AliyunServiceRolePolicyForAcc is the authorization policy dedicated to a service-linked role. The policy is automatically attached to a service role when the service role is created. Then, the service-linked role is authorized to access other cloud services. This policy is updated by the relevant Alibaba Cloud service. Do not attach this policy to a RAM identity other than a service-linked role.
Policy details
Type: service system policy
Creation time: 10:41:12 on April 14, 2025
Update time: 09:35:56 on December 03, 2025
Current version: v18
Policy content
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:CreateNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeInstanceAttribute",
"ecs:AssignPrivateIpAddresses",
"ecs:UnassignPrivateIpAddresses",
"ecs:DescribeInstances",
"ecs:DescribeInstanceTypes",
"ecs:AssignIpv6Addresses",
"ecs:UnassignIpv6Addresses",
"ecs:ModifyNetworkInterfaceAttribute",
"ecs:CreateNetworkInterfacePermission",
"ecs:DeleteNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:CreateSecurityGroup",
"ecs:ModifySecurityGroupEgressRule",
"ecs:ModifySecurityGroupPolicy",
"ecs:ModifySecurityGroupRule",
"ecs:DescribeSecurityGroups",
"ecs:RevokeSecurityGroup",
"ecs:RevokeSecurityGroupEgress",
"ecs:DeleteSecurityGroup",
"ecs:DescribeSecurityGroupAttribute",
"ecs:AuthorizeSecurityGroup",
"ecs:DescribeNetworkInterfaceAttribute",
"ecs:AuthorizeSecurityGroupEgress"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs",
"vpc:DescribeVpcAttribute",
"vpc:DescribeNatGateways",
"vpc:DescribeVSwitchAttributes"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"netana:DescribeNetworkQuotas",
"netana:DescribeIdleInstancesNum",
"netana:CreateNetworkQuotaRequest",
"netana:DescribeIdleInstances",
"netana:DescribeNetworkResourceCountForGlobal",
"netana:NetQueryIdleInstanceNotifyConfig",
"netana:NetModifyIdleInstanceNotifyConfig"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"cms:QueryMetricList"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"eci:DescribeRegions"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"quotas:GetProductQuota"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"cs:CreateCluster",
"cs:CreateClusterByResourcesGroup",
"cs:DeleteCluster",
"cs:DescribeClusterDetail",
"cs:DescribeClusterUserKubeconfig",
"cs:DescribeClusters",
"cs:DescribeClustersV1",
"cs:DescribeEvents",
"cs:DescribeTaskInfo",
"cs:GetClusters",
"cs:ListTagResources",
"cs:ModifyCluster",
"cs:ModifyClusterTags",
"cs:TagResources",
"cs:UpdateClusterName",
"cs:UntagResources",
"cs:DescribeClusterResources"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"arms:InstallManagedPrometheus",
"arms:UnInstallManagedPrometheus",
"arms:DeleteGrafanaResource",
"arms:GetManagedPrometheusStatus"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"cms:DescribeMetricData"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"bssapi:GetPayAsYouGoPrice"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"slb:AddBackendServers",
"slb:RemoveBackendServers",
"slb:DescribeLoadBalancerAttribute",
"slb:SetLoadBalancerTCPListenerAttribute",
"slb:DescribeHealthStatus",
"slb:DescribeLoadBalancers",
"slb:SetLoadBalancerTCPListenerAttribute",
"slb:DescribeLoadBalancerTCPListenerAttribute"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"ram:ListUserBasicInfos",
"ram:ListRoles"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"xtrace:GetToken"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"ram:CreateOIDCProvider",
"ram:GetOIDCProvider",
"ram:UpdateOIDCProvider",
"ram:DeleteOIDCProvider"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Condition": {
"StringLike": {
"ram:OidcIssuerUrl": [
"https://oidc-acs-*.aliyuncs.com/*"
]
}
}
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "acc.aliyuncs.com"
}
}
}
]
}