服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
| CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
|---|---|---|---|
| 云应用 | CLOUDAPP_QCSLinkedRoleInDeployResource | 服务相关角色 | deployresource.cloudapp.cloud.tencent.com |
CLOUDAPP_QCSLinkedRoleInDeployResource
使用场景: 当前角色为云应用(Cloudapp)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源
权限策略
- 策略名称: QcloudAccessForCLOUDAPPRoleInDeployResource
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "resource": "*", "action": [ "vpc:CreateVpc", "vpc:CreateAssistantCidr", "vpc:DeleteVpc", "vpc:DescribeVpcEx", "vpc:CreateSubnet", "vpc:DescribeSubnetEx", "vpc:ModifySubnetAttribute", "vpc:ReplaceRouteTableAssociation", "vpc:DeleteSubnet", "cdb:CreateDBInstanceHour", "cdb:IsolateDBInstance", "cdb:OfflineIsolatedInstances", "cdb:DescribeDBInstances", "cos:PutBucket", "cos:PutBucketACL", "cos:GetBucket", "cos:GetBucketACL", "cos:DeleteBucket", "cos:HeadBucket", "cos:PutBucketCORS", "cos:GetBucketCORS", "cos:GetBucketWebsite", "cvm:DescribeInstances", "cvm:DescribeInstancesStatus", "cvm:DescribeInstances", "cvm:TerminateInstances", "cvm:RunInstances", "cvm:TerminateDisks", "cvm:DescribeCbsStorages", "cvm:CreateCbsStorages", "cvm:AttachDisks", "cvm:DetachCbsStorages", "cvm:CreateSecurityGroup", "cvm:DescribeSecurityGroups", "cvm:DescribeSecurityGroupAssociateInstances", "cvm:DeleteSecurityGroup", "cvm:DescribeImages", "tke:DescribeClusterReleases", "tke:DescribeClusterPendingReleases", "tke:CreateClusterRelease", "tke:UpgradeClusterRelease", "tke:UninstallClusterRelease", "tke:CreateCluster", "tke:DescribeClusters", "tke:DescribeClusterReleaseDetails", "apigw:CreateService", "apigw:UnReleaseService", "apigw:DeleteService", "apigw:DescribeService", "apigw:DescribeApi", "apigw:CreateApiApp", "apigw:UnReleaseService", "apigw:DeleteApiApp", "apigw:ReleaseService", "apigw:BindApiApp", "apigw:CreateApi", "apigw:UnbindApiApp", "apigw:DeleteApi", "clb:DescribeLoadBalancersDetail", "clb:CreateLoadBalancer", "clb:ModifyLoadBalancerAttributes", "clb:DeleteLoadBalancer", "clb:SetLoadBalancerSecurityGroups", "clb:DescribeTaskStatus", "clb:DescribeListeners", "clb:DeleteRule", "clb:CreateRule", "clb:DescribeTargets", "clb:DeregisterTargets", "clb:DescribeRewrite", "clb:DeleteRewrite", "clb:CreateTopic", "clb:ModifyTargetGroupAttribute", "clb:RegisterTargetGroupInstances", "clb:DeregisterTargetGroupInstances", "clb:DeleteTargetGroups", "clb:DescribeTargetGroups", "clb:DescribeTargetGroupInstances", "clb:AssociateTargetGroups", "clb:DisassociateTargetGroups", "clb:ModifyTargetGroupInstancesWeight", "clb:DescribeLoadBalancers", "redis:CreateInstances", "redis:DescribeInstances", "redis:ModifyInstance", "redis:DescribeInstanceSecurityGroup", "redis:DestroyPostpaidInstance", "cvm:CreateSecurityGroupPolicy", "tke:DeleteCluster", "tag:TagResources", "tag:UnTagResources", "cam:PassRole", "cdb:CreateDBInstance", "tke:DescribeClusterInstances", "redis:CleanUpInstance", "redis:DestroyPrepaidInstance", "es:CreateInstance", "es:DeleteInstance", "es:DescribeInstances", "postgres:CreateInstances", "postgres:IsolateDBInstances", "postgres:DestroyDBInstance", "postgres:DescribeDBInstanceAttribute", "cetcd:CreateEtcdInstance", "cetcd:DeleteEtcdInstance", "cetcd:DescribeEtcdInstances", "tke:DeleteClusterInstances", "tke:AddExistedInstances", "tke:CreateClusterInstances", "privatedns:DescribePrivateZoneService", "privatedns:SubscribePrivateZoneService", "privatedns:CreatePrivateZone", "privatedns:DeletePrivateZone", "privatedns:CreatePrivateZoneRecord", "privatedns:DeletePrivateZoneRecord", "privatedns:DescribePrivateZoneList", "privatedns:DescribePrivateZoneRecordList", "privatedns:ModifyPrivateZoneVpc", "redis:DestroyPostpaidInstance", "clb:CreateListener", "clb:DeleteListener", "mongodb:CreateDBInstanceHour", "mongodb:CreateDBInstance", "mongodb:DescribeDBInstances", "mongodb:IsolateDBInstance", "mongodb:OfflineIsolatedDBInstance", "sqlserver:CreateBasicDBInstances", "sqlserver:CreateDBInstances", "sqlserver:DescribeDBInstances", "sqlserver:CreateReadOnlyDBInstances", "sqlserver:DescribeOrders", "sqlserver:DescribeReadOnlyGroupByReadOnlyInstance", "sqlserver:TerminateDBInstance", "sqlserver:DeleteDBInstance", "tdmq:CreateRabbitMQVipInstance", "tdmq:DescribeRabbitMQVipInstance", "tdmq:DescribeRabbitMQVipInstances", "tdmq:DeleteRabbitMQVipInstance", "cls:CreateLogset", "cls:DescribeLogsets", "cls:DeleteLogset", "cls:CreateTopic", "cls:DescribeTopics", "cls:DeleteTopic", "monitor:CreatePrometheusMultiTenantInstancePostPayMode", "monitor:DescribePrometheusInstanceDetail", "monitor:DescribePrometheusInstances", "monitor:DestroyPrometheusInstance", "monitor:TerminatePrometheusInstances", "monitor:CreateGrafanaInstance", "monitor:DescribeGrafanaInstances", "monitor:DeleteGrafanaInstance", "monitor:CleanGrafanaInstance", "ssl:ApplyCertificate", "ssl:DescribeCertificates", "ssl:DescribeCertificateDetail", "ssl:DeleteCertificate", "ssl:RevokeCertificate", "ssl:CreateCertificate", "ssl:UploadCertificate", "cdn:AddCdnDomain", "cdn:DescribeDomainsConfig", "cdn:StopCdnDomain", "cdn:DeleteCdnDomain", "clb:RegisterTargets", "vpc:DisassociateNatGatewayAddress", "trocket:CreateInstance", "trocket:DescribeInstance", "trocket:DeleteInstance", "cvm:AllocateAddresses", "cvm:DescribeAddresses", "cvm:DisassociateAddress", "cvm:ReleaseAddresses", "tke:DeleteClusterInstances", "vpc:DescribeNatGatewaySourceIpTranslationNatRules", "vpc:CreateNatGatewaySourceIpTranslationNatRule", "vpc:DeleteNatGatewaySourceIpTranslationNatRule", "vpc:CreateNatGateway", "vpc:DescribeNatGateways", "vpc:DeleteNatGateway", "vpc:RefreshDirectConnectGatewayRouteToNatGateway", "cfs:CreateCfsFileSystem", "cfs:DescribeCfsFileSystems", "cfs:DeleteCfsFileSystem", "vpc:CreateNatGatewayDestinationIpPortTranslationNatRule", "vpc:DeleteNatGatewayDestinationIpPortTranslationNatRule", "vpc:DescribeNatGatewayDestinationIpPortTranslationNatRules", "vpc:CreateRouteTable", "vpc:DeleteRouteTable", "vpc:DescribeRouteTables", "vpc:CreateRoute", "vpc:DeleteRoutes", "vpc:DescribeRouteTable", "vpc:AssociateAddress", "cfs:CreateCfsSnapshot", "cfs:DeleteCfsSnapshot", "cfs:DescribeCfsSnapshots", "cfs:CreateCfsPGroup", "cfs:DeleteCfsPGroup", "cfs:DescribeCfsPGroups", "cfs:CreateCfsRule", "cfs:DeleteCfsRule", "cfs:DescribeCfsRules", "cfs:CreateAutoSnapshotPolicy", "cfs:DeleteAutoSnapshotPolicy", "cfs:DescribeAutoSnapshotPolicies", "cfs:BindAutoSnapshotPolicy", "cfs:UnbindAutoSnapshotPolicy", "cfs:DescribeAutoSnapshotPolicies", "cfs:SetUserQuota", "cfs:DeleteUserQuota", "cfs:DescribeUserQuota", "ckafka:CreatePostPaidInstance", "ckafka:DeleteInstancePost", "ckafka:CreateInstancePre", "ckafka:DeleteInstancePre", "ckafka:DescribeInstances", "ckafka:DescribeInstancesDetail", "ckafka:CreateTopic", "ckafka:DeleteTopic", "ckafka:DescribeTopicDetail", "ckafka:CreateUser", "ckafka:DeleteUser", "ckafka:DescribeUser", "ckafka:CreateRoute", "ckafka:DeleteRoute", "ckafka:DescribeRoute", "ckafka:CreateAcl", "ckafka:DeleteAcl", "ckafka:DescribeACL", "ckafka:CreateAclRule", "ckafka:DeleteAclRule", "ckafka:DescribeAclRule", "ckafka:CreateConnectResource", "ckafka:DeleteConnectResource", "ckafka:DescribeConnectResource", "ckafka:CreateConsumer", "ckafka:DeleteGroup", "ckafka:DescribeConsumerGroup", "ckafka:CreateDatahubTopic", "ckafka:DeleteDatahubTopic", "ckafka:DescribeDatahubTopic", "ckafka:CreateDatahubTask", "ckafka:DeleteDatahubTask", "ckafka:DescribeDatahubTask", "ckafka:InquireCkafkaPrice", "cvm:ModifyAddressesBandwidth", "cvm:AssociateAddress", "vpc:AssociateRouteTable", "tke:DescribeClusterSecurity", "tke:DescribeClusterVirtualNode", "tke:DescribeClusterEndpointStatus", "tke:CreateClusterEndpoint", "tke:DeleteClusterEndpoint", "tke:ModifyClusterEndpointSP", "sqlserver:CreateCloudDBInstances", "cdwch:DescribeInstancesNew", "cdwch:CreateInstanceNew", "cdwch:OpenBackUp", "cdwch:DescribeBackUpSchedule", "cdwch:CreateBackUpSchedule", "cdwch:TerminateInstance", "tse:CreateEngine", "tse:DescribeSREInstances", "tse:DeleteEngine", "cynosdb:CreateClusters", "cynosdb:DescribeClusterDetail", "cynosdb:DescribeInstanceDetail", "cynosdb:DescribeInstances", "cynosdb:DescribeMaintainPeriod", "cynosdb:DescribeClusterInstanceGrps", "cynosdb:DescribeDBSecurityGroups", "cynosdb:DescribeClusterParams", "cynosdb:IsolateCluster", "cynosdb:OfflineCluster", "cynosdb:CreateAccounts", "cynosdb:DescribeAccounts", "cynosdb:DeleteAccounts", "cynosdb:ModifyAccountPrivileges", "cynosdb:DescribeAccountAllGrantPrivileges", "cynosdb:CreateClusterDatabase", "cynosdb:DescribeClusterDetailDatabases", "cynosdb:ModifyClusterDatabase", "cynosdb:DeleteClusterDatabase", "cynosdb:CreateAuditLogFile", "cynosdb:DescribeAuditLogFiles", "cynosdb:DeleteAuditLogFile", "cynosdb:ModifyBinlogSaveDays", "cynosdb:DescribeBinlogSaveDays", "cynosdb:BindClusterResourcePackages", "cynosdb:UnbindClusterResourcePackages", "cynosdb:AddClusterSlaveZone", "cynosdb:RemoveClusterSlaveZone", "cynosdb:ExportInstanceErrorLogs", "cynosdb:ExportInstanceSlowQueries", "cynosdb:ModifyInstanceParam", "cynosdb:DescribeInstanceParams", "cynosdb:DescribeFlow", "cynosdb:CopyClusterPasswordComplexity", "cynosdb:ActivateInstance", "cynosdb:CreateParamTemplate", "cynosdb:DescribeParamTemplateDetail", "cynosdb:ModifyParamTemplate", "cynosdb:DeleteParamTemplate", "cynosdb:CreateProxy", "cynosdb:DescribeProxies", "cynosdb:SwitchProxyVpc", "cynosdb:ModifyProxyDesc", "cynosdb:UpgradeProxy", "cynosdb:CloseProxy", "cynosdb:CreateProxyEndPoint", "cynosdb:ModifyVipVport", "cynosdb:ModifyProxyRwSplit", "cynosdb:OpenReadOnlyInstanceExclusiveAccess", "cynosdb:AddInstances", "cynosdb:UpgradeInstance", "cynosdb:ModifyMaintainPeriodConfig", "cynosdb:ReloadBalanceProxyNode", "cynosdb:RestartInstance", "cynosdb:RollBackCluster", "cynosdb:ModifyDBInstanceSecurityGroups", "cynosdb:DisassociateSecurityGroups", "cynosdb:UpgradeProxyVersion", "cynosdb:OpenWan", "cynosdb:CloseWan", "wedata:CreateDataModel", "wedata:DeleteDataModel", "cfs:DescribeMountTargets", "ckafka:ModifyInstanceAttributes", "ckafka:ModifyGroupOffsets", "ckafka:ModifyConnectResource", "ckafka:ModifyAclRule", "ckafka:DescribeInstanceAttributes", "ckafka:ModifyPassword", "ckafka:DescribeTopicAttributes", "ckafka:CreateTopicIpWhiteList", "ckafka:CreatePartition", "ckafka:DeleteTopicIpWhiteList", "ckafka:DescribeConnectResources", "ckafka:DescribeDatahubTopics", "ckafka:DescribeDatahubGroupOffsets", "ckafka:DescribeDatahubTasks", "ckafka:DescribeGroup", "ckafka:DescribeGroupInfo", "ckafka:DescribeTaskStatus", "ckafka:DescribeTopicFlowRanking", "ckafka:DescribeTopicProduceConnection", "ckafka:DescribeTopicSubscribeGroup", "ckafka:DescribeTopicSyncReplica", "ckafka:DescribeCkafkaZone", "tke:CreateClusterVirtualNodePool", "tke:DescribeClusterVirtualNodePools", "tke:DeleteClusterVirtualNodePool", "tke:CreateClusterNodePool", "tke:DescribeClusterNodePoolDetail", "tke:DeleteClusterNodePool", "ckafka:CreateInstance", "cynosdb:ResumeServerless", "cynosdb:PauseServerless", "cynosdb:IsolateInstance", "cynosdb:OfflineInstance", "cynosdb:DescribeResourcesByDealName", "cynosdb:DescribeClusters", "tse:DescribeNacosServerInterfaces", "vpc:CreateVpcPeeringConnection", "vpc:DescribeVpcPeeringConnections", "vpc:DeleteVpcPeeringConnection", "vpc:AcceptVpcPeeringConnection", "tke:InstallAddon", "tke:GetTkeAppChartList", "tke:DescribeAddon", "tke:DescribeAddonValues", "tke:DeleteAddon", "as:CreateAutoScalingGroup", "as:CreateLaunchConfiguration", "as:DescribeLaunchConfigurations", "tse:DescribeSREInstanceAccessAddress", "mongodb:TerminateDBInstances", "as:DescribeAutoScalingGroups", "as:DescribeLaunchConfigurations", "hai:DescribeInstances", "hai:DescribeRegionInventory", "hai:RunInstances", "hai:TerminateInstances", "hai:DescribeRegions", "hai:ValidateAssumeRole", "clb:SetCustomizedConfigForLoadBalancer", "clb:DescribeCustomizedConfigList", "clb:DescribeCustomizedConfigAssociateList", "dcdb:DescribeDCDBInstances", "dcdb:DescribeDcnDetail", "dcdb:DescribeFlow", "dcdb:DescribeDCDBInstanceDetail", "dcdb:DescribeDBSecurityGroups", "dcdb:CreateDCDBInstance", "dcdb:InitDCDBInstances", "dcdb:DestroyDCDBInstance", "dcdb:IsolateDCDBInstance", "cdwch:ActionAlterCkUser", "cdwch:ModifyUserNewPrivilege", "cdwch:DescribeCkSqlApis", "cdwch:DestroyInstance", "as:DescribeAutoScalingInstances", "tke:CreateNodePool", "tke:DescribeNodePools", "tke:DeleteNodePool", "cvm:Describe*", "cvm:Inquiry*", "tat:CreateCommand", "tat:ModifyCommand", "tat:DeleteCommand", "tat:DescribeCommands", "tat:InvokeCommand", "tat:RunCommand", "tat:CancelInvocation", "tat:DescribeInvocations", "tat:CreateInvoker", "tat:ModifyInvoker", "tat:DeleteInvoker", "tat:DisableInvoker", "tat:EnableInvoker", "tat:DescribeInvokers", "tat:DescribeAutomationAgentStatus", "tat:DescribeInvokerRecords", "tat:DescribeInvocationTasks", "privatedns:DescribeRecord", "tke:DisableClusterAudit", "vpc:CreateHaVip", "vpc:DescribeHaVips", "vpc:ModifyHaVipAttribute", "vpc:DeleteHaVip", "vpc:CreateCcn", "vpc:ModifyCcnAttribute", "vpc:DescribeCcns", "vpc:DeleteCcn", "vpc:DescribeCcnAttachedInstances", "vpc:DescribeCcnRoutes", "vpc:SetCcnRegionBandwidthLimits", "vpc:GetCcnRegionBandwidthLimits", "vpc:DetachCcnInstances", "vpc:DescribeCcnRouteTableBroadcastPolicys", "vpc:CreateCcnRouteTables", "vpc:DescribeCcnRouteTables", "vpc:DeleteCcnRouteTables", "vpc:AssociateInstancesToCcnRouteTable", "vpc:DescribeRouteTableAssociatedInstances", "vpc:DescribeCcnRouteTableInputPolicys", "vpc:DescribeRouteTableSelectionPolicies", "vpc:EnableCcnRoutes", "vpc:DisableCcnRoutes", "vpc:AttachCcnInstances", "vpc:AcceptAttachCcnInstances", "vpc:RejectAttachCcnInstances", "vpc:ResetAttachCcnInstances", "vpc:ReplaceCcnRouteTableBroadcastPolicys", "vpc:ReplaceCcnRouteTableInputPolicys", "vpc:ModifyRouteTableSelectionPolicies", "vpc:ClearRouteTableSelectionPolicies", "trocket:DescribeTopicList", "trocket:DescribeConsumerGroupList", "trocket:DescribeRoleList", "trocket:DeleteTopic", "trocket:DeleteConsumerGroup", "trocket:DeleteRole", "vdb:CreateInstance", "vdb:DescribeInstances", "vdb:DescribeInstanceMaintenanceWindow", "vdb:DescribeInstance", "vdb:DescribeInstancePods", "vdb:DescribeInstanceProperties", "vdb:DescribeAccessKeys", "vdb:DescribeDBSecurityGroups", "vdb:DescribeSecurityGroupQuota", "vdb:DescribeEmbedding", "vdb:IsolateInstance", "vdb:DestroyInstances", "tcr:CreateInstance", "tcr:DescribeInstances", "tcr:ManageExternalEndpoint", "tcr:DescribeExternalEndpointStatus", "tcr:CreateMultipleSecurityPolicy", "tcr:CreateReplicationInstance", "tcr:DeleteReplicationInstance", "tcr:DescribeSecurityPolicies", "tcr:DeleteMultipleSecurityPolicy", "tcr:DescribeReplicationInstances", "tcr:DeleteInstance", "tcr:ModifyInstance", "tcr:RenewInstance", "tcr:CreateNamespace", "tcr:ModifyNamespace", "tcr:DescribeNamespaces", "tcr:DeleteNamespace", "tcr:CreateInstanceToken", "tcr:ModifyInstanceToken", "tcr:DescribeInstanceToken", "tcr:DeleteInstanceToken", "tcr:CreateServiceAccount", "tcr:ModifyServiceAccountPassword", "tcr:DescribeServiceAccounts", "tcr:ModifyServiceAccount", "tcr:DeleteServiceAccount" ] }, { "effect": "allow", "action": "finance:trade", "resource": [ "qcs::cvm:::*", "qcs::postgres:::*", "qcs::redis:::*", "qcs::es:::*", "qcs::cdb:::*", "qcs::mongodb:::*", "qcs::sqlserver:::*", "qcs::tdmq:::*", "qcs::cls:::*", "qcs::monitor:::*", "qcs::ssl:::*", "qcs::clb:::*", "qcs::cdn:::*", "qcs::trocket:::*", "qcs::cdwch:::*", "qcs::wedata:::*", "qcs::ckafka:::*", "qcs::cynosdb:::*", "qcs::hai:::*" ] } ] }
