All Products
Search
Document Center

Resource Access Management:AliyunCSManagedArmsRolePolicy

更新時間:Dec 24, 2024

AliyunCSManagedArmsRolePolicy is the authorization policy dedicated to a service role. In most cases, when a service role is created, the policy is attached to the service role. Then, the service role is authorized to access other cloud services. This policy is updated by the relevant Alibaba Cloud service. Do not attach this policy to a RAM identity other than a service role.

Policy details

  • Type: service system policy

  • Creation time: 11:14:14 on October 18, 2024

  • Update time: 09:02:22 on December 24, 2024

  • Current version: v20

Policy content

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "arms:CMonitorCloudInstances",
        "arms:CMonitorRegister",
        "arms:ConfigAgentLabel",
        "arms:CreateAlertRules",
        "arms:CreateAlertTemplate",
        "arms:CreateApp",
        "arms:CreateContact",
        "arms:CreateContactGroup",
        "arms:CreateDispatchRule",
        "arms:CreateOrUpdateIMRobot",
        "arms:CreateOrUpdateWebhookContact",
        "arms:CreateProm",
        "arms:CreatePrometheusAlertRule",
        "arms:DeleteAlert",
        "arms:DeleteAlertContact",
        "arms:DeleteAlertContactGroup",
        "arms:DeleteAlertRules",
        "arms:DeleteAlertTemplate",
        "arms:DeleteApp",
        "arms:DeleteContact",
        "arms:DeleteContactGroup",
        "arms:DeleteContactLink",
        "arms:DeleteContactMember",
        "arms:DeleteDispatchRule",
        "arms:DeleteIMRobot",
        "arms:DeletePrometheusAlertRule",
        "arms:DeleteWebhookContact",
        "arms:DescribeDispatchRule",
        "arms:DescribeIMRobots",
        "arms:DescribePrometheusAlertRule",
        "arms:DescribeWebhookContacts",
        "arms:DisableAlertTemplate",
        "arms:EnableAlertTemplate",
        "arms:GetAlarmHistories",
        "arms:GetAlert",
        "arms:GetAlertEvents",
        "arms:GetAlertRules",
        "arms:GetAlertRulesByPage",
        "arms:GetAssumeRoleCredentials",
        "arms:GetCommercialStatus",
        "arms:InstallEventer",
        "arms:InstallManagedPrometheus",
        "arms:ListActivatedAlerts",
        "arms:ListAlertTemplates",
        "arms:ListDashboards",
        "arms:ListDispatchRule",
        "arms:ListEscalationPolicies",
        "arms:ListOnCallSchedules",
        "arms:ListPrometheusAlertRules",
        "arms:ListPrometheusAlertTemplates",
        "arms:QueryAlarmHistory",
        "arms:QueryAlarmName",
        "arms:SaveAlert",
        "arms:SaveContactGroup",
        "arms:SaveContactMember",
        "arms:SaveTraceAppConfig",
        "arms:SearchAlarmHistories",
        "arms:SearchAlertRules",
        "arms:SearchContact",
        "arms:SearchContactGroup",
        "arms:SearchEvents",
        "arms:SendTTSVerifyLink",
        "arms:StartAlert",
        "arms:StartAlertRule",
        "arms:StopAlert",
        "arms:StopAlertRule",
        "arms:UninstallManagedPrometheus",
        "arms:UpdateAlertRules",
        "arms:UpdateAlertTemplate",
        "arms:UpdateContact",
        "arms:UpdateContactGroup",
        "arms:UpdateContactMember",
        "arms:UpdateDispatchRule",
        "arms:UpdatePrometheusAlertRule",
        "arms:UpgradeAddonRelease",
        "arms:CheckServiceStatus",
        "arms:GetClusterAllUrl",
        "arms:GetClusterInfoForArms",
        "arms:GetExploreUrl",
        "arms:GetIntegrationState",
        "arms:GetManagedPrometheusStatus",
        "arms:ListAlertEvents",
        "arms:QueryMetric",
        "arms:QueryPromInstallStatus",
        "arms:SearchAlertContactGroup",
        "arms:SearchAlertHistories",
        "arms:CreateAlertContact",
        "arms:CreateAlertContactGroup",
        "arms:ImportCustomAlertRules",
        "arms:SearchAlertContact",
        "arms:UpdateAlertContact",
        "arms:UpdateAlertContactGroup",
        "arms:UpdateAlertRule",
        "arms:UpdateWebhook",
        "arms:InnerFetchContactGroupByArmsContactGroupId",
        "xtrace:GetToken",
        "arms:ListEnvironments",
        "arms:DescribeAddonRelease",
        "arms:InstallAddon",
        "arms:DeleteAddonRelease",
        "arms:ListEnvironmentDashboards",
        "arms:ListAddonReleases",
        "arms:CreateEnvironment",
        "arms:InitEnvironment",
        "arms:DescribeEnvironment",
        "arms:InstallEnvironmentFeature",
        "arms:ListEnvironmentFeatures",
        "arms:UpdateEnvironment",
        "arms:GetPrometheusInstance",
        "arms:GetPrometheusApiToken"
      ],
      "Resource": [
        "*"
      ],
      "Effect": "Allow"
    },
    {
      "Action": [
        "mse:AddBlackWhiteList",
        "mse:AddGateway",
        "mse:AddServiceSource",
        "mse:CreateApplication",
        "mse:DeleteGateway",
        "mse:GetBlackWhiteList",
        "mse:GetGateway",
        "mse:GetGatewayDetail",
        "mse:GetGatewayOption",
        "mse:ListServiceSource",
        "mse:ListTagResources",
        "mse:ModifyLosslessRule",
        "mse:TagResources",
        "mse:UntagResources",
        "mse:UpdateBlackWhiteList",
        "mse:UpdateGatewayOption",
        "mse:UpdateServiceSource",
        "mse:GetLicenseKey",
        "mse:CreateGovernanceKubernetesCluster",
        "mse:ReportOnePilotInfo",
        "mse:GenerateAgentLogSts",
        "mse:GetOpenSergoInfoByClusterId",
				"mse:ListNamespaces",
        "mse:ReportAppProfile"
      ],
      "Resource": [
        "*"
      ],
      "Effect": "Allow"
    },
    {
      "Action": [
        "log:PostLogStoreLogs",
        "log:RemoteWritePrometheus",
        "log:RemoteWrite"
      ],
      "Resource": [
        "*"
      ],
      "Effect": "Allow"
    },
    {
      "Action": [
        "cms:GetPrometheusInstance"
      ],
      "Resource": [
        "*"
      ],
      "Effect": "Allow"
    }
  ]
}

References