AliyunServiceRoleForCloudNDR is the authorization policy dedicated to a service-linked role. The policy is automatically attached to a service role when the service role is created. Then, the service-linked role is authorized to access other cloud services. This policy is updated by the relevant Alibaba Cloud service. Do not attach this policy to a RAM identity other than a service-linked role.
Policy details
Type: service system policy
Creation time: 16:58:02 on May 27, 2024
Update time: 16:58:02 on May 27, 2024
Current version: v6
Policy content
{"Version":"1","Statement":[{"Action":["ecs:DescribeInstances","ecs:DescribeNetworkInterfaces"],"Resource":"*","Effect":"Allow"},{"Action":["slb:DescribeLoadBalancers"],"Resource":"*","Effect":"Allow"},{"Action":["nlb:ListLoadBalancers"],"Resource":"*","Effect":"Allow"},{"Action":["alb:GetLoadBalancerAttribute","alb:ListLoadBalancers"],"Resource":"*","Effect":"Allow"},{"Action":["vpc:DescribeEipAddresses","vpc:DescribeNatGateways","vpc:DescribeIpv6Addresses"],"Resource":"*","Effect":"Allow"},{"Action":["log:DescribeService","log:EnableService"],"Resource":"*","Effect":"Allow"},{"Action":["log:ListProject","log:ListLogStores"],"Resource":"acs:log:*:*:project/*","Effect":"Allow"},{"Action":["log:PostLogStoreLogs","log:GetProject","log:GetLogStore","log:CreateLogStore","log:CreateProject","log:GetIndex","log:CreateIndex","log:UpdateIndex","log:CreateDashboard","log:ClearLogStoreStorage","log:UpdateLogStore","log:UpdateDashboard","log:DeleteProject","log:CreateSavedSearch","log:UpdateSavedSearch","log:DeleteLogStore"],"Resource":"acs:log:*:*:project/ndr*","Effect":"Allow"},{"Action":"yundun-aegis:DescribeAccesskeyLeakList","Resource":"*","Effect":"Allow"},{"Action":"ram:DeleteServiceLinkedRole","Resource":"*","Effect":"Allow","Condition":{"StringEquals":{"ram:ServiceName":"ndr.aliyuncs.com"}}}]}