服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
---|---|---|---|
云应用 | CLOUDAPP_QCSLinkedRoleInDeployResource | 服务相关角色 | deployresource.cloudapp.cloud.tencent.com |
CLOUDAPP_QCSLinkedRoleInDeployResource
使用场景: 当前角色为云应用(Cloudapp)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源
权限策略
- 策略名称: QcloudAccessForCLOUDAPPRoleInDeployResource
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "resource": "*", "action": [ "vpc:CreateVpc", "vpc:CreateAssistantCidr", "vpc:DeleteVpc", "vpc:DescribeVpcEx", "vpc:CreateSubnet", "vpc:DescribeSubnetEx", "vpc:ModifySubnetAttribute", "vpc:ReplaceRouteTableAssociation", "vpc:DeleteSubnet", "cdb:CreateDBInstanceHour", "cdb:IsolateDBInstance", "cdb:OfflineIsolatedInstances", "cdb:DescribeDBInstances", "cos:PutBucket", "cos:PutBucketACL", "cos:GetBucket", "cos:GetBucketACL", "cos:DeleteBucket", "cos:HeadBucket", "cos:PutBucketCORS", "cos:GetBucketCORS", "cos:GetBucketWebsite", "cvm:DescribeInstances", "cvm:DescribeInstancesStatus", "cvm:DescribeInstances", "cvm:TerminateInstances", "cvm:RunInstances", "cvm:TerminateDisks", "cvm:DescribeCbsStorages", "cvm:CreateCbsStorages", "cvm:AttachDisks", "cvm:DetachCbsStorages", "cvm:CreateSecurityGroup", "cvm:DescribeSecurityGroups", "cvm:DescribeSecurityGroupAssociateInstances", "cvm:DeleteSecurityGroup", "cvm:DescribeImages", "tke:DescribeClusterReleases", "tke:DescribeClusterPendingReleases", "tke:CreateClusterRelease", "tke:UpgradeClusterRelease", "tke:UninstallClusterRelease", "tke:CreateCluster", "tke:DescribeClusters", "tke:DescribeClusterReleaseDetails", "apigw:CreateService", "apigw:UnReleaseService", "apigw:DeleteService", "apigw:DescribeService", "apigw:DescribeApi", "apigw:CreateApiApp", "apigw:UnReleaseService", "apigw:DeleteApiApp", "apigw:ReleaseService", "apigw:BindApiApp", "apigw:CreateApi", "apigw:UnbindApiApp", "apigw:DeleteApi", "clb:DescribeLoadBalancersDetail", "clb:CreateLoadBalancer", "clb:ModifyLoadBalancerAttributes", "clb:DeleteLoadBalancer", "clb:SetLoadBalancerSecurityGroups", "clb:DescribeTaskStatus", "clb:DescribeListeners", "clb:DeleteRule", "clb:CreateRule", "clb:DescribeTargets", "clb:DeregisterTargets", "clb:DescribeRewrite", "clb:DeleteRewrite", "clb:CreateTopic", "clb:ModifyTargetGroupAttribute", "clb:RegisterTargetGroupInstances", "clb:DeregisterTargetGroupInstances", "clb:DeleteTargetGroups", "clb:DescribeTargetGroups", "clb:DescribeTargetGroupInstances", "clb:AssociateTargetGroups", "clb:DisassociateTargetGroups", "clb:ModifyTargetGroupInstancesWeight", "clb:DescribeLoadBalancers", "redis:CreateInstances", "redis:DescribeInstances", "redis:ModifyInstance", "redis:DescribeInstanceSecurityGroup", "redis:DestroyPostpaidInstance", "cvm:CreateSecurityGroupPolicy", "tke:DeleteCluster", "tag:TagResources", "tag:UnTagResources", "cam:PassRole", "cdb:CreateDBInstance", "tke:DescribeClusterInstances", "redis:CleanUpInstance", "redis:DestroyPrepaidInstance", "es:CreateInstance", "es:DeleteInstance", "es:DescribeInstances", "postgres:CreateInstances", "postgres:IsolateDBInstances", "postgres:DestroyDBInstance", "postgres:DescribeDBInstanceAttribute", "cetcd:CreateEtcdInstance", "cetcd:DeleteEtcdInstance", "cetcd:DescribeEtcdInstances", "tke:DeleteClusterInstances", "tke:AddExistedInstances", "tke:CreateClusterInstances", "privatedns:DescribePrivateZoneService", "privatedns:SubscribePrivateZoneService", "privatedns:CreatePrivateZone", "privatedns:DeletePrivateZone", "privatedns:CreatePrivateZoneRecord", "privatedns:DeletePrivateZoneRecord", "privatedns:DescribePrivateZoneList", "privatedns:DescribePrivateZoneRecordList", "privatedns:ModifyPrivateZoneVpc", "redis:DestroyPostpaidInstance", "clb:CreateListener", "clb:DeleteListener", "mongodb:CreateDBInstanceHour", "mongodb:CreateDBInstance", "mongodb:DescribeDBInstances", "mongodb:IsolateDBInstance", "mongodb:OfflineIsolatedDBInstance", "sqlserver:CreateBasicDBInstances", "sqlserver:CreateDBInstances", "sqlserver:DescribeDBInstances", "sqlserver:CreateReadOnlyDBInstances", "sqlserver:DescribeOrders", "sqlserver:DescribeReadOnlyGroupByReadOnlyInstance", "sqlserver:TerminateDBInstance", "sqlserver:DeleteDBInstance", "tdmq:CreateRabbitMQVipInstance", "tdmq:DescribeRabbitMQVipInstance", "tdmq:DescribeRabbitMQVipInstances", "tdmq:DeleteRabbitMQVipInstance", "cls:CreateLogset", "cls:DescribeLogsets", "cls:DeleteLogset", "cls:CreateTopic", "cls:DescribeTopics", "cls:DeleteTopic", "monitor:CreatePrometheusMultiTenantInstancePostPayMode", "monitor:DescribePrometheusInstanceDetail", "monitor:DescribePrometheusInstances", "monitor:DestroyPrometheusInstance", "monitor:TerminatePrometheusInstances", "monitor:CreateGrafanaInstance", "monitor:DescribeGrafanaInstances", "monitor:DeleteGrafanaInstance", "monitor:CleanGrafanaInstance", "ssl:ApplyCertificate", "ssl:DescribeCertificates", "ssl:DescribeCertificateDetail", "ssl:DeleteCertificate", "ssl:RevokeCertificate", "ssl:CreateCertificate", "ssl:UploadCertificate", "cdn:AddCdnDomain", "cdn:DescribeDomainsConfig", "cdn:StopCdnDomain", "cdn:DeleteCdnDomain", "clb:RegisterTargets", "vpc:DisassociateNatGatewayAddress", "trocket:CreateInstance", "trocket:DescribeInstance", "trocket:DeleteInstance", "cvm:AllocateAddresses", "cvm:DescribeAddresses", "cvm:DisassociateAddress", "cvm:ReleaseAddresses", "tke:DeleteClusterInstances", "vpc:DescribeNatGatewaySourceIpTranslationNatRules", "vpc:CreateNatGatewaySourceIpTranslationNatRule", "vpc:DeleteNatGatewaySourceIpTranslationNatRule", "vpc:CreateNatGateway", "vpc:DescribeNatGateways", "vpc:DeleteNatGateway", "vpc:RefreshDirectConnectGatewayRouteToNatGateway", "cfs:CreateCfsFileSystem", "cfs:DescribeCfsFileSystems", "cfs:DeleteCfsFileSystem", "vpc:CreateNatGatewayDestinationIpPortTranslationNatRule", "vpc:DeleteNatGatewayDestinationIpPortTranslationNatRule", "vpc:DescribeNatGatewayDestinationIpPortTranslationNatRules", "vpc:CreateRouteTable", "vpc:DeleteRouteTable", "vpc:DescribeRouteTables", "vpc:CreateRoute", "vpc:DeleteRoutes", "vpc:DescribeRouteTable", "vpc:AssociateAddress", "cfs:CreateCfsSnapshot", "cfs:DeleteCfsSnapshot", "cfs:DescribeCfsSnapshots", "cfs:CreateCfsPGroup", "cfs:DeleteCfsPGroup", "cfs:DescribeCfsPGroups", "cfs:CreateCfsRule", "cfs:DeleteCfsRule", "cfs:DescribeCfsRules", "cfs:CreateAutoSnapshotPolicy", "cfs:DeleteAutoSnapshotPolicy", "cfs:DescribeAutoSnapshotPolicies", "cfs:BindAutoSnapshotPolicy", "cfs:UnbindAutoSnapshotPolicy", "cfs:DescribeAutoSnapshotPolicies", "cfs:SetUserQuota", "cfs:DeleteUserQuota", "cfs:DescribeUserQuota", "ckafka:CreatePostPaidInstance", "ckafka:DeleteInstancePost", "ckafka:CreateInstancePre", "ckafka:DeleteInstancePre", "ckafka:DescribeInstances", "ckafka:DescribeInstancesDetail", "ckafka:CreateTopic", "ckafka:DeleteTopic", "ckafka:DescribeTopicDetail", "ckafka:CreateUser", "ckafka:DeleteUser", "ckafka:DescribeUser", "ckafka:CreateRoute", "ckafka:DeleteRoute", "ckafka:DescribeRoute", "ckafka:CreateAcl", "ckafka:DeleteAcl", "ckafka:DescribeACL", "ckafka:CreateAclRule", "ckafka:DeleteAclRule", "ckafka:DescribeAclRule", "ckafka:CreateConnectResource", "ckafka:DeleteConnectResource", "ckafka:DescribeConnectResource", "ckafka:CreateConsumer", "ckafka:DeleteGroup", "ckafka:DescribeConsumerGroup", "ckafka:CreateDatahubTopic", "ckafka:DeleteDatahubTopic", "ckafka:DescribeDatahubTopic", "ckafka:CreateDatahubTask", "ckafka:DeleteDatahubTask", "ckafka:DescribeDatahubTask", "ckafka:InquireCkafkaPrice", "cvm:ModifyAddressesBandwidth", "cvm:AssociateAddress", "vpc:AssociateRouteTable", "tke:DescribeClusterSecurity", "tke:DescribeClusterVirtualNode", "tke:DescribeClusterEndpointStatus", "tke:CreateClusterEndpoint", "tke:DeleteClusterEndpoint", "tke:ModifyClusterEndpointSP", "sqlserver:CreateCloudDBInstances", "cdwch:DescribeInstancesNew", "cdwch:CreateInstanceNew", "cdwch:OpenBackUp", "cdwch:DescribeBackUpSchedule", "cdwch:CreateBackUpSchedule", "cdwch:TerminateInstance" ] }, { "effect": "allow", "action": "finance:trade", "resource": [ "qcs::cvm:::*", "qcs::postgres:::*", "qcs::redis:::*", "qcs::es:::*", "qcs::cdb:::*", "qcs::mongodb:::*", "qcs::sqlserver:::*", "qcs::tdmq:::*", "qcs::cls:::*", "qcs::monitor:::*", "qcs::ssl:::*", "qcs::clb:::*", "qcs::cdn:::*", "qcs::trocket:::*", "qcs::cdwch:::*" ] } ] }