服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
| CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
|---|---|---|---|
| 腾讯云可观测平台 | CM_QCSLinkedRoleInTMP | 服务相关角色 | cvm.qcloud.com tmp.monitor.cloud.tencent.com |
| 腾讯云可观测平台 | CM_QCSLinkedRoleInQueryInstance | 服务相关角色 | queryInstance.cm.cloud.tencent.com |
CM_QCSLinkedRoleInTMP
使用场景: 当前角色为云监控(CM)服务相关角色,该角色用于授权云监控访问您的云产品资源。
权限策略
- 策略名称: QcloudAccessForCMLinkedRoleInTMP
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "monitor:DescribeBaseMetrics", "monitor:GetMonitorData", "cvm:DescribeInstances", "ckafka:DescribeInstances", "cdb:DescribeDBInstances", "clb:DescribeLoadBalancers", "mongodb:DescribeDBInstances", "redis:DescribeInstances", "redis:DescribeInstanceNodeInfo", "memcached:DescribeInstances", "cvm:DescribeAddresses", "cvm:DescribeCbsStorages", "dc:DescribeDirectConnectTunnels", "dc:DescribeDirectConnects", "vpc:DescribeNatGateways", "sqlserver:DescribeDBInstances", "mariadb:DescribeDBInstances", "es:DescribeInstances", "postgres:DescribeDBInstances", "lighthouse:DescribeInstances", "dcdb:DescribeDCDBInstances", "tdmq:DescribeRocketMQNamespaces", "tdmq:DescribeRocketMQTopics", "tdmq:DescribeRocketMQClusters", "vpc:DescribeVpnConnections", "vpc:DescribeVpnGw", "tse:DescribeSREInstances", "cynosdb:DescribeInstances", "cos:GetService", "cdn:DescribeDomains", "tse:DescribeNacosReplicas", "tse:DescribeZookeeperReplicas", "vpc:DescribeDirectConnectGateways", "tat:RunCommand", "dts:DescribeSyncJobs", "dts:DescribeMigrateJobs", "dts:DescribeSubscribes", "vpc:DescribeCcns", "vpc:DescribeCcnRegionBandwidthLimits", "gaap:DescribeProxyInstances", "gaap:DescribeProxies", "gaap:DescribeListenerRealServers", "tat:DescribeInvocations", "tat:DescribeInvocationTasks", "gaap:DescribeTCPListeners", "gaap:DescribeUDPListeners", "gaap:DescribeHTTPSListeners", "gaap:DescribeHTTPListeners", "gaap:DescribeNoneBgpIpList", "gaap:DescribeProxyGroupList", "cdwch:DescribeInstances", "cdwch:DescribeInstanceMonitorPort", "waf:DescribeDomains", "waf:DescribeInstances", "cfs:DescribeCfsSnapshots", "cfs:DescribeCfsFileSystems", "ckafka:DescribeInstancesDetail", "emr:DescribeInstancesList", "emr:DescribeClusterMonitorInfo", "vpc:DescribeBandwidthPackages", "ckafka:DescribeConsumerGroup", "ckafka:DescribeTopic", "trocket:DescribeInstanceList", "trocket:DescribeTopicList", "tdmq:DescribeRocketMQClusters", "tdmq:DescribeRocketMQTopics", "tdmq:DescribeRocketMQNamespaces", "tdmq:DescribeRocketMQGroups", "vod:DescribeSubAppIds", "vod:DescribeDomains", "vod:DescribeCdnBillingAreas", "scf:ListNamespaces", "scf:ListFunctions", "scf:ListVersionByFunction", "scf:ListAliases", "cdn:DescribeMonitorDomains", "emr:DescribeClusterNodes", "clb:DescribeExclusiveClusters", "apigw:DescribeServicesStatus", "apigw:DescribeServiceEnvironmentList", "apigw:DescribeApisStatus", "cls:DescribeTopics", "cdb:DescribeCdbProxyInfo", "vpc:DescribeNetDetects", "tcaplusdb:DescribeTables", "tcaplusdb:DescribeClusters", "clb:DescribeListeners", "clb:DescribeTargets", "tione:DescribeModelServices", "tione:DescribeBillingResourceGroups", "tione:DescribeNotebooks", "tione:DescribeTrainingTasks", "ctsdb:DescribeClusters", "ctsdb:DescribeAccessPool", "ctsdb:DescribeAccounts", "ctsdb:DescribeDatabases", "trocket:DescribeConsumerGroupList", "tione:DescribeTrainingTaskPods", "tione:DescribeModelServiceGroups", "lighthouse:DescribeInstances", "lighthouse:DescribeDisks", "vpc:DescribeIp6Addresses", "tse:DescribeCloudNativeAPIGateways", "tse:DescribeCloudNativeAPIGatewayNodes", "teo:DescribeZones", "teo:DescribeHostsSetting", "tag:GetResources", "tdmq:DescribeRabbitMQVipInstances" ], "resource": "*" } ] }
CM_QCSLinkedRoleInQueryInstance
使用场景: 当前角色为云监控(CM)服务相关角色,该角色用于授权云监控访问您的云产品资源。
权限策略
- 策略名称: QcloudAccessForCMLinkedRoleInQueryInstance
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "resource": [ "*" ], "action": [ "cvm:DescribeInstances" ] } ] }