服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
---|---|---|---|
弹性微服务 | TEM_QCSLinkedRoleInTEMAPI | 服务相关角色 | temapi.tem.cloud.tencent.com |
弹性微服务 | TEM_QCSLinkedRoleInTEMLog | 服务相关角色 | cvm.qcloud.com temlog.tem.cloud.tencent.com |
弹性微服务 | TEM_QCSLinkedRoleInAccessCluster | 服务相关角色 | accesscluster.tem.cloud.tencent.com |
弹性微服务 | TEM_QCSLinkedRoleInAccessResourceService | 服务相关角色 | accessresourceservice.tem.cloud.tencent.com |
TEM_QCSLinkedRoleInTEMAPI
使用场景: 当前角色为弹性微服务(TEM)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForTEMLinkedRoleInTEMApi
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "resource": [ "*" ], "action": [ "apm:CreatePAASInstance", "apm:DescribeApmAgent", "apm:DescribeTopology", "apm:DeletePAASInstance", "apm:DescribePAASTopology", "tcb:CreateCloudBaseRunServerVersionWithMicroService" ] } ] }
TEM_QCSLinkedRoleInTEMLog
使用场景: 当前角色为弹性微服务(TEM)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForTEMLinkedRoleInTEMLog
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "resource": [ "*" ], "action": [ "cls:listTopic", "cls:getTopic", "cls:createTopic", "cls:modifyTopic", "cls:listMachineGroup", "cls:getMachineGroup", "cls:createMachineGroup", "cls:modifyMachineGroup", "cls:deleteMachineGroup", "cls:getMachineStatus", "cls:pushLog", "cls:agentHeartBeat", "cls:getConfig" ] } ] }
TEM_QCSLinkedRoleInAccessCluster
使用场景: 当前角色为弹性微服务(TEM)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForTEMLinkedRoleInAccessCluster
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "tse:DescribeSREInstances", "tse:DescribeSREInstanceAccessAddress", "tse:DescribeSREGlobalConfigs", "tke:DescribeClusters", "tcr:CreateNamespacePersonal", "tcr:DeleteNamespacePersonal", "tcr:DescribeRepositoryOwnerPersonal", "tcr:DeleteRepositoryPersonal", "tcr:DeleteImagePersonal", "tcr:CreateRepositoryPersonal", "tcr:BatchDeleteRepositoryPersonal", "tcr:BatchDeleteImagePersonal", "tcr:CreateInstanceToken", "tcr:DescribeInstanceToken", "tcr:DeleteInstanceToken", "tcr:DescribeRepositories", "tcr:PullRepository", "tcr:PullRepositoryPersonal", "cls:searchLog", "cls:getTopic", "cls:getIndex", "cls:CreateIndex", "cls:modifyIndex", "cls:DeleteIndex", "cfs:DescribeCfsFileSystems", "cfs:DescribeMountTargets", "vpc:DescribeSubnetEx", "vpc:DescribeSubnet", "apm:CreateApmInstance", "apm:ModifyApmInstance", "apm:TerminateApmInstance", "apm:CreatePAASInstance", "apm:DeletePAASInstance", "apm:DescribeApmAgent", "apm:DescribeTopologyMetricLineData", "apm:DescribeMetricLineData", "apm:DescribeServiceOverview", "apm:DescribeMetricRecords", "cam:GetRole", "tcr:DescribeInternalEndpoints", "tcr:DescribeInternalEndpointDnsStatus", "tcr:CreateInternalEndpointDns", "tcr:DuplicateImagePersonal", "tcr:DescribeInstances", "tcr:CreateInstance", "tcr:DescribeNamespaces", "tcr:CreateNamespace", "tcr:CreateRepository", "tcr:DescribeRepositories", "tcr:ManageInternalEndpoint", "tcr:PushRepository", "tcr:PushRepositoryPersonal", "monitor:DescribePrometheusInstances", "monitor:UpgradeGrafanaDashboard", "vpc:CreateVpc", "vpc:CreateSubnet", "vpc:DescribeVpcEx", "vpc:DeleteNatGateway", "vpc:CreateNatGateway", "vpc:CreateRoute", "vpc:EnableRoutes", "vpc:DeleteRoute", "vpc:DescribeNatGateways", "vpc:DescribeRouteTable", "cvm:ReleaseAddresses", "monitor:TerminatePrometheusInstances", "monitor:CreatePrometheusMultiTenantInstancePostPayMode" ], "resource": [ "*" ] } ] }
TEM_QCSLinkedRoleInAccessResourceService
使用场景: 当前角色为弹性微服务(TEM)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForTEMLinkedRoleInAccessResourceService
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "tcb:DescribeCloudBaseGWAPI", "tcb:DescribeCloudBaseRunServer", "tcb:DescribeCloudBaseRunServers", "tcb:DescribeCloudBaseRunServerVersion", "tcb:DescribeEnvLimit", "tcb:DescribeCloudBaseRunPodList", "tcb:DescribeICPResources", "tcb:DescribePostPackage", "tcb:DescribeCloudBaseGWService", "tcb:DescribeCurveData", "tcb:SearchClsLog", "tcb:DescribeCloudBaseRunImages", "tcb:DescribeCloudBaseRunServerFlowConf", "tcb:CreateCloudBaseRunServerVersion", "tcb:CreateCloudBaseGWAPI", "tcb:ModifyCloudBaseGWAPIPublicAccess", "tcb:ModifyCloudBaseGWAPIAccessType", "tcb:ModifyCloudBaseRunServerVersion", "tcb:CreatePostpayPackage", "tcb:DeleteCloudBaseRunImageRepo", "tcb:DeleteCloudBaseRunServer", "tcb:DeleteCloudBaseRunServerVersion", "tcb:EstablishCloudBaseRunServer", "tcb:ModifyCloudBaseRunServerFlowConf", "tcb:RollUpdateCloudBaseRunServerVersion", "tcb:DescribeEnvs", "tcb:DestroyEnv", "tcb:CheckTcbService", "tcb:ModifyEnv", "tcb:DescribeCloudBaseRunVersionException" ], "resource": [ "*" ] } ] }