AliyunCSManagedCsiProvisionerRolePolicy 是专用于服务角色的授权策略,通常会在创建对应的服务角色时同步完成授权,以允许服务角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2024-06-04 16:25:39
更新时间:2024-06-04 16:25:39
当前版本:v1
策略内容
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:AttachDisk",
"ecs:DetachDisk",
"ecs:DescribeDisks",
"ecs:CreateDisk",
"ecs:ResizeDisk",
"ecs:CreateSnapshot",
"ecs:DeleteSnapshot",
"ecs:AddTags",
"ecs:RemoveTags",
"ecs:DescribeTags",
"ecs:DescribeSnapshots",
"ecs:ListTagResources",
"ecs:TagResources",
"ecs:UntagResources",
"ecs:ModifyDiskSpec",
"ecs:CreateSnapshot",
"ecs:DescribeSnapshotGroups",
"ecs:CreateSnapshotGroup",
"ecs:DeleteSnapshotGroup",
"ecs:DeleteDisk",
"ecs:DescribeInstanceAttribute",
"ecs:DescribeInstanceHistoryEvents",
"ecs:DescribeTaskAttribute",
"ecs:DescribeInstances"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"nas:DescribeFileSystems",
"nas:DescribeMountTargets",
"nas:AddTags",
"nas:DescribeTags",
"nas:RemoveTags",
"nas:CreateFileSystem",
"nas:DeleteFileSystem",
"nas:ModifyFileSystem",
"nas:CreateMountTarget",
"nas:DeleteMountTarget",
"nas:ModifyMountTarget",
"nas:TagResources",
"nas:SetDirQuota",
"nas:EnableRecycleBin",
"nas:GetRecycleBinAttribute",
"nas:DescribeProtocolMountTarget",
"nas:CancelDirQuota",
"nas:DescribeDirQuotas",
"nas:CreateDir",
"nas:GetRecycleBinAttribute",
"nas:DescribeAccessPoint",
"nas:CreateAccessPoint",
"nas:DescribeAccessPoints"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"cs:CreateResourcesSystemTags",
"cs:DescribeTemplateAttribute",
"cs:DescribeTemplates"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"ens:DescribeInstances",
"ens:DescribeDisks",
"ens:ModifyDiskAttribute",
"ens:CreateDisk",
"ens:DetachDisk",
"ens:AttachDisk",
"ens:DeleteDisk"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"oss:PutObject",
"oss:IsObjectExist",
"oss:ListObjects",
"oss:GetObject",
"oss:DeleteObject",
"oss:GetBucket"
],
"Resource": "acs:oss:*:*:cnfs-oss*"
}
]
}