服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
---|---|---|---|
SSL证书 | SSL_QCSLinkedRoleInCertificateWaf | 服务相关角色 | certificatewaf.ssl.cloud.tencent.com |
SSL证书 | SSL_QCSLinkedRoleInCertificateDependence | 服务相关角色 | certificatedependence.ssl.cloud.tencent.com |
SSL证书 | SSL_QCSLinkedRoleInReplaceLoadCertificate | 服务相关角色 | replaceloadcertificate.ssl.cloud.tencent.com |
SSL证书 | SSL_QCSLinkedRoleInCertificateCloudMonitor | 服务相关角色 | certificatecloudmonitor.ssl.cloud.tencent.com |
SSL证书 | SSL_QCSLinkedRoleInDescribeDeployedResources | 服务相关角色 | describedeployedresources.ssl.cloud.tencent.com |
SSL_QCSLinkedRoleInCertificateWaf
使用场景: 当前角色为SSL证书(SSL)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForSSLLinkedRoleInCertificateWaf
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "waf:DescribeSpartaProtectionList", "waf:DescribeSpartaProtectionInfo", "waf:DescribeUserInstances", "waf:DescribeUserQPS", "waf:DescribePeakPoints", "waf:AddSpartaProtection", "waf:DeleteSpartaProtection", "waf:ModifySpartaProtection", "waf:ModifyProtectionStatus", "waf:DescribeDomains" ], "resource": [ "*" ] } ] }
SSL_QCSLinkedRoleInCertificateDependence
使用场景: 当前角色为SSL证书(SSL)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForSSLLinkedRoleInCertificateDependence
- 策略内容:
{ "statement": [ { "action": [ "dnspod:CreateRecord", "dnspod:DescribeDomain", "dnspod:CreateDomain", "dnspod:DescribeRecordList", "dnspod:DeleteRecord", "dnspod:DescribeDomain", "dnspod:ModifyRecordStatus" ], "effect": "allow", "resource": "*" } ], "version": "2.0" }
SSL_QCSLinkedRoleInReplaceLoadCertificate
使用场景: 当前角色为SSL证书(SSL)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForSSLLinkedRoleInReplaceLoadCertificate
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "clb:ReplaceCertForLoadBalancers", "waf:DescribeCertificatedDomain", "waf:ModifyCertificatedDomain", "live:DescribeLiveDomainsByCerts", "live:ModifyLiveDomainCertBindings", "antiddos:DescribeL7RulesBySSLCertId", "antiddos:CreateL7RuleCerts", "clb:DescribeLoadBalancerListByCertId", "clb:DescribeLoadBalancers", "clb:DescribeListeners", "clb:ModifyListener", "clb:ModifyDomainAttributes", "clb:DescribeTaskStatus", "cos:GetBucketDomain", "cos:GetBucketDomainCertificate", "cos:GetService", "cos:PutBucketDomainCertificate", "tke:DescribeClusters", "tke:AcquireClusterAdminRole", "tke:AcquireEKSClusterAdminRole", "lighthouse:DescribeSupportHttpsInstances", "lighthouse:InstallCertificate", "lighthouse:DescribeInstallCertificateTasks", "vod:DescribeVodDomainsByCertIds", "vod:ModifyVodDomainCertBindings", "vod:UpdateCertForVodDomains", "clb:DescribeLoadBalancerCount", "teo:ModifyHostsCertificateByHosts", "teo:DescribeHostsByCertID", "tcb:DescribeEnvs", "tcb:DescribeCloudBaseGWService", "tcb:DescribeHostingDomain", "tcb:BindCloudBaseAccessDomain", "tcb:CreateHostingDomain", "tcb:ModifyCloudBaseAccessDomain", "tcb:ModifyHostingDomain", "tse:ModifyCloudNativeAPIGatewayCertificate", "tse:DescribeCloudNativeAPIGatewayCertificates", "tse:DescribeCloudNativeAPIGateways", "cdn:DescribeCdnDomainsByCerts", "cdn:UpdateDomainHttps", "tcm:DescribeMeshList", "tcm:DescribeIstioGatewayList", "tcm:ModifyGatewayCert" ], "resource": [ "*" ] } ] }
SSL_QCSLinkedRoleInCertificateCloudMonitor
使用场景: 当前角色为SSL 证书(SSL)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForSSLLinkedRoleInCertificateCloudMonitor
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "resource": [ "*" ], "action": [ "monitor:CreateAlarmPolicy", "monitor:DeleteAlarmPolicy", "monitor:DescribeAlarmPolicies", "monitor:ModifyAlarmPolicyStatus", "monitor:BindingPolicyObject", "monitor:UnBindingPolicyObject", "monitor:ModifyAlarmPolicyNotice", "monitor:CreateAlarmNotice", "monitor:DeleteAlarmNotices", "monitor:ModifyAlarmNotice", "monitor:DescribeAlarmNotices", "monitor:UnBindingAllPolicyObject" ] } ] }
SSL_QCSLinkedRoleInDescribeDeployedResources
使用场景: 当前角色为 SSL 证书(SSL)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForSSLLinkedRoleInDescribeDeployedResources
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "clb:ReplaceCertForLoadBalancers", "waf:DescribeCertificatedDomain", "waf:ModifyCertificatedDomain", "live:DescribeLiveDomainsByCerts", "live:ModifyLiveDomainCertBindings", "antiddos:DescribeL7RulesBySSLCertId", "antiddos:CreateL7RuleCerts", "clb:DescribeLoadBalancerListByCertId", "cdn:UpdateDomainsCertificate", "teo:DescribeHostsByCertID", "teo:ModifyHostsCertificateByHosts" ], "resource": [ "*" ] } ] }