All Products
Search
Document Center

Container Service for Kubernetes:Permissions of Service-linked roles for ACK One

Last Updated:Jan 20, 2025

An Alibaba Cloud service may need to access other Alibaba Cloud services to implement specific features. In this case, the Alibaba Cloud service must assume a service-linked role to access other Alibaba Cloud services. A service-linked role is a Resource Access Management (RAM) role. To use all features provided by Distributed Cloud Container Platform for Kubernetes (ACK One), you must assign the required service-linked role to ACK One. This topic introduces the service-linked role for ACK One and describes the permissions of the role.

How to assign the service-linked role

If this is the first time you use ACK One, you need to complete authorization with an Alibaba Cloud account or RAM account administrator.

You do not need to manually create service-linked roles. During the first time you use the ACK One console, the console prompts you to complete the authorization first. You need only to follow the on-screen instructions to complete the authorization.

Important

Only Alibaba Cloud accounts and RAM account administrators can complete role authorization. Regular RAM users are not allowed to perform this operation. If the system prompts that you do not have the permissions, use an Alibaba Cloud account or RAM account administrator.

Service-linked role for ACK One

Role name

Permission

AliyunCSDefaultRole

  • ACK One can assume this role to access your cloud resources during cluster management, such as resources in Elastic Compute Service (ECS), Virtual Private Cloud (VPC), Server Load Balancer (SLB), Resource Orchestration Service (ROS), and Auto Scaling.

  • To use features provided by ACK One, this role is required.

AliyunServiceRoleForAdcp

  • ACK One can assume this role to access your cloud resources during cluster management, such as resources in ECS, VPC, and SLB.

  • To use features provided by ACK One, this role is required.

AliyunAdcpServerlessKubernetesRole

  • Fleet instances and Kubernetes clusters for distributed Argo workflows of ACK One assume this role to access cloud resources in VPC, ECS, Alibaba Cloud DNS PrivateZone, Elastic Container Instance, and Simple Log Service.

  • To use features provided by ACK One, this role is required.

AliyunAdcpManagedMseRole

  • Fleet instances of ACK One assume this role to access resources in Microservices Engine (MSE).

  • This role is required when you use multi-cluster gateways. This role does not affect the use of other features.

Permissions of the service-linked role

AliyunServiceRoleForAdcp

ECS-related permissions

  • ecs:CreateSecurityGroup

  • ecs:CreateSecurityGroupPermissions

  • ecs:DeleteSecurityGroup

  • ecs:DescribeAccountAttributes

  • ecs:DescribeSecurityGroups

  • ecs:AuthorizeSecurityGroup

  • ecs:RevokeSecurityGroup

  • ecs:AuthorizeSecurityGroupEgress

  • ecs:RevokeSecurityGroupEgress

  • ecs:DescribeNetworkInterfaces

  • ecs:DescribeZones

VPC-related permissions

  • vpc:DescribeVpcAttribute

  • vpc:DescribeVSwitchAttributes

  • vpc:AllocateEipAddress

  • vpc:AssociateEipAddress

  • vpc:UnassociateEipAddress

  • vpc:ReleaseEipAddress

  • vpc:DescribeEipAddresses

  • vpc:TagResources

  • vpc:DeletionProtection

  • vpc:DescribeRouteTableList

  • vpc:CreateRouteEntry

  • vpc:DeleteeRouteEntry

  • vpc:AcceptVpcPeerConnection

  • vpc:GetVpcPeerConnectionAttribute

  • vpc:DescribeVSwitches

  • vpc:DescribeVpcs

CEN-related permissions

  • cen:DescribeCenAttachedChildInstances

  • cen:DescribeCens

SLB-related permissions

  • slb:DescribeLoadBalancerAttribute

  • slb:CreateLoadBalancer

  • slb:DeleteLoadBalancer

  • slb:StartLoadBalancerListener

  • slb:StopLoadBalancerListener

  • slb:CreateLoadBalancerTCPListener

  • slb:CreateLoadBalancerHTTPListener

  • slb:DeleteLoadBalancerListener

  • slb:AddTags

  • slb:RemoveTags

  • slb:SetLoadBalancerDeleteProtection

  • slb:SetLoadBalancerModificationProtection

  • slb:DescribeZones

  • slb:CreateAccessControlList

  • slb:DescribeAccessControlLists

  • slb:AddAccessControlListEntry

  • slb:RemoveAccessControlListEntry

  • slb:SetLoadBalancerTCPListenerAttribute

ASM-related permissions

  • servicemesh:CreateServiceMesh

  • servicemesh:DeleteServiceMesh

  • servicemesh:DescribeServiceMeshDetail

  • servicemesh:DescribeServiceMeshes

  • servicemesh:DescribeServiceMeshKubeconfig

  • servicemesh:DescribeServiceMeshLogs

  • servicemesh:ModifyServiceMesh

  • servicemesh:ModifyServiceMeshName

  • servicemesh:DescribeClustersInServiceMesh

  • servicemesh:AddClusterIntoServiceMesh

  • servicemesh:RemoveClusterFromServiceMesh

  • servicemesh:UpdateMeshFeature

  • servicemesh:DescribeRegions

  • servicemesh:DescribeServiceMeshUpgradeStatus

  • servicemesh:DescribeVersions

  • servicemesh:RevokeKubeconfig

  • servicemesh:UpdateServiceMeshOwner

RAM-related Permissions

  • ram:CreateApplication

  • ram:ListApplications

  • ram:ListAppSecretIds

  • ram:GetApplication

  • ram:UpdateApplication

  • ram:CreateAppSecret

  • ram:GetAppSecret

  • ram:DeleteApplication

  • ram:DeleteAppSecret

  • ram:CreateApplication

  • ram:ListApplications

  • ram:ListAppSecretIds

  • ram:CreateServiceLinkedRole

ARMS-related Permissions

  • arms:InstallManagedPrometheus

  • arms:UninstallManagedPrometheus

AliyunAdcpServerlessKubernetesRole

VPC-related permissions

  • vpc:DescribeVSwitches

  • vpc:DescribeVpcs

  • vpc:AssociateEipAddress

  • vpc:DescribeEipAddresses

  • vpc:AllocateEipAddress

  • vpc:ReleaseEipAddress

  • vpc:AddCommonBandwidthPackageIp

  • vpc:RemoveCommonBandwidthPackageIp

ECS-related permissions

  • ecs:DescribeSecurityGroups

  • ecs:CreateNetworkInterface

  • ecs:CreateNetworkInterfacePermission

  • ecs:DescribeNetworkInterfaces

  • ecs:AttachNetworkInterface

  • ecs:DetachNetworkInterface

  • ecs:DeleteNetworkInterface

  • ecs:DeleteNetworkInterfacePermission

ARMS-related permissions

  • arms:GetManagedPrometheusStatus

  • arms:InstallManagedPrometheus

  • arms:UninstallManagedPrometheus

Alibaba Cloud DNS PrivateZone-related permissions

  • pvtz:AddZone

  • pvtz:DeleteZone

  • pvtz:DescribeZones

  • pvtz:DescribeZoneInfo

  • pvtz:BindZoneVpc

  • pvtz:AddZoneRecord

  • pvtz:DeleteZoneRecord

  • pvtz:DeleteZoneRecordsByRR

  • pvtz:DescribeZoneRecordsByRR

  • pvtz:DescribeZoneRecords

Elastic Container Instance-related permissions

  • eci:CreateContainerGroup

  • eci:DeleteContainerGroup

  • eci:DescribeContainerGroups

  • eci:DescribeContainerGroupStatus

  • eci:DescribeContainerGroupEvents

  • eci:DescribeContainerLog

  • eci:UpdateContainerGroup

  • eci:UpdateContainerGroupByTemplate

  • eci:CreateContainerGroupFromTemplate

  • eci:RestartContainerGroup

  • eci:ExportContainerGroupTemplate

  • eci:DescribeContainerGroupMetric

  • eci:DescribeMultiContainerGroupMetric

  • eci:ResizeContainerGroupVolume

  • eci:ExecContainerCommand

  • eci:CreateImageCache

  • eci:DescribeImageCaches

  • eci:DeleteImageCache

Simple Log Service-related permissions

  • log:CreateProject

  • log:GetProject

  • log:DeleteProject

  • log:CreateLogStore

  • log:GetLogStore

  • log:UpdateLogStore

  • log:DeleteLogStore

  • log:CreateConfig

  • log:UpdateConfig

  • log:GetConfig

  • log:DeleteConfig

  • log:CreateMachineGroup

  • log:UpdateMachineGroup

  • log:GetMachineGroup

  • log:DeleteMachineGroup

  • log:ApplyConfigToGroup

  • log:GetAppliedMachineGroups

  • log:GetAppliedConfigs

  • log:RemoveConfigFromMachineGroup

  • log:CreateIndex

  • log:GetIndex

  • log:UpdateIndex

  • log:DeleteIndex

  • log:CreateSavedSearch

  • log:GetSavedSearch

  • log:UpdateSavedSearch

  • log:DeleteSavedSearch

  • log:CreateDashboard

  • log:GetDashboard

  • log:UpdateDashboard

  • log:DeleteDashboard

  • log:CreateJob

  • log:GetJob

  • log:DeleteJob

  • log:PostLogStoreLogs

  • log:UpdateJob

RAM-related Permissions

ram:CreateServiceLinkedRole

AliyunAdcpManagedMseRole

MSE-related permissions

  • mse:AddBlackWhiteList

  • mse:AddGateway

  • mse:AddServiceSource

  • mse:CreateApplication

  • mse:DeleteGateway

  • mse:DeleteServiceSource

  • mse:GetBlackWhiteList

  • mse:GetGateway

  • mse:GetGatewayDetail

  • mse:GetGatewayOption

  • mse:ListServiceSource

  • mse:ListTagResources

  • mse:ModifyLosslessRule

  • mse:TagResources

  • mse:UntagResources

  • mse:UpdateBlackWhiteList

  • mse:UpdateGatewayOption

  • mse:UpdateServiceSource

Simple Log Service-related permissions

  • log:CloseProductDataCollection

  • log:OpenProductDataCollection

  • log:GetProductDataCollection

RAM-related permissions

ram:CreateServiceLinkedRole

AliyunCSManagedKubernetesRole

ECS-related permissions

  • ecs:Describe*

  • ecs:CreateRouteEntry

  • ecs:DeleteRouteEntry

  • ecs:CreateNetworkInterface

  • ecs:DeleteNetworkInterface

  • ecs:CreateNetworkInterfacePermission

  • ecs:DeleteNetworkInterfacePermission

  • ecs:ModifyInstanceAttribute

  • ecs:AttachKeyPair

  • ecs:StopInstance

  • ecs:StartInstance

  • ecs:ReplaceSystemDisk

SLB-related permissions

  • slb:Describe*

  • slb:CreateLoadBalancer

  • slb:DeleteLoadBalancer

  • slb:ModifyLoadBalancerInternetSpec

  • slb:RemoveBackendServers

  • slb:AddBackendServers

  • slb:RemoveTags

  • slb:AddTags

  • slb:TagResources

  • slb:UnTagResources

  • slb:ListTagResources

  • slb:StopLoadBalancerListener

  • slb:StartLoadBalancerListener

  • slb:SetLoadBalancerHTTPListenerAttribute

  • slb:SetLoadBalancerHTTPSListenerAttribute

  • slb:SetLoadBalancerTCPListenerAttribute

  • slb:SetLoadBalancerUDPListenerAttribute

  • slb:CreateLoadBalancerHTTPSListener

  • slb:CreateLoadBalancerHTTPListener

  • slb:CreateLoadBalancerTCPListener

  • slb:CreateLoadBalancerUDPListener

  • slb:DeleteLoadBalancerListener

  • slb:CreateVServerGroup

  • slb:DescribeVServerGroups

  • slb:DeleteVServerGroup

  • slb:SetVServerGroupAttribute

  • slb:DescribeVServerGroupAttribute

  • slb:ModifyVServerGroupBackendServers

  • slb:AddVServerGroupBackendServers

  • slb:ModifyLoadBalancerInstanceSpec

  • slb:ModifyLoadBalancerInternetSpec

  • slb:SetLoadBalancerModificationProtection

  • slb:SetLoadBalancerDeleteProtection

  • slb:SetLoadBalancerName

  • slb:ModifyLoadBalancerInstanceChargeType

  • slb:RemoveVServerGroupBackendServers

VPC-related permissions

  • vpc:Describe*

  • vpc:DeleteRouteEntry

  • vpc:CreateRouteEntry

Simple Log Service-related permissions

  • log:CreateProject

  • log:GetProject

  • log:GetProductDataCollection

  • log:OpenProductDataCollection

  • log:CloseProductDataCollection

  • log:GetLogStoreHistogram

  • log:AnalyzeProductLog

  • log:CreateIndex

  • log:UpdateIndex

  • log:DeleteIndex

  • log:CreateLogStore

  • log:UpdateLogStore

  • log:DeleteLogStore

  • log:CreateDashboard

  • log:UpdateDashboard

  • log:DeleteDashboard

  • log:SetGeneralDataAccessConfig

ALB-related permissions

  • alb:EnableLoadBalancerIpv6Internet

  • alb:DisableLoadBalancerIpv6Internet

  • alb:CreateAcl

  • alb:DeleteAcl

  • alb:ListAcls

  • alb:ListAclRelations

  • alb:AddEntriesToAcl

  • alb:AssociateAclsWithListener

  • alb:ListAclEntries

  • alb:RemoveEntriesFromAcl

  • alb:DissociateAclsFromListener

  • alb:TagResources

  • alb:UnTagResources

  • alb:ListServerGroups

  • alb:ListServerGroupServers

  • alb:AddServersToServerGroup

  • alb:RemoveServersFromServerGroup

  • alb:ReplaceServersInServerGroup

  • alb:CreateLoadBalancer

  • alb:DeleteLoadBalancer

  • alb:UpdateLoadBalancerAttribute

  • alb:UpdateLoadBalancerEdition

  • alb:EnableLoadBalancerAccessLog

  • alb:DisableLoadBalancerAccessLog

  • alb:EnableDeletionProtection

  • alb:DisableDeletionProtection

  • alb:ListLoadBalancers

  • alb:GetLoadBalancerAttribute

  • alb:ListListeners

  • alb:CreateListener

  • alb:GetListenerAttribute

  • alb:UpdateListenerAttribute

  • alb:ListListenerCertificates

  • alb:AssociateAdditionalCertificatesWithListener

  • alb:DissociateAdditionalCertificatesFromListener

  • alb:DeleteListener

  • alb:CreateRule

  • alb:DeleteRule

  • alb:UpdateRuleAttribute

  • alb:CreateRules

  • alb:UpdateRulesAttribute

  • alb:DeleteRules

  • alb:ListRules

  • alb:UpdateListenerLogConfig

  • alb:CreateServerGroup

  • alb:DeleteServerGroup

  • alb:UpdateServerGroupAttribute

  • alb:UpdateLoadBalancerAddressTypeConfig

  • alb:AttachCommonBandwidthPackageToLoadBalancer

  • alb:DetachCommonBandwidthPackageFromLoadBalancer

  • alb:UpdateServerGroupServersAttribute

  • alb:MoveResourceGroup

  • alb:ListAScripts

  • alb:CreateAScripts

  • alb:UpdateAScripts

  • alb:DeleteAScripts

  • alb:LoadBalancerJoinSecurityGroup

  • alb:LoadBalancerLeaveSecurityGroup

  • alb:DescribeZones

NLB-related permissions

  • nlb:TagResources

  • nlb:UnTagResources

  • nlb:ListTagResources

  • nlb:CreateLoadBalancer

  • nlb:DeleteLoadBalancer

  • nlb:GetLoadBalancerAttribute

  • nlb:ListLoadBalancers

  • nlb:UpdateLoadBalancerAttribute

  • nlb:UpdateLoadBalancerAddressTypeConfig

  • nlb:UpdateLoadBalancerZones

  • nlb:CreateListener

  • nlb:DeleteListener

  • nlb:ListListeners

  • nlb:UpdateListenerAttribute

  • nlb:StopListener

  • nlb:StartListener

  • nlb:GetListenerAttribute

  • nlb:GetListenerHealthStatus

  • nlb:CreateServerGroup

  • nlb:DeleteServerGroup

  • nlb:UpdateServerGroupAttribute

  • nlb:AddServersToServerGroup

  • nlb:RemoveServersFromServerGroup

  • nlb:UpdateServerGroupServersAttribute

  • nlb:ListServerGroups

  • nlb:ListServerGroupServers

  • nlb:LoadBalancerLeaveSecurityGroup

  • nlb:LoadBalancerJoinSecurityGroup

  • nlb:DisableLoadBalancerIpv6Internet

  • nlb:EnableLoadBalancerIpv6Internet

  • nlb:UpdateLoadBalancerProtection

  • nlb:AttachCommonBandwidthPackageToLoadBalancer

  • nlb:DetachCommonBandwidthPackageFromLoadBalancer

  • nlb:GetJobStatus

CMS-related permissions

  • cms:DescribeMetricData

  • cms:DescribeMetricLast

  • cms:DescribeMetricMetaList

  • cms:DescribeMetricTop

  • cms:QueryMetricData

  • cms:QueryMetricLast

  • cms:DescribeMetricList

  • cms:QueryMetricList

  • cms:MetricMeta

ACR-related permissions

  • cr:Get*

  • cr:List*

  • cr:PullRepository

AliyunCSManagedLogRole

Simple Log Service-related permissions

  • log:CreateProject

  • log:GetProject

  • log:DeleteProject

  • log:CreateLogStore

  • log:GetLogStore

  • log:UpdateLogStore

  • log:DeleteLogStore

  • log:CreateConfig

  • log:UpdateConfig

  • log:GetConfig

  • log:DeleteConfig

  • log:CreateMachineGroup

  • log:UpdateMachineGroup

  • log:GetMachineGroup

  • log:DeleteMachineGroup

  • log:ApplyConfigToGroup

  • log:GetAppliedMachineGroups

  • log:GetAppliedConfigs

  • log:RemoveConfigFromMachineGroup

  • log:RemoveConfigFromGroup

  • log:CreateIndex

  • log:GetIndex

  • log:UpdateIndex

  • log:DeleteIndex

  • log:CreateSavedSearch

  • log:GetSavedSearch

  • log:UpdateSavedSearch

  • log:DeleteSavedSearch

  • log:CreateDashboard

  • log:GetDashboard

  • log:UpdateDashboard

  • log:DeleteDashboard

  • log:CreateJob

  • log:GetJob

  • log:DeleteJob

  • log:UpdateJob

  • log:PostLogStoreLogs

  • log:CreateSortedSubStore

  • log:GetSortedSubStore

  • log:ListSortedSubStore

  • log:UpdateSortedSubStore

  • log:DeleteSortedSubStore

  • log:CreateApp

  • log:UpdateApp

  • log:GetApp

  • log:DeleteApp

  • log:GetLogStoreLogs

  • log:TagResources

  • log:ListJobs

  • log:ListTagResources

  • log:UntagResources

  • log:CreateResourceRecord

  • log:UpdateResourceRecord

  • log:UpsertResourceRecord

  • log:GetResourceRecord

  • log:DeleteResourceRecord

  • log:ListResourceRecords

  • log:ListResources

  • log:GetResource

  • log:PutLogs

  • log:UpdateLogStoreMeteringMode

  • log:GetLogStoreMeteringMode

  • log:CreateLogtailPipelineConfig

  • log:DeleteLogtailPipelineConfig

  • log:GetLogtailPipelineConfig

  • log:UpdateLogtailPipelineConfig

  • log:ListLogtailPipelineConfig

  • log:CreateSubStore

  • cs:UpdateContactGroup

  • cs:DescribeTemplates

  • cs:DescribeTemplateAttribute

  • eventbridge:PutEvents

AliyunCSManagedCmsRole

CMS-related permissions

  • cms:DescribeMonitorGroups

  • cms:DescribeMonitorGroupInstances

  • cms:CreateMonitorGroup

  • cms:DeleteMonitorGroup

  • cms:ModifyMonitorGroupInstances

  • cms:CreateMonitorGroupInstances

  • cms:DeleteMonitorGroupInstances

  • cms:TaskConfigCreate

  • cms:TaskConfigList

  • cms:DescribeMetricList

  • cms:QueryMetricList

  • cms:CreateDynamicTagGroup

  • cms:PutGroupMetricRule

  • cms:DescribeMetricRuleList

  • cms:DeleteMetricRules

  • cs:DescribeMonitorToken

  • ahas:GetSentinelAppSumMetric

  • log:GetLogStoreLogs

  • slb:DescribeMetricList

  • sls:GetLogs

  • sls:PutLogs

AliyunCSManagedArmsRole

ARMS-related permissions

  • arms:CMonitorCloudInstances

  • arms:CMonitorRegister

  • arms:ConfigAgentLabel

  • arms:CreateAlertRules

  • arms:CreateAlertTemplate

  • arms:CreateApp

  • arms:CreateContact

  • arms:CreateContactGroup

  • arms:CreateDispatchRule

  • arms:CreateOrUpdateIMRobot

  • arms:CreateOrUpdateWebhookContact

  • arms:CreateProm

  • arms:CreatePrometheusAlertRule

  • arms:DeleteAlert

  • arms:DeleteAlertContact

  • arms:DeleteAlertContactGroup

  • arms:DeleteAlertRules

  • arms:DeleteAlertTemplate

  • arms:DeleteApp

  • arms:DeleteContact

  • arms:DeleteContactGroup

  • arms:DeleteContactLink

  • arms:DeleteContactMember

  • arms:DeleteDispatchRule

  • arms:DeleteIMRobot

  • arms:DeletePrometheusAlertRule

  • arms:DeleteWebhookContact

  • arms:DescribeDispatchRule

  • arms:DescribeIMRobots

  • arms:DescribePrometheusAlertRule

  • arms:DescribeWebhookContacts

  • arms:DisableAlertTemplate

  • arms:EnableAlertTemplate

  • arms:GetAlarmHistories

  • arms:GetAlert

  • arms:GetAlertEvents

  • arms:GetAlertRules

  • arms:GetAlertRulesByPage

  • arms:GetAssumeRoleCredentials

  • arms:GetCommercialStatus

  • arms:InstallEventer

  • arms:InstallManagedPrometheus

  • arms:ListActivatedAlerts

  • arms:ListAlertTemplates

  • arms:ListDashboards

  • arms:ListDispatchRule

  • arms:ListEscalationPolicies

  • arms:ListOnCallSchedules

  • arms:ListPrometheusAlertRules

  • arms:ListPrometheusAlertTemplates

  • arms:QueryAlarmHistory

  • arms:QueryAlarmName

  • arms:SaveAlert

  • arms:SaveContactGroup

  • arms:SaveContactMember

  • arms:SaveTraceAppConfig

  • arms:SearchAlarmHistories

  • arms:SearchAlertRules

  • arms:SearchContact

  • arms:SearchContactGroup

  • arms:SearchEvents

  • arms:SendTTSVerifyLink

  • arms:StartAlert

  • arms:StartAlertRule

  • arms:StopAlert

  • arms:StopAlertRule

  • arms:UninstallManagedPrometheus

  • arms:UpdateAlertRules

  • arms:UpdateAlertTemplate

  • arms:UpdateContact

  • arms:UpdateContactGroup

  • arms:UpdateContactMember

  • arms:UpdateDispatchRule

  • arms:UpdatePrometheusAlertRule

  • arms:UpgradeAddonRelease

  • arms:CheckServiceStatus

  • arms:GetClusterAllUrl

  • arms:GetClusterInfoForArms

  • arms:GetExploreUrl

  • arms:GetIntegrationState

  • arms:GetManagedPrometheusStatus

  • arms:ListAlertEvents

  • arms:QueryMetric

  • arms:QueryPromInstallStatus

  • arms:SearchAlertContactGroup

  • arms:SearchAlertHistories

  • arms:CreateAlertContact

  • arms:CreateAlertContactGroup

  • arms:ImportCustomAlertRules

  • arms:SearchAlertContact

  • arms:UpdateAlertContact

  • arms:UpdateAlertContactGroup

  • arms:UpdateAlertRule

  • arms:UpdateWebhook

  • arms:InnerFetchContactGroupByArmsContactGroupId

  • xtrace:GetToken

  • arms:ListEnvironments

  • arms:DescribeAddonRelease

  • arms:InstallAddon

  • arms:DeleteAddonRelease

  • arms:ListEnvironmentDashboards

  • arms:ListAddonReleases

  • arms:CreateEnvironment

  • arms:InitEnvironment

  • arms:DescribeEnvironment

  • arms:InstallEnvironmentFeature

  • arms:ListEnvironmentFeatures

  • arms:UpdateEnvironment

  • arms:GetPrometheusInstance

  • arms:GetPrometheusApiToken

MSE-related permissions

  • mse:AddBlackWhiteList

  • mse:AddGateway

  • mse:AddServiceSource

  • mse:CreateApplication

  • mse:DeleteGateway

  • mse:GetBlackWhiteList

  • mse:GetGateway

  • mse:GetGatewayDetail

  • mse:GetGatewayOption

  • mse:ListServiceSource

  • mse:ListTagResources

  • mse:ModifyLosslessRule

  • mse:TagResources

  • mse:UntagResources

  • mse:UpdateBlackWhiteList

  • mse:UpdateGatewayOption

  • mse:UpdateServiceSource

  • mse:GetLicenseKey

  • mse:CreateGovernanceKubernetesCluster

  • mse:ReportOnePilotInfo

  • mse:GenerateAgentLogSts

  • mse:GetOpenSergoInfoByClusterId

  • mse:ListNamespaces

  • mse:ReportAppProfile

Simple Log Service-related permissions

  • log:PostLogStoreLogs

  • log:RemoteWritePrometheus

  • log:RemoteWrite

References