服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
---|---|---|---|
Elasticsearch Service | ES_QCSLinkedRoleInAccessCos | 服务相关角色 | acesscos.es.cloud.tencent.com |
Elasticsearch Service | ES_QCSLinkedRoleInDataImport | 服务相关角色 | dataimport.es.cloud.tencent.com |
Elasticsearch Service | ES_QCSLinkedRoleInLogSyncCls | 服务相关角色 | logsynccls.es.cloud.tencent.com |
Elasticsearch Service | ES_QCSLinkedRoleInVpcOperate | 服务相关角色 | vpcoperate.es.cloud.tencent.com |
Elasticsearch Service | ES_QCSLinkedRoleInBeatsCollector | 服务相关角色 | beatscollector.es.cloud.tencent.com |
ES_QCSLinkedRoleInAccessCos
使用场景: 当前角色为检索服务(ES)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForEsLinkedRoleInCosAcess
- 策略内容:
{ "statement": [ { "action": [ "cos:GetBucket", "cos:HeadBucket", "cos:GetObject", "cos:HeadObject", "cos:PutObject", "cos:PostObject", "cos:InitiateMultipartUpload", "cos:ListMultipartUploads", "cos:ListParts", "cos:UploadPart", "cos:CompleteMultipartUpload", "cos:DeleteObject", "cos:DeleteMultipleObjects" ], "effect": "allow", "resource": "*" } ], "version": "2.0" }
ES_QCSLinkedRoleInDataImport
使用场景: 当前角色为 Elasticsearch Service(ES)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForESLinkedRoleInDataImport
- 策略内容:
{ "version": "2.0", "statement": [ { "action": [ "ckafka:DescribeInstancesDetail", "ckafka:DescribeInstances", "ckafka:CreateTopic", "ckafka:DescribeTopicDetail", "ckafka:DescribeTopic", "ckafka:DescribeRoute", "ckafka:CreateDatahubTopic", "ckafka:DescribeDatahubTopic", "ckafka:CreateConnectResource", "ckafka:DescribeConnectResource", "ckafka:CreateDatahubTask", "ckafka:DescribeDatahubTask", "tat:RunCommand", "tat:DescribeInvocations", "tat:DescribeAutomationAgentStatus", "tke:DescribeClusters", "tke:DescribeClusterReleases", "tke:CreateClusterRelease", "tke:UpgradeClusterRelease", "tke:UninstallClusterRelease", "tke:CancelClusterRelease", "ckafka:DeleteDatahubTopic", "ckafka:DeleteConnectResource", "ckafka:DeleteDatahubTask", "ckafka:DeleteDatahubGroup", "ckafka:ModifyGroupOffsets", "ckafka:ModifyDatahubResource", "cvm:DescribeInstances", "emr:DescribeClusterLogInfo", "emr:NotifyEmr" ], "resource": "*", "effect": "allow" } ] }
ES_QCSLinkedRoleInLogSyncCls
使用场景: 当前角色为Elasticsearch Serivce(ES)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForESLinkedRoleInLogSyncCls
- 策略内容:
{ "statement": [ { "action": [ "cls:ModifyTopic", "emr:AddClusterLogsToCls", "emr:RemoveClusterLogsToCls", "emr:DescribeInstances", "cls:RealtimeProducer" ], "effect": "allow", "resource": "*" } ], "version": "2.0" }
ES_QCSLinkedRoleInVpcOperate
使用场景: 当前角色为Elasticsearch Service (ES)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForESLinkedRoleInVpcOperate
- 策略内容:
{ "version": "1.0", "statement": [ { "action": [ "vpc:DescribeVpcEx", "vpc:DescribeSubnetEx", "vpc:CreateCcn", "vpc:AttachCcnInstances", "vpc:DeleteCcn", "vpc:DetachCcnInstances", "vpc:DescribeNetworkInterfaces", "vpc:CreateNetworkInterface", "vpc:DeleteNetworkInterface", "vpc:DescribeVpcTaskResult", "vpc:CreateVpcEndPoint", "vpc:DescribeVpcEndPoint", "vpc:ModifyVpcEndPointAttribute", "vpc:DeleteVpcEndPoint", "vpc:DisassociateVpcEndPointSecurityGroups", "cvm:DescribeSecurityGroups" ], "resource": "*", "effect": "allow" } ] }
ES_QCSLinkedRoleInBeatsCollector
使用场景: 当前角色为 Elasticsearch Service(ES)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForESLinkedRoleInBeatsCollector
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "tat:RunCommand", "tat:DescribeInvocations", "tat:DescribeAutomationAgentStatus", "tke:DescribeClusters", "tke:DescribeClusterReleases", "tke:CreateClusterRelease", "tke:UpgradeClusterRelease", "tke:UninstallClusterRelease", "tke:CancelClusterRelease", "cvm:DescribeInstances", "emr:DescribeClusterLogInfo", "emr:NotifyEmr" ], "resource": [ "*" ] } ] }