AliyunYundunBastionHostAuditOnlyAccess is a service system policy that is managed by Alibaba Cloud. You can attach the AliyunYundunBastionHostAuditOnlyAccess policy to a Resource Access Management (RAM) identity, such as a RAM user, RAM user group, and RAM role. The AliyunYundunBastionHostAuditOnlyAccess policy: Provides auditor access to Bastion Host Service via Management Console.
Policy details
Type: service system policy
Creation time: 09:31:34 on September 27, 2018
Update time: 10:48:15 on August 22, 2025
Current version: v6
Policy content
{
"Version": "1",
"Statement": [
{
"Action": [
"yundun-bastionhost:GetInstance*",
"yundun-bastionhost:DescribeInstance*",
"yundun-bastionhost:QueryInstance*",
"yundun-bastionhost:ListInstance*",
"yundun-bastionhost:*Audit*",
"yundun-bastionhost:DescribeOpenService"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "pam:GetInstanceDetail",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:CheckServiceLinkedRoleExistence",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "bastionhost.aliyuncs.com"
}
}
}
]
}