AliyunCISDefaultRolePolicy 是专用于服务角色的授权策略,通常会在创建对应的服务角色时同步完成授权,以允许服务角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2024-10-18 11:13:15
更新时间:2024-12-12 07:25:11
当前版本:v6
策略内容
{
"Version": "1",
"Statement": [{
"Action": [
"ecs:DescribeInstances",
"ecs:DescribeInstanceStatus",
"ecs:DescribeInstanceTypes",
"ecs:DescribeInstanceTypeFamilies",
"ecs:DescribeInstanceAttribute",
"ecs:DescribeDiagnosticReports",
"ecs:DescribeDiagnosticReportAttributes",
"ecs:DescribeDiagnosticMetricSets",
"ecs:DescribeDiagnosticMetrics",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSecurityGroupReferences",
"ecs:DescribeBandwidthLimitation",
"ecs:DescribeCloudAssistantStatus",
"ecs:DescribeCommands",
"ecs:DescribeInvocationResults",
"ecs:CreateCommand",
"ecs:InvokeCommand",
"ecs:StopInvocation",
"ecs:CreateDiagnosticReport",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribeDisks",
"ecs:RunCommand"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribeVpcAttribute",
"vpc:DescribeVSwitches",
"vpc:DescribeVSwitchAttributes",
"vpc:DescribeRouteTableList",
"vpc:DescribeRouteEntryList",
"vpc:DescribeNatGateways",
"vpc:DescribeRouteTables",
"vpc:DescribeSnatTableEntries",
"vpc:DescribeNetworkAcls",
"vpc:DescribeNetworkAclAttributes",
"vpc:DescribeEipAddresses"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"sls:GetLogStore"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oss:GetBucketInfo"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"slb:DescribeLoadBalancers",
"slb:DescribeLoadBalancerAttribute",
"slb:DescribeVServerGroups",
"slb:DescribeVServerGroupAttribute",
"slb:DescribeLoadBalancerTCPListenerAttribute",
"slb:DescribeLoadBalancerUDPListenerAttribute",
"slb:DescribeAccessControlLists",
"slb:DescribeAccessControlListAttribute",
"slb:DescribeLoadBalancerListeners",
"slb:DescribeHealthStatus"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"grace:GetFile",
"grace:AnalyzeFile",
"grace:UploadFileByOSS",
"grace:UploadFileByURL"
],
"Resource": "acs:grace:*:*:*",
"Effect": "Allow"
},
{
"Action": [
"ram:ListPoliciesForRole"
],
"Resource": [
"acs:ram:*:*:role/kubernetesworkerrole*"
],
"Effect": "Allow"
},
{
"Action": [
"cms:DescribeMetricData",
"cms:DescribeMetricLast",
"cms:DescribeMetricMetaList",
"cms:DescribeMetricTop",
"cms:QueryMetricMeta",
"cms:QueryMetricTop",
"cms:ListMetricMeta",
"cms:ListMetricMetaProject",
"cms:QueryMetricData",
"cms:QueryMetricLast",
"cms:DescribeMetricList",
"cms:QueryMetricList",
"cms:MetricMeta",
"cms:DescribeAlertLogList",
"cms:DescribeSystemEventAttribute",
"cms:GetMetricStreamMeta"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"eflo:DescribeNode",
"eflo:RunCommand",
"eflo:DescribeInvocations"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"eci:DescribeContainerGroups",
"eci:RunCommand",
"eci:DescribeCommandResult",
"eci:ListUsage"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ess:DescribeScalingGroups",
"ess:DescribeScalingInstances",
"ess:DescribeScalingActivities",
"ess:DescribeScalingConfigurations",
"ess:DescribeScalingRules",
"ess:DescribeScheduledTasks",
"ess:DescribeLifecycleHooks",
"ess:DescribeNotificationConfigurations",
"ess:DescribeNotificationTypes",
"ess:DescribeRegions",
"ess:DescribePatternTypes"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"cs:DescribeClusterDetail",
"cs:DescribeClusterResources",
"cs:DescribeTasks",
"cs:DescribeTaskInfo",
"cs:DescribeClusterNodePools",
"cs:DescribeNodePoolVuls",
"cs:DescribeKubernetesVersionMetadata",
"cs:DescribeClusterAddonsUpgradeStatus"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"quotas:ListProducts",
"quotas:ListProductQuotas",
"quotas:ListProductQuotas",
"quotas:ListProductQuotaDimensions",
"quotas:GetProductQuota",
"quotas:GetProductQuotaDimension"
],
"Resource": "acs:quotas:*:*:*",
"Effect": "Allow"
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "selfservice.ecs.aliyuncs.com"
}
}
}
]
}