob",
"dts:SuspendMigrationJob",
"dts:StartMigrationJob",
"dts:StopMigrationJob",
"dts:DeleteMigrationJob",
"dts:DescribeSynchronizationJobs",
"dts:DescribeSynchronizationJobStatus",
"dts:CreateSynchronizationJob",
"dts:ConfigureSynchronizationJob",
"dts:SuspendSynchronizationJob",
"dts:StartSynchronizationJob",
"dts:DeleteSynchronizationJob",
"dts:DescribeObjectModifyStatus",
"dts:ModifySynchronizationObject",
"dts:ResetSynchronizationJob"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"pvtz:DescribeUserServiceStatus",
"pvtz:DescribeZones",
"pvtz:DescribeZoneRecords",
"pvtz:UpdateZoneRecord"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dds:DescribeDBInstances",
"dds:DescribeReplicaSetRole",
"dds:DescribeDBInstanceAttribute",
"dds:DescribeRegions",
"dds:DescribeDBInstancePerformance",
"dds:DescribeSecurityIps",
"dds:ModifyDBInstanceDescription",
"dds:ModifySecurityIps",
"dds:DescribeShardingNetworkAddress",
"dds:DescribeSlowLogRecords",
"dds:DescribeRunningLogRecords",
"dds:DescribeErrorLogList",
"dds:ModifyDBInstanceSpec",
"dds:ModifyNodeSpec"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cms:QueryContactGroup",
"cms:QueryContact"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"polardb:DescribeDBNodesParameters",
"polardb:DescribeParameterGroup",
"polardb:DescribeParameterGroups",
"polardb:DescribeDBClusters",
"polardb:DescribeRegions",
"polardb:DescribeDBClusterAttribute",
"polardb:ModifyDBNodeClass",
"polardb:DescribeDBClusterAvailableResources",
"polardb:CreateDBNodes",
"polardb:DeleteDBNodes",
"polardb:DescribeBackups",
"polardb:CreateDBCluster",
"polardb:ModifyDBClusterStorageSpace",
"polardb:ModifyDBClusterParameters",
"polardb:DescribeDBClusterParameters"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kms:ListKeys",
"kms:DescribeKey",
"kms:ListAliases"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"yundun-sddp:DescribeRules",
"yundun-sddp:DescribeRuleCategory",
"yundun-sddp:DescribeRuleDetail",
"yundun-sddp:DescribeParentInstances",
"yundun-sddp:DescribeEventCounts",
"yundun-sddp:DescribeEvents",
"yundun-sddp:DescribeEventTypes",
"yundun-sddp:DescribeEventDetail",
"yundun-sddp:DescribeConditions"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"log:OpenProductDataCollection",
"log:CloseProductDataCollection",
"log:GetProductDataCollection"
],
"Resource": [
"acs:log:*:*:project/nosql-*",
"acs:log:*:*:project/das-sqllog*"
],
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "hdm.aliyuncs.com"
}
}
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"r-kvstore.aliyuncs.com",
"audit.log.aliyuncs.com",
"middlewarelens.log.aliyuncs.com",
"ai-lens.log.aliyuncs.com",
"securitylens.log.aliyuncs.com",
"storagelens.log.aliyuncs.com"
]
}
}
}
]
}