服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
---|---|---|---|
配置审计 | Config_QCSLinkedRoleInConfigRecorder | 服务相关角色 | configrecorder.config.cloud.tencent.com |
Config_QCSLinkedRoleInConfigRecorder
使用场景: 当前角色为配置审计(Config)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForConfigLinkedRoleInConfigRecorder
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "cvm:DescribeInstances", "cvm:DescribeCbsStorages", "cvm:DescribeSecurityGroups", "cvm:DescribeSecurityGroupPolicys", "cvm:AssociateSecurityGroups", "cvm:DisassociateSecurityGroups", "vpc:DescribeVpcEx", "vpc:DescribeVpcInstances", "vpc:DescribeSubnetEx", "cam:ListUsers", "cam:DescribeSafeAuthFlagColl", "cam:ListAccessKeys", "cam:ListGroupsForUser", "cam:ListAttachedUserAllPolicies", "cam:ListGroups", "cam:ListUsersForGroup", "cam:ListAttachedGroupPolicies", "cam:DescribeRoleList", "cam:ListAttachedRolePolicies", "cam:ListPolicies", "cam:ListEntitiesForPolicy", "cam:GetRole", "cam:GetUser", "cam:GetPolicy", "cam:GetGroup", "cos:GetService", "cos:GetBucket", "cos:PutObject", "cos:GetBucket", "cos:GetBucketACL", "cos:GetBucketVersioning", "cos:GetBucketLogging", "cos:GetBucketEncryption", "cos:GetBucketTagging", "cloudaudit:DescribeEvents", "cls:pushLog", "cls:DescribeTopics", "organization:DescribeOrganizationMembers", "organization:CreateOrgMemberProductServiceRole", "organization:DescribeOrganization", "scf:ListFunctions", "scf:Invoke", "cvm:DescribeSecurityGroupAssociateInstances", "clb:DescribeLoadBalancers", "clb:DescribeLoadBalancersDetail" ], "resource": [ "*" ] } ] }