访问管理
有奖捉虫:办公协同&微信生态&物联网文档专题 HOT
文档中心 > 访问管理 > 支持角色的业务 > 开发与运维 > 开发者工具 > 云应用

云应用

最近更新时间:2024-05-02 09:11:33

我的收藏

本页目录:

服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。

CAM中产品名 角色名称 角色类型 角色载体
云应用 CLOUDAPP_QCSLinkedRoleInDeployResource 服务相关角色 deployresource.cloudapp.cloud.tencent.com

CLOUDAPP_QCSLinkedRoleInDeployResource

使用场景: 当前角色为云应用(Cloudapp)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源
权限策略

  • 策略名称: QcloudAccessForCLOUDAPPRoleInDeployResource
  • 策略内容:
    {
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "resource": "*",
            "action": [
                "vpc:CreateVpc",
                "vpc:CreateAssistantCidr",
                "vpc:DeleteVpc",
                "vpc:DescribeVpcEx",
                "vpc:CreateSubnet",
                "vpc:DescribeSubnetEx",
                "vpc:ModifySubnetAttribute",
                "vpc:ReplaceRouteTableAssociation",
                "vpc:DeleteSubnet",
                "cdb:CreateDBInstanceHour",
                "cdb:IsolateDBInstance",
                "cdb:OfflineIsolatedInstances",
                "cdb:DescribeDBInstances",
                "cos:PutBucket",
                "cos:PutBucketACL",
                "cos:GetBucket",
                "cos:GetBucketACL",
                "cos:DeleteBucket",
                "cos:HeadBucket",
                "cos:PutBucketCORS",
                "cos:GetBucketCORS",
                "cos:GetBucketWebsite",
                "cvm:DescribeInstances",
                "cvm:DescribeInstancesStatus",
                "cvm:DescribeInstances",
                "cvm:TerminateInstances",
                "cvm:RunInstances",
                "cvm:TerminateDisks",
                "cvm:DescribeCbsStorages",
                "cvm:CreateCbsStorages",
                "cvm:AttachDisks",
                "cvm:DetachCbsStorages",
                "cvm:CreateSecurityGroup",
                "cvm:DescribeSecurityGroups",
                "cvm:DescribeSecurityGroupAssociateInstances",
                "cvm:DeleteSecurityGroup",
                "cvm:DescribeImages",
                "tke:DescribeClusterReleases",
                "tke:DescribeClusterPendingReleases",
                "tke:CreateClusterRelease",
                "tke:UpgradeClusterRelease",
                "tke:UninstallClusterRelease",
                "tke:CreateCluster",
                "tke:DescribeClusters",
                "tke:DescribeClusterReleaseDetails",
                "apigw:CreateService",
                "apigw:UnReleaseService",
                "apigw:DeleteService",
                "apigw:DescribeService",
                "apigw:DescribeApi",
                "apigw:CreateApiApp",
                "apigw:UnReleaseService",
                "apigw:DeleteApiApp",
                "apigw:ReleaseService",
                "apigw:BindApiApp",
                "apigw:CreateApi",
                "apigw:UnbindApiApp",
                "apigw:DeleteApi",
                "clb:DescribeLoadBalancersDetail",
                "clb:CreateLoadBalancer",
                "clb:ModifyLoadBalancerAttributes",
                "clb:DeleteLoadBalancer",
                "clb:SetLoadBalancerSecurityGroups",
                "clb:DescribeTaskStatus",
                "clb:DescribeListeners",
                "clb:DeleteRule",
                "clb:CreateRule",
                "clb:DescribeTargets",
                "clb:DeregisterTargets",
                "clb:DescribeRewrite",
                "clb:DeleteRewrite",
                "clb:CreateTopic",
                "clb:ModifyTargetGroupAttribute",
                "clb:RegisterTargetGroupInstances",
                "clb:DeregisterTargetGroupInstances",
                "clb:DeleteTargetGroups",
                "clb:DescribeTargetGroups",
                "clb:DescribeTargetGroupInstances",
                "clb:AssociateTargetGroups",
                "clb:DisassociateTargetGroups",
                "clb:ModifyTargetGroupInstancesWeight",
                "clb:DescribeLoadBalancers",
                "redis:CreateInstances",
                "redis:DescribeInstances",
                "redis:ModifyInstance",
                "redis:DescribeInstanceSecurityGroup",
                "redis:DestroyPostpaidInstance",
                "cvm:CreateSecurityGroupPolicy",
                "tke:DeleteCluster",
                "tag:TagResources",
                "tag:UnTagResources",
                "cam:PassRole",
                "cdb:CreateDBInstance",
                "tke:DescribeClusterInstances",
                "redis:CleanUpInstance",
                "redis:DestroyPrepaidInstance",
                "es:CreateInstance",
                "es:DeleteInstance",
                "es:DescribeInstances",
                "postgres:CreateInstances",
                "postgres:IsolateDBInstances",
                "postgres:DestroyDBInstance",
                "postgres:DescribeDBInstanceAttribute",
                "cetcd:CreateEtcdInstance",
                "cetcd:DeleteEtcdInstance",
                "cetcd:DescribeEtcdInstances",
                "tke:DeleteClusterInstances",
                "tke:AddExistedInstances",
                "tke:CreateClusterInstances",
                "privatedns:DescribePrivateZoneService",
                "privatedns:SubscribePrivateZoneService",
                "privatedns:CreatePrivateZone",
                "privatedns:DeletePrivateZone",
                "privatedns:CreatePrivateZoneRecord",
                "privatedns:DeletePrivateZoneRecord",
                "privatedns:DescribePrivateZoneList",
                "privatedns:DescribePrivateZoneRecordList",
                "privatedns:ModifyPrivateZoneVpc",
                "redis:DestroyPostpaidInstance",
                "clb:CreateListener",
                "clb:DeleteListener",
                "mongodb:CreateDBInstanceHour",
                "mongodb:CreateDBInstance",
                "mongodb:DescribeDBInstances",
                "mongodb:IsolateDBInstance",
                "mongodb:OfflineIsolatedDBInstance",
                "sqlserver:CreateBasicDBInstances",
                "sqlserver:CreateDBInstances",
                "sqlserver:DescribeDBInstances",
                "sqlserver:CreateReadOnlyDBInstances",
                "sqlserver:DescribeOrders",
                "sqlserver:DescribeReadOnlyGroupByReadOnlyInstance",
                "sqlserver:TerminateDBInstance",
                "sqlserver:DeleteDBInstance"
            ]
        },
        {
            "effect": "allow",
            "action": "finance:trade",
            "resource": [
                "qcs::cvm:::*",
                "qcs::postgres:::*",
                "qcs::redis:::*",
                "qcs::es:::*",
                "qcs::cdb:::*",
                "qcs::mongodb:::*",
                "qcs::sqlserver:::*"
            ]
        }
    ]
}
中国站