AliyunServiceRolePolicyForGovernanceNetworkBlueprint 是专用于服务关联角色的授权策略,会在创建服务关联角色 AliyunServiceRoleForGovernanceNetworkBlueprint 时自动授权,以允许服务关联角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务关联角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2022-09-26 03:32:22
更新时间:2023-08-29 06:56:57
当前版本:v6
策略内容
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"vpc:CreateVpc",
"vpc:DescribeVpcs",
"vpc:ModifyVpcAttribute",
"vpc:CreateVSwitch",
"vpc:ModifyVSwitchAttribute",
"vpc:DescribeVSwitchAttributes",
"vpc:DeletionProtection",
"vpc:CreateCommonBandwidthPackage",
"vpc:DescribeCommonBandwidthPackages",
"vpc:ModifyCommonBandwidthPackageSpec",
"vpc:AddCommonBandwidthPackageIp",
"vpc:CreateNatGateway",
"vpc:DescribeNatGateways",
"vpc:ModifyNatGatewayAttribute",
"vpc:ModifyNatGatewaySpec",
"vpc:UpdateNatGatewayNatType",
"vpc:CreateSnatEntry",
"vpc:GrantInstanceToCen",
"vpc:AllocateEipAddress",
"vpc:DescribeEipAddresses",
"vpc:ModifyEipAddressAttribute",
"vpc:AssociateEipAddress",
"vpc:DescribeGrantRulesToCen",
"vpc:ListTagResources",
"vpc:DeleteVpc",
"vpc:DeleteVSwitch",
"vpc:DeleteNatGateway",
"vpc:UnassociateEipAddress",
"vpc:DeleteSnatEntry",
"vpc:ReleaseEipAddress",
"vpc:RemoveCommonBandwidthPackageIp",
"vpc:DeleteCommonBandwidthPackage",
"vpc:RevokeInstanceFromCen",
"vpc:DescribeRouteTableList",
"vpc:DescribeSnatTableEntries",
"vpc:CreateRouteEntry",
"vpc:DescribeRouteTables"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cen:CreateCen",
"cen:DescribeCens",
"cen:ModifyCenAttribute",
"cen:UntagResources",
"cen:TagResources",
"cen:CreateTransitRouter",
"cen:ListTransitRouters",
"cen:UpdateTransitRouter",
"cen:CreateTransitRouterVpcAttachment",
"cen:ListTransitRouterVpcAttachments",
"cen:UpdateTransitRouterVpcAttachmentAttribute",
"cen:UpdateTransitRouterVpcAttachmentZones",
"cen:OpenTransitRouterService",
"cen:CheckTransitRouterService",
"cen:ListTransitRouterRouteTables",
"cen:AssociateTransitRouterAttachmentWithRouteTable",
"cen:ListTransitRouterRouteTableAssociations",
"cen:EnableTransitRouterRouteTablePropagation",
"cen:ListTransitRouterRouteTablePropagations",
"cen:ListTransitRouterRouteEntries",
"cen:CreateTransitRouterRouteEntry",
"cen:DeleteCen",
"cen:DeleteTransitRouter",
"cen:DeleteTransitRouterRouteEntry",
"cen:DeleteTransitRouterVpcAttachment",
"cen:DissociateTransitRouterAttachmentFromRouteTable",
"cen:DisableTransitRouterRouteTablePropagation",
"cen:ListTagResources"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"cen.aliyuncs.com",
"nat.aliyuncs.com"
]
}
}
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "blueprint-network.governance.aliyuncs.com"
}
}
},
{
"Effect": "Allow",
"Action": "ram:GetRole",
"Resource": "acs:ram:*:*:role/aliyunserviceroleforcen"
},
{
"Effect": "Allow",
"Action": "ram:ListRoles",
"Resource": "acs:ram:*:*:role/*"
}
]
}