服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
---|---|---|---|
云应用 | CLOUDAPP_QCSLinkedRoleInDeployResource | 服务相关角色 | deployresource.cloudapp.cloud.tencent.com |
CLOUDAPP_QCSLinkedRoleInDeployResource
使用场景: 当前角色为云应用(Cloudapp)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源
权限策略
- 策略名称: QcloudAccessForCLOUDAPPRoleInDeployResource
- 策略内容:
{ "version": "2.0", "statement": [ { "effect": "allow", "resource": "*", "action": [ "vpc:CreateVpc", "vpc:CreateAssistantCidr", "vpc:DeleteVpc", "vpc:DescribeVpcEx", "vpc:CreateSubnet", "vpc:DescribeSubnetEx", "vpc:ModifySubnetAttribute", "vpc:ReplaceRouteTableAssociation", "vpc:DeleteSubnet", "cdb:CreateDBInstanceHour", "cdb:IsolateDBInstance", "cdb:OfflineIsolatedInstances", "cdb:DescribeDBInstances", "cos:PutBucket", "cos:PutBucketACL", "cos:GetBucket", "cos:GetBucketACL", "cos:DeleteBucket", "cos:HeadBucket", "cos:PutBucketCORS", "cos:GetBucketCORS", "cos:GetBucketWebsite", "cvm:DescribeInstances", "cvm:DescribeInstancesStatus", "cvm:DescribeInstances", "cvm:TerminateInstances", "cvm:RunInstances", "cvm:TerminateDisks", "cvm:DescribeCbsStorages", "cvm:CreateCbsStorages", "cvm:AttachDisks", "cvm:DetachCbsStorages", "cvm:CreateSecurityGroup", "cvm:DescribeSecurityGroups", "cvm:DescribeSecurityGroupAssociateInstances", "cvm:DeleteSecurityGroup", "cvm:DescribeImages", "tke:DescribeClusterReleases", "tke:DescribeClusterPendingReleases", "tke:CreateClusterRelease", "tke:UpgradeClusterRelease", "tke:UninstallClusterRelease", "tke:CreateCluster", "tke:DescribeClusters", "tke:DescribeClusterReleaseDetails", "apigw:CreateService", "apigw:UnReleaseService", "apigw:DeleteService", "apigw:DescribeService", "apigw:DescribeApi", "apigw:CreateApiApp", "apigw:UnReleaseService", "apigw:DeleteApiApp", "apigw:ReleaseService", "apigw:BindApiApp", "apigw:CreateApi", "apigw:UnbindApiApp", "apigw:DeleteApi", "clb:DescribeLoadBalancersDetail", "clb:CreateLoadBalancer", "clb:ModifyLoadBalancerAttributes", "clb:DeleteLoadBalancer", "clb:SetLoadBalancerSecurityGroups", "clb:DescribeTaskStatus", "clb:DescribeListeners", "clb:DeleteRule", "clb:CreateRule", "clb:DescribeTargets", "clb:DeregisterTargets", "clb:DescribeRewrite", "clb:DeleteRewrite", "clb:CreateTopic", "clb:ModifyTargetGroupAttribute", "clb:RegisterTargetGroupInstances", "clb:DeregisterTargetGroupInstances", "clb:DeleteTargetGroups", "clb:DescribeTargetGroups", "clb:DescribeTargetGroupInstances", "clb:AssociateTargetGroups", "clb:DisassociateTargetGroups", "clb:ModifyTargetGroupInstancesWeight", "clb:DescribeLoadBalancers", "redis:CreateInstances", "redis:DescribeInstances", "redis:ModifyInstance", "redis:DescribeInstanceSecurityGroup", "redis:DestroyPostpaidInstance", "cvm:CreateSecurityGroupPolicy", "tke:DeleteCluster", "tag:TagResources", "tag:UnTagResources", "cam:PassRole", "cdb:CreateDBInstance", "tke:DescribeClusterInstances", "redis:CleanUpInstance", "redis:DestroyPrepaidInstance", "es:CreateInstance", "es:DeleteInstance", "es:DescribeInstances", "postgres:CreateInstances", "postgres:IsolateDBInstances", "postgres:DestroyDBInstance", "postgres:DescribeDBInstanceAttribute", "cetcd:CreateEtcdInstance", "cetcd:DeleteEtcdInstance", "cetcd:DescribeEtcdInstances", "tke:DeleteClusterInstances", "tke:AddExistedInstances", "tke:CreateClusterInstances", "privatedns:DescribePrivateZoneService", "privatedns:SubscribePrivateZoneService", "privatedns:CreatePrivateZone", "privatedns:DeletePrivateZone", "privatedns:CreatePrivateZoneRecord", "privatedns:DeletePrivateZoneRecord", "privatedns:DescribePrivateZoneList", "privatedns:DescribePrivateZoneRecordList", "privatedns:ModifyPrivateZoneVpc", "redis:DestroyPostpaidInstance", "clb:CreateListener", "clb:DeleteListener", "mongodb:CreateDBInstanceHour", "mongodb:CreateDBInstance", "mongodb:DescribeDBInstances", "mongodb:IsolateDBInstance", "mongodb:OfflineIsolatedDBInstance", "sqlserver:CreateBasicDBInstances", "sqlserver:CreateDBInstances", "sqlserver:DescribeDBInstances", "sqlserver:CreateReadOnlyDBInstances", "sqlserver:DescribeOrders", "sqlserver:DescribeReadOnlyGroupByReadOnlyInstance", "sqlserver:TerminateDBInstance", "sqlserver:DeleteDBInstance" ] }, { "effect": "allow", "action": "finance:trade", "resource": [ "qcs::cvm:::*", "qcs::postgres:::*", "qcs::redis:::*", "qcs::es:::*", "qcs::cdb:::*", "qcs::mongodb:::*", "qcs::sqlserver:::*" ] } ] }