全部产品
Search
文档中心

访问控制:AliyunDTSRolePolicy

更新时间:Jun 27, 2024

AliyunDTSRolePolicy 是专用于服务角色的授权策略,通常会在创建对应的服务角色时同步完成授权,以允许服务角色代您访问其他云服务。本策略由对应的阿里云服务按需更新,请勿将本策略授权给服务角色之外的 RAM 身份使用。

策略详情

  • 类型:系统策略

  • 创建时间:2016-09-12 13:34:45

  • 更新时间:2016-09-12 13:34:45

  • 当前版本:v1

策略内容

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "rds:Describe*",
        "rds:CreateDBInstance",
        "rds:CreateAccount*",
        "rds:CreateDataBase*",
        "rds:ModifySecurityIps",
        "rds:GrantAccountPrivilege",
        "rds:ReceiveDBInstance",
        "rds:CreateMigrateTask",
        "rds:DescribeMigrateTaskById",
        "rds:CreateOnlineDatabaseTask"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "ecs:DescribeSecurityGroupAttribute",
        "ecs:DescribeInstances",
        "ecs:DescribeRegions",
        "ecs:AuthorizeSecurityGroup",
        "ecs:CreateSecurityGroup",
        "ecs:DeleteSecurityGroup",
        "ecs:DescribeSecurityGroups",
        "ecs:JoinSecurityGroup",
        "ecs:LeaveSecurityGroup",
        "ecs:RevokeSecurityGroup"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "dhs:ListProject",
        "dhs:GetProject",
        "dhs:CreateTopic",
        "dhs:ListTopic",
        "dhs:GetTopic",
        "dhs:UpdateTopic",
        "dhs:ListShard",
        "dhs:MergeShard",
        "dhs:SplitShard",
        "dhs:PutRecords",
        "dhs:GetRecords",
        "dhs:GetCursors"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "elasticsearch:DescribeInstance",
        "elasticsearch:ListInstance",
        "elasticsearch:UpdateAdminPwd",
        "elasticsearch:UpdatePublicNetwork",
        "elasticsearch:UpdateBlackIps",
        "elasticsearch:UpdateKibanaIps",
        "elasticsearch:UpdatePublicIps",
        "elasticsearch:UpdatePrivateNetworkWhiteIps",
        "elasticsearch:UpdatePublicWhiteIps",
        "elasticsearch:UpdateWhiteIps",
        "elasticsearch:ModifyWhiteIps"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "drds:DescribeDrds*",
        "drds:ModifyDrdsIpWhiteList",
        "drds:DescribeRegions",
        "drds:DescribeRdsList",
        "drds:CreateDrdsDB",
        "drds:CreateDrdsAccount",
        "drds:DescribeShardDBs"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "polardb:DescribeDBClusterIPArrayList",
        "polardb:DescribeDBClusterNetInfo",
        "polardb:DescribeDBClusters",
        "polardb:DescribeRegions",
        "polardb:DescribeDBClusterEndpoints",
        "polardb:DescribeDBClusterAccessWhiteList",
        "polardb:ModifyDBClusterAccessWhitelist",
        "polardb:ModifySecurityIps",
        "polardb:DescribeDBClusterAttribute"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "dds:DescribeDBInstanceAttribute",
        "dds:DescribeReplicaSetRole",
        "dds:DescribeSecurityIps",
        "dds:DescribeDBInstances",
        "dds:ModifySecurityIps",
        "dds:DescribeShardingNetworkAddress",
        "dds:DescribeRegions"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "kvstore:DescribeSecurityIps",
        "kvstore:DescribeInstances",
        "kvstore:DescribeRegions",
        "kvstore:ModifySecurityIps",
        "kvstore:DescribeAccounts",
        "kvstore:CreateAccount",
        "kvstore:DescribeDBInstanceNetInfoForInner",
        "kvstore:DescribeDBInstanceNetInfo",
        "kvstore:AllocateInstancePrivateConnection",
        "kvstore:SyncDtsStatus",
        "kvstore:GetDbMasterInfo"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "petadata:DescribeInstanceInfo",
        "petadata:DescribeSecurityIPs",
        "petadata:DescribeInstances",
        "petadata:ModifySecurityIPs"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "adb:DescribeDBClusters",
        "adb:DescribeDBClusterAttribute",
        "adb:DescribeRegions",
        "adb:DescribeDBClusterNetInfo",
        "adb:DescribeDBClusterAccessWhiteList",
        "adb:ModifyDBClusterAccessWhiteList",
        "adb:DescribeDBClusterPerformance"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "gpdb:DescribeDBInstanceAttribute",
        "gpdb:DescribeDBInstances",
        "gpdb:DescribeRegions",
        "gpdb:DescribeDBInstanceIPArrayList",
        "gpdb:DescribeDBClusterIPArrayList",
        "gpdb:ModifySecurityIps",
        "gpdb:DescribeDBInstanceNetInfo",
        "gpdb:DescribeDBClusterPerformance"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "clickhouse:DescribeRegions",
        "clickhouse:DescribeDBClusters",
        "clickhouse:DescribeDBClusterAttribute",
        "clickhouse:DescribeDBClusterNetInfoItems",
        "clickhouse:DescribeDBClusterAccessWhiteList",
        "clickhouse:ModifyDBClusterAccessWhiteList",
        "clickhouse:DescribeAllDataSource",
        "clickhouse:DescribeDBInstances",
        "clickhouse:DescribeDBInstanceAttribute",
        "clickhouse:DescribeEndpoints",
        "clickhouse:DescribeSecurityIPList",
        "clickhouse:ModifySecurityIPList"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "ots:ListInstance",
        "ots:GetInstance",
        "ots:GetRow",
        "ots:PutRow",
        "ots:UpdateRow",
        "ots:DeleteRow",
        "ots:BatchWriteRow",
        "ots:BulkImport",
        "ots:CreateTable",
        "ots:DescribeTable",
        "ots:ListTable"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "dg:GetUserDatabases",
        "dg:GetUserGateways"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "cen:DeleteRouteServiceInCen",
        "cen:DescribeCenAttachedChildInstances",
        "cen:DescribeCens",
        "cen:DescribeRouteServicesInCen",
        "cen:ResolveAndRouteServiceInCen"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "polardbx:DescribeDBInstances",
        "polardbx:DescribeDBInstanceAttribute",
        "polardbx:DescribeSecurityIps",
        "polardbx:ModifySecurityIps"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "dms:GetUserActiveTenant",
        "dms:GetInstance",
        "dms:GetLogicDatabase",
        "dms:ListLogicDatabases",
        "dms:GetDBTopology",
        "dms:ListLogicTables",
        "dms:GetTableDBTopology"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "vpc:DescribeVpcs",
        "vpc:DescribeVpcAttribute",
        "vpc:DescribeVSwitchAttributes"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "lindorm:GetLindormInstanceListForDMS",
        "lindorm:GetLindormInstanceForDMS",
        "lindorm:UpdateInstanceIpWhiteList",
        "lindorm:GetLindormInstanceEngineList",
        "lindorm:GetLindormInstanceList",
        "lindorm:GetLindormInstance"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "hbase:DescribeClusterConnection",
        "hbase:DescribeInstance",
        "hbase:DescribeInstances",
        "hbase:ModifyIpWhitelist"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Effect": "Allow",
      "Action": [
        "bss:ModifyInstance",
        "nis:ListNetworkPath",
        "nis:DeleteNetworkPath",
        "nis:CreateNetworkPath",
        "nis:CreateNetworkReachableAnalysis",
        "nis:GetNetworkReachableAnalysis",
        "nis:IsOpenService",
        "nis:CheckHasNisSLR",
        "nis:BindServiceLinkRoleToUser"
      ],
      "Resource": "*"
    },
    {
      "Action": "ram:CreateServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "nis.aliyuncs.com"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "privatelink:CreateVpcEndpoint",
        "privatelink:GetVpcEndpointAttribute",
        "privatelink:ListVpcEndpoints",
        "privatelink:AddZoneToVpcEndpoint",
        "privatelink:ListVpcEndpointZones",
        "privatelink:CheckProductOpen",
        "privatelink:OpenPrivateLinkService",
        "privatelink:RemoveZoneFromVpcEndpoint",
        "privatelink:DeleteVpcEndpoint",
        "ram:CreateServiceLinkedRole",
        "ecs:DescribeSecurityGroups",
        "ecs:CreateSecurityGroup",
        "vpc:DescribeVSwitches"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "fc:InvokeFunction",
        "fc:ListServices",
        "fc:ListFunctions",
        "fc:ListServiceVersions",
        "fc:ListAliases"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "cms:DescribeEventRuleList",
        "cms:PutEventRule",
        "cms:DescribeContactGroupList",
        "cms:PutEventRuleTargets"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "cdt:GetCdtServiceStatus",
        "cdt:GetCdtCbServiceStatus",
        "cdt:OpenCdtService",
        "cdt:OpenCdtCbService"
      ],
      "Resource": "acs:cdt:*:*:*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "alikafka:ListInstance",
        "alikafka:ListTopic",
        "alikafka:UpdateInstance"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "selectdb:DescribeDBInstances",
        "selectdb:DescribeDBInstanceAttribute",
        "selectdb:DescribeDBInstanceNetInfo",
        "selectdb:DescribeSecurityIPList",
        "selectdb:ModifySecurityIPList"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "oceanbase:DescribeInstances",
        "oceanbase:DescribeTenants",
        "oceanbase:DescribeTenant",
        "oceanbase:DescribeTenantSecurityIpGroups",
        "oceanbase:ModifyTenantSecurityIpGroup"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "es-serverless:GetApp",
        "es-serverless:UpdateApp",
        "es-serverless:ListApps"
      ],
      "Resource": "*"
    }
  ]
}

相关文档