服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
---|---|---|---|
Web 应用防火墙 | WAF_QCSLinkedRoleInCLS | 服务相关角色 | cls.waf.cloud.tencent.com |
Web 应用防火墙 | WAF_QCSLinkedRoleInAccess | 服务相关角色 | access.waf.cloud.tencent.com |
Web 应用防火墙 | WAF_QCSLinkedRoleInCKafka | 服务相关角色 | ckafka.waf.cloud.tencent.com |
WAF_QCSLinkedRoleInCLS
使用场景: 当前角色为Web应用防火墙(WAF)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForWAFLinkedRoleInCLS
- 策略内容:
{ "version": "2.0", "statement": [ { "action": [ "cls:getLogset", "cls:listLogset", "cls:getTopic", "cls:listTopic", "cls:UploadLog", "cls:SearchLog", "cls:searchLog", "cls:pushLog", "cls:pullLogs", "cls:GetLog", "cls:CreateLogset", "cls:createLogset", "cls:CreateTopic", "cls:createTopic", "cls:CreateIndex", "cls:ModifyIndex", "cls:modifyIndex", "cls:DescribeIndex", "monitor:GetMonitorData" ], "resource": "*", "effect": "allow" } ] }
WAF_QCSLinkedRoleInAccess
使用场景: 当前角色为Web应用防火墙(WAF)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForWAFLinkedRoleInAccess
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "dnspod:*", "ssl:*", "clb:*", "vpc:DescribeAddress", "vpc:CreateAddress", "cvm:DescribeSecurityGroups", "cvm:CreateSecurityGroupPolicy", "cvm:CreateSecurityGroup", "cvm:DescribeSecurityGroupPolicys", "cvm:DescribeInstances", "cvm:AssociateSecurityGroups", "cvm:ModifyInstancesAttribute" ], "resource": [ "*" ] } ] }
WAF_QCSLinkedRoleInCKafka
使用场景: 当前角色为Web应用防火墙(WAF)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForWAFLinkedRoleInCKafka
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "resource": [ "*" ], "action": [ "ckafka:DescribeInstanceAttributes", "ckafka:DescribeTopicAttributes", "ckafka:DescribeUser", "ckafka:GetInstanceAttributes", "ckafka:GetTopicAttributes", "ckafka:DescribeTopicDetail", "ckafka:GetInstanceAttributes", "ckafka:GetTopicAttributes", "ckafka:DescribeInstances", "ckafka:DescribeInstancesDetail", "ckafka:DescribeRoute", "ckafka:DescribeTopic", "ckafka:ListRoute", "ckafka:ListTopic", "monitor:GetMonitorData" ] } ] }