AliyunServiceRolePolicyForConfigRemediation 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForConfigRemediation 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2020-09-10 02:19:27
更新时间:2024-12-24 09:04:11
当前版本:v38
策略内容
{
"Version": "1",
"Statement": [
{
"Action": [
"actiontrail:CreateTrail",
"actiontrail:StartLogging",
"adb:DescribeBackupPolicy",
"adb:ModifyBackupPolicy",
"adb:ModifyDBClusterMaintainTime",
"alb:EnableDeletionProtection",
"bssapi:RenewInstance",
"bssapi:SetRenewal",
"cbn:TagResources",
"cdn:BatchSetCdnDomainConfig",
"cdn:SetDomainServerCertificate",
"cdn:TagResources",
"cen:TagResources",
"composer:CreateFlow",
"composer:GroupInvokeFlow",
"composer:InvokeFlow",
"cs:GetClusterInfo",
"cs:ListClusters",
"cs:TagResources",
"cs:UpdateClusterTags",
"cs:ModifyCluster",
"dcdn:TagResources",
"dcdn:ListTagResources",
"dcdn:TagDcdnResources",
"dcdn:DescribeDcdnTagResources",
"ddoscoo:CreateTagResources",
"ddoscoo:TagResources",
"dds:DescribeSecurityIps",
"dds:ModifySecurityIps",
"dds:ModifyBackupPolicy",
"dds:TagResources",
"drds:UpdateResourceGroupAttribute",
"ecs:DescribeInstances",
"ecs:JoinResourceGroup",
"ecs:ModifyInstanceAttribute",
"ecs:ModifyInstanceNetworkSpec",
"ecs:TagResources",
"ecs:DescribeSecurityGroupAttribute",
"ecs:RevokeSecurityGroup",
"ecs:StopInstance",
"ecs:ModifyAutoSnapshotPolicyEx",
"ecs:ApplyAutoSnapshotPolicy",
"ecs:CreateAutoSnapshotPolicy",
"ecs:DescribeAutoSnapshotPolicyEx",
"ecs:RenewInstance",
"ecs:DescribeInstances",
"ecs:DescribeInvocationResults",
"ecs:DescribeInvocations",
"ecs:RunCommand",
"elasticsearch:DescribeInstance",
"elasticsearch:ModifyWhiteIps",
"elasticsearch:UpdateSnapshotSetting",
"fc:PutFunctionAsyncInvokeConfig",
"fc:GetFunctionAsyncInvokeConfig",
"fc:ListStatefulAsyncInvocations",
"fc:ListTaggedResources",
"fc:TagResource",
"fc:UntagResource",
"gpdb:TagResources",
"gpdb:UntagResources",
"gpdb:ListTagResources",
"hbase:TagResources",
"kms:TagResource",
"kms:UpdateRotationPolicy",
"kms:DescribeKey",
"kms:SetDeletionProtection",
"kvstore:ModifyAuditLogConfig",
"kvstore:TagResources",
"kvstore:ReleaseInstancePublicConnection",
"kvstore:DescribeBackupPolicy",
"kvstore:DescribeSecurityIps",
"kvstore:ModifySecurityIps",
"kvstore:ModifyInstanceConfig",
"kvstore:DescribeDBInstanceNetInfo",
"kvstore:ModifyInstanceMaintainTime",
"kvstore:ModifyBackupPolicy",
"kvstore:ModifyInstanceAttribute",
"kvstore:RenewInstance",
"live:TagLiveResources",
"live:UnTagLiveResources",
"nas:AddTags",
"nas:TagResources",
"oos:StartExecution",
"oos:TagResources",
"oss:CreateBucketDataRedundancyTransition",
"oss:GetBucketTagging",
"oss:GetBucketReferer",
"oss:PutBucketTagging",
"oss:PutBucketACL",
"oss:PutBucketEncryption",
"oss:PutBucketLogging",
"oss:PutBucketReferer",
"oss:PutBucketVersioning",
"oss:PutBucketResourceGroup",
"ots:GetInstance",
"ots:UpdateInstance",
"polardb:DescribeDBClusterAccessWhitelist",
"polardb:TagResources",
"polardb:ModifyDBClusterMaintainTime",
"polardb:ModifyBackupPolicy",
"polardb:ModifyDBClusterAccessWhitelist",
"polardb:ModifyDBClusterDeletion",
"polardb:ModifyDBClusterResourceGroup",
"ram:SetPasswordPolicy",
"ram:UpdateLoginProfile",
"rds:MigrateSecurityIPMode",
"rds:ModifyActionEventPolicy",
"rds:ModifySQLCollectorPolicy",
"rds:ModifySQLCollectorRetention",
"rds:TagResources",
"rds:ModifySecurityIps",
"rds:DescribeBackupPolicy",
"rds:DescribeDBInstanceIPArrayList",
"rds:DescribeDBInstanceNetInfo",
"rds:ReleaseInstancePublicConnection",
"rds:ModifyDBInstanceMaintainTime",
"rds:ModifyBackupPolicy",
"rds:ModifyDBInstanceDeletionProtection",
"rds:RenewInstance",
"resourcemanager:GetResourceGroup",
"resourcemanager:MoveResources",
"sas:DescribeCloudCenterInstances",
"sas:OperateAgentClientInstall",
"sas:DescribeAgentInstallStatus",
"slb:DescribeLoadBalancerAttribute",
"slb:SetLoadBalancerDeleteProtection",
"slb:SetLoadBalancerModificationProtection",
"slb:TagResources",
"tag:ListTagResources",
"tag:TagResources",
"tag:UntagResources",
"vpc:TagResources",
"vpc:DescribeNatGateways",
"vpc:DescribeForwardTableEntries",
"vpc:DeleteForwardEntry",
"vpc:DeletionProtection",
"yundun-cloudfirewall:DescribeDefaultIPSConfig",
"yundun-cloudfirewall:ModifyDefaultIPSConfig",
"yundun-ddoscoo:Describe*",
"yundun-ddoscoo:ModifyWebAIProtectSwitch",
"yundun-ddoscoo:ModifyWebAIProtectMode",
"yundun-sas:DescribeCloudCenterInstances",
"yundun-sas:OperateAgentClientInstall",
"yundun-sas:DescribeAgentInstallStatus",
"yundun-waf:ModifyLogServiceStatus",
"yundun-waf:ModifyProtectionModuleStatus",
"apigateway:DescribeApi",
"apigateway:AbolishApi",
"apigateway:DescribeApiGroups",
"apigateway:ModifyApiGroupNetworkPolicy",
"apigateway:ModifyInstanceAttribute",
"apigateway:ModifyApi",
"apigateway:TagResources",
"*:TagResources",
"*:UntagResources",
"*:ListTagResources",
"*:MoveResources",
"*:MoveResourceGroup",
"*:ModifyResourceGroup",
"*:ChangeResourceGroup",
"vpc:TagResourcesForExpressConnect",
"vpc:UntagResourcesForExpressConnect",
"vpc:ListTagResourcesForExpressConnect"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:PassRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"acs:Service": [
"composer.aliyuncs.com",
"oos.aliyuncs.com"
]
}
}
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "remediation.config.aliyuncs.com"
}
}
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "r-kvstore.aliyuncs.com"
}
}
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "systemeventoperator.oos.aliyuncs.com"
}
}
}
]
}