AliyunCSAIAssistantRolePolicy 是专用于服务角色的授权策略,通常会在创建对应的服务角色时同步完成授权,以允许服务角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2024-08-16 09:43:29
更新时间:2026-01-27 06:55:56
当前版本:v5
策略内容
{
"Version": "1",
"Statement": [{
"Action": [
"cs:DescribeClusterVuls",
"cs:DescribeKubernetesVersionMetadata",
"cs:DescribeClusterEndpoints",
"cs:DescribePolicyInstancesStatus",
"cs:GetClusterCheckResult",
"cs:GetCostCheckItem",
"cs:CheckControlPlaneLogEnable",
"cs:GetClusterAuditProject",
"cs:DescribeClusterDetail",
"cs:DescribeClusters",
"cs:CreateClusterDiagnosis",
"cs:CreateClusterInspectConfig",
"cs:GetClusterDiagnosisResult",
"cs:RunClusterInspect",
"cs:RunClusterCheck",
"cs:ListClusterInspectReports",
"cs:GetClusterInspectReportDetail",
"cs:ListClusterChecks",
"cs:DescribeClusterNodes",
"cs:GetClusters"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"yundun-sas:DescribeSuspEvents",
"yundun-sas:DescribeVulDetails"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cr:CreateClusterImageAnalysisTask",
"cr:GetClusterImageAnalysisTask"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"arms:GetPrometheusInstance",
"arms:GetCloudClusterAllUrl"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"log:ListProject",
"log:ListTagResources",
"log:ListLogStores",
"log:ListConsumerGroup",
"log:GetProject",
"log:GetAlert",
"log:GetIndex",
"log:GetLogStore",
"log:GetLogStoreLogs"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"sysom:InvokeDiagnosis",
"sysom:GetDiagnosisResult",
"sysom:GetDiagnosisResult",
"sysom:ListDiagnosis",
"sysom:InitialSysom"
],
"Resource": "*"
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"selfservice.ecs.aliyuncs.com",
"sysom.aliyuncs.com"
]
}
}
}
]
}