AliyunServiceRolePolicyForEfloVcc is the authorization policy dedicated to a service-linked role. The policy is automatically attached to a service role when the service role is created. Then, the service-linked role is authorized to access other cloud services. This policy is updated by the relevant Alibaba Cloud service. Do not attach this policy to a RAM identity other than a service-linked role.
Policy details
Type: service system policy
Creation time: 15:20:48 on October 23, 2025
Update time: 15:20:48 on October 23, 2025
Current version: v1
Policy content
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:CreateNetworkInterface",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:CreateSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:RevokeSecurityGroup",
"ecs:RevokeSecurityGroupEgress",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSecurityGroupAttribute",
"ecs:ModifyInstanceAttribute",
"ecs:ModifyNetworkInterfaceAttribute"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribeVpcAttribute",
"vpc:DescribeVSwitches",
"vpc:DescribeVSwitchAttributes",
"vpc:ConfirmPhysicalConnection",
"vpc:CreateVirtualBorderRouter",
"vpc:DeleteVirtualBorderRouter",
"vpc:DescribeVirtualBorderRouters",
"vpc:CreateBgpGroup",
"vpc:DeleteBgpGroup",
"vpc:DescribeBgpGroups",
"vpc:CreateBgpPeer",
"vpc:DeleteBgpPeer",
"vpc:DescribeBgpPeers",
"cen:AttachCenChildInstance",
"cen:DetachCenChildInstance",
"vpc:DescribeRouteEntryList",
"vpc:AddBgpNetwork",
"vpc:DeleteBgpNetwork",
"vpc:DescribeBgpNetworks",
"vpc:TerminatePhysicalConnection",
"vpc:RecoverPhysicalConnection",
"vpc:DeletePhysicalConnection",
"vpc:OpenPhysicalConnectionService",
"vpc:GetPhysicalConnectionServiceStatus",
"vpc:DescribePhysicalConnections",
"vpc:CreatePhysicalConnectionOccupancyOrder",
"vpc:UpdateVirtualPhysicalConnection",
"vpc:CreateRouterInterface",
"vpc:DeleteRouterInterface",
"vpc:DeactivateRouterInterface",
"vpc:DescribeRouterInterfaces",
"vpc:DescribeRouteTableList",
"vpc:CreateRouteEntries",
"vpc:DeleteRouteEntries",
"vpc:CreateRouteEntry",
"vpc:DeleteRouteEntry",
"vpc:DescribeGrantRulesToCen",
"vpc:GrantInstanceToCen",
"vpc:RevokeInstanceFromCen",
"vpc:CreatePhysicalConnectionNew",
"vpc:ModifyVirtualBorderRouterAttribute",
"vpc:AssociatePhysicalConnectionToVirtualBorderRouter",
"vpc:UnassociatePhysicalConnectionFromVirtualBorderRouter",
"bssapi:SetRenewal",
"vpc:CancelPhysicalConnection"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cen:CreateTransitRouterRouteEntry",
"cen:ListTransitRouterRouteEntries",
"cen:DeleteTransitRouterRouteEntry",
"cen:ResolveAndRouteServiceInCen",
"cen:DescribeRouteServicesInCen",
"cen:DeleteRouteServiceInCen",
"cen:CreateTransitRouterVbrAttachment",
"cen:DeleteTransitRouterVbrAttachment",
"cen:ListTransitRouterVbrAttachments",
"cen:ListTransitRouterVpcAttachments",
"cen:DisableTransitRouterRouteTablePropagation",
"cen:EnableTransitRouterRouteTablePropagation",
"cen:ListTransitRouterRouteTablePropagations",
"cen:AssociateTransitRouterAttachmentWithRouteTable",
"cen:DissociateTransitRouterAttachmentFromRouteTable",
"cen:ListTransitRouterRouteTableAssociations",
"cen:ListTransitRouterRouteTables",
"cen:ListTransitRouters",
"cen:ListTransitRouterAvailableResource",
"cen:ResolveAndRouteServiceInCen",
"cen:DescribeRouteServicesInCen",
"cen:DeleteRouteServiceInCen",
"cen:DescribeCenAttachedChildInstances",
"cen:DescribeCenAttachedChildInstanceAttribute",
"cen:DescribeCens"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ros:ListStacks",
"ros:GetStack",
"ros:ListStackEvents",
"ros:ListStackResources",
"ros:GetStackResource",
"ros:CreateStack",
"ros:DeleteStack",
"ros:PreviewStack"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "vcc.eflo.aliyuncs.com"
}
}
}
]
}