AliyunCSManagedCsiRolePolicy 是专用于服务角色的授权策略,通常会在创建对应的服务角色时同步完成授权,以允许服务角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务角色之外的 RAM 身份使用。
策略详情
类型:系统策略
创建时间:2024-10-18 11:13:24
更新时间:2026-01-06 09:57:42
当前版本:v18
策略内容
{
"Version": "1",
"Statement": [{
"Action": [
"ecs:AttachDisk",
"ecs:DetachDisk",
"ecs:DescribeDisks",
"ecs:CreateDisk",
"ecs:ResizeDisk",
"ecs:CreateSnapshot",
"ecs:DeleteSnapshot",
"ecs:CreateAutoSnapshotPolicy",
"ecs:ApplyAutoSnapshotPolicy",
"ecs:CancelAutoSnapshotPolicy",
"ecs:DeleteAutoSnapshotPolicy",
"ecs:DescribeAutoSnapshotPolicyEX",
"ecs:ModifyAutoSnapshotPolicyEx",
"ecs:AddTags",
"ecs:RemoveTags",
"ecs:DescribeTags",
"ecs:DescribeSnapshots",
"ecs:ListTagResources",
"ecs:TagResources",
"ecs:UntagResources",
"ecs:ModifyDiskSpec",
"ecs:CreateSnapshot",
"ecs:DescribeSnapshotGroups",
"ecs:CreateSnapshotGroup",
"ecs:DeleteSnapshotGroup",
"ecs:CopySnapshot",
"ecs:DeleteDisk",
"ecs:DescribeInstanceAttribute",
"ecs:DescribeInstanceHistoryEvents",
"ecs:DescribeTaskAttribute",
"ecs:DescribeInstances"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"nas:DescribeFileSystems",
"nas:DescribeMountTargets",
"nas:AddTags",
"nas:DescribeTags",
"nas:RemoveTags",
"nas:CreateFileSystem",
"nas:DeleteFileSystem",
"nas:ModifyFileSystem",
"nas:CreateMountTarget",
"nas:DeleteMountTarget",
"nas:ModifyMountTarget",
"nas:TagResources",
"nas:SetDirQuota",
"nas:EnableRecycleBin",
"nas:GetRecycleBinAttribute",
"nas:DescribeProtocolMountTarget",
"nas:CancelDirQuota",
"nas:CreateDir",
"nas:DescribeDirQuotas",
"nas:CancelDataFlowTask",
"nas:CreateDataFlow",
"nas:DeleteDataFlow",
"nas:CreateDataFlowTask",
"nas:DescribeDataFlows",
"nas:DescribeDataFlowTasks"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"cs:CreateResourcesSystemTags",
"cs:DescribeTemplateAttribute",
"cs:DescribeTemplates"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"oss:PutBucket",
"oss:GetObjectTagging",
"oss:ListBuckets",
"oss:PutBucketTagging",
"oss:GetBucketTagging",
"oss:PutBucketEncryption",
"oss:GetBucketStat",
"oss:PutBucketVersioning",
"oss:GetBucketInfo"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"ens:DescribeInstances",
"ens:DescribeDisks",
"ens:ModifyDiskAttribute",
"ens:CreateDisk",
"ens:DetachDisk",
"ens:AttachDisk",
"ens:DeleteDisk"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"kms:ListAliases"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"hbr:CreateVault",
"hbr:CreateBackupJob",
"hbr:DescribeVaults",
"hbr:DescribeBackupJobs2",
"hbr:DescribeRestoreJobs",
"hbr:SearchHistoricalSnapshots",
"hbr:CreateRestoreJob",
"hbr:AddContainerCluster",
"hbr:DescribeContainerCluster",
"hbr:DescribeRestoreJobs2"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"oss:PutObject",
"oss:IsObjectExist",
"oss:ListObjects",
"oss:GetObject",
"oss:DeleteObject",
"oss:GetBucket"
],
"Resource": "acs:oss:*:*:cnfs-oss*"
},
{
"Effect": "Allow",
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"oss-dataflow.nas.aliyuncs.com",
"event-notification.nas.aliyuncs.com"
]
}
}
}
]
}