AliyunDBSRolePolicy 是专用于服务角色的授权策略,通常会在创建对应的服务角色时同步完成授权,以允许服务角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2017-10-10 15:29:27
更新时间:2017-10-10 15:29:27
当前版本:v1
策略内容
{
"Version": "1",
"Statement": [
{
"Action": [
"rds:DescribeRegions",
"rds:DescribeZones",
"rds:DescribeDBInstanceNetInfo",
"rds:DescribeDBInstanceNetInfoForChannel",
"rds:DescribeTasks",
"rds:DescribeDBInstances",
"rds:DescribeFilesForSQLServer",
"rds:DescribeImportsForSQLServer",
"rds:DescribeSlowLogRecords",
"rds:DescribeBinlogFiles",
"rds:DescribeSQLLogRecords",
"rds:DescribeParameters",
"rds:DescribeParameterTemplates",
"rds:DescribeDBInstanceAttribute",
"rds:DescribeDatabases",
"rds:DescribeAccounts",
"rds:DescribeSecurityIPList",
"rds:DescribeSecurityIps",
"rds:DescribeDBInstanceIPArray",
"rds:DescribeDBInstanceIPArrayList",
"rds:DescribeDBInstanceSSL",
"rds:DescribeDBInstanceTDE",
"rds:CreateDBInstance",
"rds:CreateAccount",
"rds:CreateDatabase*",
"rds:ModifySecurityIps",
"rds:GrantAccountPrivilege",
"rds:CreateMigrateTask",
"rds:CreateOnlineDatabaseTask",
"rds:DescribeMigrateTasks",
"rds:DescribeOssDownloads",
"rds:CreateBackup",
"rds:DescribeBackups",
"rds:DescribeBackupPolicy",
"rds:ModifyBackupPolicy",
"rds:DescribeBackupTasks",
"rds:DescribeBinlogFiles",
"rds:DescribeResourceUsage",
"rds:DescribeAvailableZones",
"rds:DescribeAvailableClasses",
"rds:ListClasses"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:DescribeRegions",
"ecs:DescribeZones",
"ecs:DescribeInstance",
"ecs:DescribeInstances",
"ecs:DescribeVpcs",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSecurityGroupAttribute",
"ecs:AuthorizeSecurityGroup",
"ecs:JoinSecurityGroup",
"ecs:RevokerSecurityGroup"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dhs:ListProject",
"dhs:GetProject",
"dhs:CreateTopic",
"dhs:ListTopic",
"dhs:GetTopic",
"dhs:UpdateTopic",
"dhs:ListShard",
"dhs:MergeShard",
"dhs:SplitShard",
"dhs:PutRecords",
"dhs:GetRecords",
"dhs:GetCursors"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oss:ListBuckets",
"oss:PutBucket",
"oss:GetBucketWebsite",
"oss:GetBucketReferer",
"oss:GetBucketAcl",
"oss:GetBucketLogging",
"oss:GetBucketCors",
"oss:GetBucketReplication",
"oss:ListObjects",
"oss:GetBucketLocation",
"oss:GetBucketLifecycle",
"oss:PutBucketLifecycle",
"oss:GetObject",
"oss:PutObject",
"oss:DeleteObject",
"oss:RestoreObject",
"oss:ListMultipartUploads",
"oss:AbortMultipartUpload",
"oss:ListParts",
"oss:PutObjectTagging",
"oss:GetObjectTagging",
"oss:DeleteObjectTagging",
"oss:CopyObject",
"oss:DeleteMultipleObjects",
"oss:PutSymlink",
"oss:GetSymlink"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kms:CreateKey",
"kms:ListKeys",
"kms:GenerateDataKey",
"kms:Encrypt",
"kms:Decrypt",
"kms:EnableKey"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cms:PutEventRule",
"cms:PutEventTargets",
"cms:ListEventRules",
"cms:ListEventTargetsByRule",
"cms:DeleteEventRule",
"cms:DeleteEventTargets"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"polardb:DescribeDBClusterIPArrayList",
"polardb:DescribeDBClusterNetInfo",
"polardb:DescribeDBClusters",
"polardb:DescribeRegions",
"polardb:ModifySecurityIps",
"polardb:DescribeDBClusterEndpoints",
"polardb:DescribeDBClusterAccessWhitelist",
"polardb:ModifyDBClusterAccessWhitelist"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dds:DescribeDBInstanceAttribute",
"dds:DescribeReplicaSetRole",
"dds:DescribeShardingNetworkAddress",
"dds:DescribeSecurityIps",
"dds:DescribeDBInstances",
"dds:DescribeRegions",
"dds:ModifySecurityIps"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kvstore:DescribeSecurityIps",
"kvstore:DescribeInstances",
"kvstore:DescribeRegions",
"kvstore:DescribeAccounts",
"kvstore:DescribeDBInstanceNetInfoForInner",
"kvstore:DescribeDBInstanceNetInfo",
"kvstore:CreateAccount",
"kvstore:ModifySecurityIps",
"kvstore:DescribeInstanceAttribute",
"kvstore:AllocateInstancePrivateConnection",
"kvstore:DescribeLogicInstanceTopology"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"drds:DescribeDrds*",
"drds:ModifyDrdsIpWhiteList",
"drds:DescribeRegions",
"drds:CreateDrdsDB",
"drds:DescribeTable",
"drds:DescribeTables",
"drds:ModifyRdsReadWeight",
"drds:ChangeAccountPassword",
"drds:CreateDrdsInstance",
"drds:CreateInstanceInternetAddress",
"drds:DescribeInstanceAccounts"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "hdm:AddHDMInstance",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dg:GetUserGateways",
"dg:GetUserDatabases",
"dg:AddDatabase",
"dg:DescribeRegions"
],
"Resource": "*",
"Effect": "Allow"
}
]
}