服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
---|---|---|---|
混沌演练平台 | CFG_QCSLinkedRoleInChaos | 服务相关角色 | chaos.cfg.cloud.tencent.com |
CFG_QCSLinkedRoleInChaos
使用场景: 当前角色为混沌演练平台(Chaotic Fault Generator)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForCFGLinkedRoleInChaos
- 策略内容:
{ "statement": [ { "action": [ "clb:DescribeTargets", "clb:BatchModifyTargetWeight", "clb:DescribeLoadBalancers", "clb:SetLoadBalancerSecurityGroups", "tat:DescribeAutomationAgentStatus", "tat:DescribeCommands", "tat:InvokeCommand", "tat:DescribeInvocations", "tat:RunCommand", "tat:DescribeInvocationTasks", "redis:DescribeInstances", "redis:KillMasterGroup", "cdb:DescribeDBInstances", "cdb:SwitchDBInstanceMasterSlave", "cdb:DescribeTasks", "cdb:ModifyInstanceParam", "cdb:DescribeInstanceParams", "cdb:DescribeInstanceParamRecords", "cvm:DescribeInstances", "cvm:RebootInstances", "cvm:StopInstances", "cvm:StartInstances", "monitor:CreateAlarmNotice", "monitor:DescribeAlarmHistories", "monitor:DescribeAlarmPolicies", "monitor:DescribeBaseMetrics", "monitor:GetMonitorData", "vpc:ResetNatGatewayConnection", "vpc:DescribeNatGateways", "vpc:ModifyNatGatewayAttribute", "cvm:CreateSecurityGroup", "cvm:DeleteSecurityGroup", "redis:DescribeInstanceZoneInfo", "redis:ChangeReplicaToMaster", "redis:DescribeTaskInfo", "redis:DisassociateSecurityGroups", "redis:AssociateSecurityGroups", "redis:ModifyDBInstanceSecurityGroups", "redis:DescribeDBSecurityGroups", "cvm:DescribeSecurityGroupAssociateInstances", "cdb:DisassociateSecurityGroups", "cdb:AssociateSecurityGroups", "cdb:ModifyDBInstanceSecurityGroups", "cdb:DescribeDBSecurityGroups", "cvm:AssociateSecurityGroups", "cvm:DisassociateSecurityGroups", "tke:DescribeClusterSecurity", "dbbrain:CreateKillTask", "dbbrain:CreateProxySessionKillTask", "tke:DescribeClusters", "clb:ModifyLoadBalancerAttributes", "redis:DescribeInstances", "redis:DescribeInstanceNodeInfo", "redis:DescribeInstanceParams", "redis:KillMasterGroup", "redis:SwitchProxy", "cdb:DescribeDBInstanceConfig", "mongodb:DescribeDBInstances", "mongodb:RestartNodes", "mongodb:DescribeDBInstanceNodeProperty", "mongodb:SwitchDBInstancePrimary", "mongodb:DescribeAsyncRequestInfo", "dc:ModifyDirectConnectTunnelUpOrDown", "dc:DescribeDirectConnectTunnels", "cvm:DescribeSecurityGroupLimits", "cvm:DescribeSecurityGroups", "cdb:InjectFatalErrorIntoInstance", "cdb:DescribeAsyncRequestInfo", "vpc:DescribeSubnets", "vpc:CreateNetworkAcl", "vpc:AssociateNetworkAclSubnets", "vpc:DisassociateNetworkAclSubnets", "vpc:DeleteNetworkAcl", "vpc:DescribeNetworkAcls", "dcdb:DescribeDCDBInstanceDetail", "dcdb:SwitchDBInstanceHA", "dcdb:DescribeFlow", "dcdb:DescribeDCDBInstances", "cynosdb:DescribeClusterDetail", "cynosdb:DescribeFlow", "cynosdb:SwitchClusterZone", "cynosdb:DescribeClusters", "cynosdb:DescribeInstanceDetail", "ckafka:InjectDownAttack", "ckafka:DescribeAttackAsyncRequestResult", "ckafka:DownAttackRollback", "ckafka:DescribeRollbackAsyncRequestResult", "pts:AbortJob", "pts:StartJob", "pts:DescribeJobs", "ckafka:DescribeAsyncResult", "ckafka:DescribeInstancesDetail", "ckafka:DelayMessage", "ckafka:DelayMessageRollback", "ckafka:BurnCPU", "ckafka:BurnDiskIO", "mariadb:Describe*", "mariadb:SwitchDBInstanceHA", "ckafka:DescribeInstances", "tag:DescribeResourcesByTagsUnion", "clb:DescribeTaskStatus", "postgres:DescribeDBInstances", "postgres:DescribeDBInstanceAttribute", "postgres:DescribeDBInstanceHAConfig", "postgres:SwitchDBInstancePrimary", "tse:DescribeCloudNativeAPIGatewayServices", "tse:DescribeCloudNativeAPIGatewayNodes", "tse:DescribeCloudNativeAPIGateways", "tse:DescribeCloudNativeAPIGateway", "tse:DescribeNativeGatewayServerGroups", "tse:RestartNativeGatewayInstanceNode", "tse:DescribeCloudNativeAPIGatewayLatestTaskPhases", "sqlserver:DescribeDBInstancesAttribute", "sqlserver:DescribeDBInstances", "sqlserver:DescribeFlowStatus", "sqlserver:SwitchCloudInstanceHA", "sqlserver:DescribeHASwitchLog", "sqlserver:DescribeReadOnlyGroupList", "sqlserver:DescribeReadOnlyGroupDetails", "advisor:CreatePushHunDunArchitecture", "advisor:DeletePushHunDunArchitecture", "advisor:DescribeArchitectureBindNode", "advisor:DescribeArchitectureNodeInstances", "advisor:DescribeArchitectureTaskSummary", "advisor:DescribeTaskStrategyRisks", "advisor:DescribeRoleStatus", "advisor:CreateScanMapTask", "advisor:DescribeArchitectureDiagram", "advisor:DownloadReportFileAsync", "advisor:DescribeDownloadTask", "advisor:DescribeConfig", "advisor:DescribeGroupAndProductInfos", "cdb:RestartDBInstances", "cdb:DescribeDBInstanceRebootTime", "redis:ModifyInstanceParams", "advisor:CreateArchScanTask", "advisor:DescribeArchitectureNodeRiskInfoV3", "advisor:DescribeNodeStrategyRiskInfo", "advisor:DescribeArchTaskStrategyRisks", "advisor:CreateArchScanReportFile", "advisor:DescribeArchAsync", "advisor:DescribeArchTaskResult", "advisor:DescribeNodeResources", "advisor:DescribeArchList", "advisor:DescribeArchScanIsFinish", "advisor:DescribeArchSvg", "advisor:DescribeArchSync", "clb:SetLoadBalancerStartStatus", "es:CheckOperation", "es:UpdateNodesStatus", "es:DescribeInstances", "es:GetTaskFlow", "es:DescribeViews", "live:DescribeLiveDomains", "live:DescribeLiveStreamOnlineList", "live:DropLiveStream", "live:ForbidLiveStream", "live:ResumeLiveStream", "live:DescribeLiveForbidStreamList", "live:SwitchBackupStream", "live:DropLiveBackupStream", "live:DescribeBackupStreamList", "tdmq:CreateRabbitMQChaosTask", "tdmq:RestoreRabbitMQCluster", "tdmq:DescribeRabbitMQ*", "cdb:DescribeClusterInfo", "vpc:CreateNetworkAclEntries", "tke:DescribeEKSClusterCredential", "advisor:DescribeArchScanReportArchiveInfo", "advisor:UpdateArchScanReportArchiveInfo", "cdb:DescribeRoGroups", "cdb:ModifyRoGroupInfo" ], "effect": "allow", "resource": [ "*" ] } ], "version": "2.0" }