AliyunCSManagedArmsRolePolicy 是专用于服务角色的授权策略,通常会在创建对应的服务角色时同步完成授权,以允许服务角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2024-10-18 11:14:14
更新时间:2024-12-11 03:07:59
当前版本:v19
策略内容
{
"Version": "1",
"Statement": [
{
"Action": [
"arms:CMonitorCloudInstances",
"arms:CMonitorRegister",
"arms:ConfigAgentLabel",
"arms:CreateAlertRules",
"arms:CreateAlertTemplate",
"arms:CreateApp",
"arms:CreateContact",
"arms:CreateContactGroup",
"arms:CreateDispatchRule",
"arms:CreateOrUpdateIMRobot",
"arms:CreateOrUpdateWebhookContact",
"arms:CreateProm",
"arms:CreatePrometheusAlertRule",
"arms:DeleteAlert",
"arms:DeleteAlertContact",
"arms:DeleteAlertContactGroup",
"arms:DeleteAlertRules",
"arms:DeleteAlertTemplate",
"arms:DeleteApp",
"arms:DeleteContact",
"arms:DeleteContactGroup",
"arms:DeleteContactLink",
"arms:DeleteContactMember",
"arms:DeleteDispatchRule",
"arms:DeleteIMRobot",
"arms:DeletePrometheusAlertRule",
"arms:DeleteWebhookContact",
"arms:DescribeDispatchRule",
"arms:DescribeIMRobots",
"arms:DescribePrometheusAlertRule",
"arms:DescribeWebhookContacts",
"arms:DisableAlertTemplate",
"arms:EnableAlertTemplate",
"arms:GetAlarmHistories",
"arms:GetAlert",
"arms:GetAlertEvents",
"arms:GetAlertRules",
"arms:GetAlertRulesByPage",
"arms:GetAssumeRoleCredentials",
"arms:GetCommercialStatus",
"arms:InstallEventer",
"arms:InstallManagedPrometheus",
"arms:ListActivatedAlerts",
"arms:ListAlertTemplates",
"arms:ListDashboards",
"arms:ListDispatchRule",
"arms:ListEscalationPolicies",
"arms:ListOnCallSchedules",
"arms:ListPrometheusAlertRules",
"arms:ListPrometheusAlertTemplates",
"arms:QueryAlarmHistory",
"arms:QueryAlarmName",
"arms:SaveAlert",
"arms:SaveContactGroup",
"arms:SaveContactMember",
"arms:SaveTraceAppConfig",
"arms:SearchAlarmHistories",
"arms:SearchAlertRules",
"arms:SearchContact",
"arms:SearchContactGroup",
"arms:SearchEvents",
"arms:SendTTSVerifyLink",
"arms:StartAlert",
"arms:StartAlertRule",
"arms:StopAlert",
"arms:StopAlertRule",
"arms:UninstallManagedPrometheus",
"arms:UpdateAlertRules",
"arms:UpdateAlertTemplate",
"arms:UpdateContact",
"arms:UpdateContactGroup",
"arms:UpdateContactMember",
"arms:UpdateDispatchRule",
"arms:UpdatePrometheusAlertRule",
"arms:UpgradeAddonRelease",
"arms:CheckServiceStatus",
"arms:GetClusterAllUrl",
"arms:GetClusterInfoForArms",
"arms:GetExploreUrl",
"arms:GetIntegrationState",
"arms:GetManagedPrometheusStatus",
"arms:ListAlertEvents",
"arms:QueryMetric",
"arms:QueryPromInstallStatus",
"arms:SearchAlertContactGroup",
"arms:SearchAlertHistories",
"arms:CreateAlertContact",
"arms:CreateAlertContactGroup",
"arms:ImportCustomAlertRules",
"arms:SearchAlertContact",
"arms:UpdateAlertContact",
"arms:UpdateAlertContactGroup",
"arms:UpdateAlertRule",
"arms:UpdateWebhook",
"arms:InnerFetchContactGroupByArmsContactGroupId",
"xtrace:GetToken",
"arms:ListEnvironments",
"arms:DescribeAddonRelease",
"arms:InstallAddon",
"arms:DeleteAddonRelease",
"arms:ListEnvironmentDashboards",
"arms:ListAddonReleases",
"arms:CreateEnvironment",
"arms:InitEnvironment",
"arms:DescribeEnvironment",
"arms:InstallEnvironmentFeature",
"arms:ListEnvironmentFeatures",
"arms:UpdateEnvironment",
"arms:GetPrometheusInstance",
"arms:GetPrometheusApiToken"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"mse:AddBlackWhiteList",
"mse:AddGateway",
"mse:AddServiceSource",
"mse:CreateApplication",
"mse:DeleteGateway",
"mse:GetBlackWhiteList",
"mse:GetGateway",
"mse:GetGatewayDetail",
"mse:GetGatewayOption",
"mse:ListServiceSource",
"mse:ListTagResources",
"mse:ModifyLosslessRule",
"mse:TagResources",
"mse:UntagResources",
"mse:UpdateBlackWhiteList",
"mse:UpdateGatewayOption",
"mse:UpdateServiceSource",
"mse:GetLicenseKey",
"mse:CreateGovernanceKubernetesCluster",
"mse:ReportOnePilotInfo",
"mse:GenerateAgentLogSts",
"mse:GetOpenSergoInfoByClusterId",
"mse:ReportAppProfile"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"log:PostLogStoreLogs",
"log:RemoteWritePrometheus",
"log:RemoteWrite"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"cms:GetPrometheusInstance"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}