服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
---|---|---|---|
私有网络 | VPC_QCSLinkedRoleInEipTat | 服务相关角色 | eiptat.vpc.cloud.tencent.com |
私有网络 | VPC_QCSLinkedRoleInSnapshot | 服务相关角色 | snapshot.vpc.cloud.tencent.com |
私有网络 | VPC_QCSLinkedRoleInVpcflowlog | 服务相关角色 | vpcflowlog.vpc.cloud.tencent.com |
私有网络 | VPC_QCSLinkedRoleInPrivateLink | 服务相关角色 | privatelink.vpc.cloud.tencent.com |
私有网络 | VPC_QCSLinkedRoleInFlowLogAdvanceAnalysis | 服务相关角色 | flowlogadvanceanalysis.vpc.cloud.tencent.com |
VPC_QCSLinkedRoleInEipTat
使用场景: 当前角色为私有网络(VPC)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForVpcLinkedRoleInEipTat
- 策略内容:
{ "statement": [ { "action": [ "tat:DescribeCommands", "tat:DescribeInvocations", "tat:DescribeInvocationTasks", "tat:CreateCommand", "tat:DeleteCommand", "tat:InvokeCommand", "tat:RunCommand" ], "effect": "allow", "resource": [ "*" ] } ], "version": "2.0" }
VPC_QCSLinkedRoleInSnapshot
使用场景: 当前角色为私有网络(VPC)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForVPCLinkedRoleInSnapshot
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "cos:GetService", "cos:HeadBucket", "cos:GetBucket", "cos:PutBucket", "cos:ListMultipartUploads", "cos:GetObject*", "cos:HeadObject", "cos:GetBucketObjectVersions", "cos:OptionsObject", "cos:ListParts", "cos:DeleteObject", "cos:PostObject", "cos:PostObjectRestore", "cos:PutObject*", "cos:InitiateMultipartUpload", "cos:UploadPart", "cos:UploadPartCopy", "cos:CompleteMultipartUpload", "cos:AbortMultipartUpload", "cos:DeleteMultipleObjects", "cos:AppendObject" ], "resource": "*" } ] }
VPC_QCSLinkedRoleInVpcflowlog
使用场景: 当前角色为私有网络(VPC)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForVPCLinkedRoleInVpcflowlog
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "resource": [ "*" ], "action": [ "ckafka:DescribeInstances", "ckafka:DescribeTopic", "ckafka:DescribeRoute", "ckafka:DeleteRoute", "ckafka:DescribeInstanceAttributes", "ckafka:DescribeInstancesDetail", "ckafka:CreateRoute" ] } ] }
VPC_QCSLinkedRoleInPrivateLink
使用场景: 当前角色为私有网络(VPC)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForVPCLinkedRoleInPrivateLink
- 策略内容:
{ "version": "2.0", "statement": [ { "action": [ "redis:DescribeInstances", "cdb:DescribeDBInstances", "clb:DescribeGatewayLoadBalancers" ], "resource": "*", "effect": "allow" } ] }
VPC_QCSLinkedRoleInFlowLogAdvanceAnalysis
使用场景: 当前角色为私有网络(VPC)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForVPCRoleInFlowLogAdvanceAnalysis
- 策略内容:
{ "version": "2.0", "statement": [ { "action": [ "cls:DescribeLogsets", "cls:CreateLogset", "cls:CreateTopic", "cls:DescribeTopics", "cls:DeleteTopic", "cls:DescribeIndex", "cls:ModifyIndex", "cls:CreateIndex", "cls:DeleteIndex", "cls:GetDashboard", "cls:CreateDashboard", "cls:DeleteDashboard", "cls:ModifyDashboard", "cls:ListDashboard", "cls:pushLog" ], "resource": "*", "effect": "allow" } ] }