服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
| CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
|---|---|---|---|
| 配置审计 | Config_QCSLinkedRoleInConfigRecorder | 服务相关角色 | configrecorder.config.cloud.tencent.com |
Config_QCSLinkedRoleInConfigRecorder
使用场景: 当前角色为配置审计(Config)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForConfigLinkedRoleInConfigRecorder
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "cvm:DescribeInstances", "cvm:DescribeCbsStorages", "cvm:DescribeSecurityGroups", "cvm:DescribeSecurityGroupPolicys", "cvm:AssociateSecurityGroups", "cvm:DisassociateSecurityGroups", "vpc:DescribeVpcEx", "vpc:DescribeVpcInstances", "vpc:DescribeSubnetEx", "cam:ListUsers", "cam:DescribeSafeAuthFlagColl", "cam:ListAccessKeys", "cam:ListGroupsForUser", "cam:ListAttachedUserAllPolicies", "cam:ListGroups", "cam:ListUsersForGroup", "cam:ListAttachedGroupPolicies", "cam:DescribeRoleList", "cam:ListAttachedRolePolicies", "cam:ListPolicies", "cam:ListEntitiesForPolicy", "cam:GetRole", "cam:GetUser", "cam:GetPolicy", "cam:GetGroup", "cos:GetService", "cos:GetBucket", "cos:PutObject", "cos:GetBucket", "cos:GetBucketACL", "cos:GetBucketVersioning", "cos:GetBucketLogging", "cos:GetBucketEncryption", "cos:GetBucketTagging", "cloudaudit:DescribeEvents", "cls:pushLog", "cls:DescribeTopics", "organization:DescribeOrganizationMembers", "organization:CreateOrgMemberProductServiceRole", "organization:DescribeOrganization", "scf:ListFunctions", "scf:Invoke", "cvm:DescribeSecurityGroupAssociateInstances", "clb:DescribeLoadBalancers", "clb:DescribeLoadBalancersDetail", "cam:GetSecurityLastUsed", "lighthouse:DescribeFirewallTemplates", "lighthouse:DescribeInstances", "lighthouse:DescribeBlueprints", "lighthouse:DescribeDisks", "lighthouse:DescribeDiskBackups", "lighthouse:DescribeFirewallTemplateRules", "lighthouse:DescribeSnapshots", "lighthouse:DescribeKeyPairs", "lighthouse:DescribeDomains", "lighthouse:DescribeDNSRecords", "lighthousedb:DescribeClusters", "lighthousedb:DescribeClusterDetail", "cdb:DescribeDBInstances", "tke:DescribeClusters", "tke:DescribeImageCaches", "tke:DescribeReservedInstances", "tke:DescribeImageRegistryCredentials", "domain:DescribeDomainList", "domain:DescribeDomainBaseInfo", "domain:DescribeDomain", "domain:BatchDescribeDomainDetail", "dnspod:DescribeDomainFilterList", "dnspod:DescribeDomain", "ssl:DescribeCertificate", "ssl:DescribeCertificates", "ssl:DescribeCertificateDetail", "ssl:DescribeCompanies", "ssl:DescribeManagers", "ssl:DescribeManagerDetail", "ssl:DescribeCSRSet", "ssl:DescribeCSR", "cdn:ListCdnDomains", "cdn:DescribeDomains", "cdn:DescribeDomainsConfig", "mongodb:DescribeDBInstances", "mongodb:DescribeInstanceDB", "domain:DescribeDomainNameList", "clb:DescribeLoadBalancers", "clb:DescribeLoadBalancersDetail", "redis:DescribeInstances", "ckafka:DescribeInstances", "ckafka:DescribeInstanceDetail", "ckafka:DescribeInstanceAttributes", "vod:DescribeSubAppIds", "cynosdb:DescribeInstances", "cynosdb:DescribeInstanceDetail", "vpc:DescribeAddresses", "vpc:DescribeVpnGateways", "vpc:DescribeVpnConnections", "waf:DescribeInstances", "as:DescribeLaunchConfigurations", "as:DescribeAutoScalingGroups", "cvm:DescribeAddresses", "lighthouse:DescribeFirewallTemplates", "lighthouse:DescribeInstances", "lighthouse:DescribeBlueprints", "lighthouse:DescribeDisks", "lighthouse:DescribeDiskBackups", "lighthouse:DescribeFirewallTemplateRules", "lighthouse:DescribeSnapshots", "lighthouse:DescribeKeyPairs", "lighthouse:DescribeDomains", "lighthouse:DescribeDNSRecords", "es:DescribeInstances", "tcr:DescribeInstances", "cls:DescribeLogsets", "cfs:DescribeCfsFileSystems", "cdwch:DescribeInstances", "cdwch:DescribeInstance", "cvm:DescribeSnapshots", "dts:DescribeSyncJobs", "tcaplusdb:DescribeClusters", "ssm:ListSecrets", "ssm:DescribeSecret", "scf:ListNamespaces", "cvm:DescribeKeyPairs", "cvm:DescribeInstancesStatus", "cvm:DescribeAutoSnapshotPolicies", "vpc:DescribeCcns", "vpc:DescribeNetworkAcls", "vpc:DescribeNatGateways", "vpc:DescribeSecurityGroupPolicies", "vpc:DescribeFlowLogs", "vpc:DescribeVpcs", "vpc:DescribeRouteTables", "vpc:DescribeSubnets", "vpc:DescribeCcnRegionBandwidthLimits", "vpc:DescribeNatGatewayDestinationIpPortTranslationNatRules", "tke:DescribeClusterEndpoints", "tke:DescribeClusterInstances", "tke:DescribePrometheusAgentInstances", "tke:DescribeAvailableClusterVersion", "tke:DescribeEKSContainerInstances", "tke:DescribePrometheusOverviews", "tke:DescribeAddon", "kms:DescribeKeys", "kms:GetKeyRotationStatus", "scf:GetAsyncEventStatus", "scf:GetFunction", "scf:ListFunctions", "cos:GetBucketPolicy", "cos:GetBucketReferer", "ckafka:DescribeTopicAttributes", "ssa:DescribeVulList", "clb:DescribeListeners", "mongodb:DescribeDBBackups", "redis:DescribeSSLStatus", "cynosdb:DescribeSSLStatus", "cynosdb:DescribeClusterTransparentEncryptInfo", "cynosdb:DescribeBinlogSaveDays", "cynosdb:DescribeBackupConfig", "cynosdb:DescribeDBSecurityGroups", "cynosdb:DescribeAuditInstanceList", "cynosdb:DescribeMaintainPeriod", "cynosdb:DescribeInstanceParams", "cynosdb:DescribeClusters", "cdb:DescribeDBSecurityGroups", "cdb:DescribeAuditInstanceList", "cdb:DescribeDBInstanceInfo", "cdb:DescribeBackupConfig", "cdb:DescribeTimeWindow", "cdb:DescribeSSLStatus", "cdb:DescribeInstanceParams", "tcr:DescribeSecurityPolicies", "tcr:DescribeExternalEndpointStatus", "cfs:DescribeCfsRules", "cfs:DescribeCfsSnapshots", "cloudaudit:DescribeAuditTracks", "ssm:DescribeRotationDetail", "waf:DescribeDomains", "waf:DescribeModuleStatus", "waf:DescribeDomainRules", "cdwch:DescribeBackUpJob", "cdwch:DescribeInstancesNew", "monitor:DescribePrometheusAgents", "kms:ListKeyDetail", "kms:ListKeys", "kms:DescribeKey" ], "resource": [ "*" ] } ] }
