AliyunServiceRolePolicyForNasCpfsClient
AliyunServiceRolePolicyForNasCpfsClient 是專用于服務(wù)關(guān)聯(lián)角色的授權(quán)策略,會在創(chuàng)建服務(wù)關(guān)聯(lián)角色 AliyunServiceRoleForNasCpfsClient 時自動授權(quán),以允許服務(wù)關(guān)聯(lián)角色代您訪問其他云服務(wù)。本策略由對應(yīng)的阿里云服務(wù)按需更新,請勿將本策略授權(quán)給服務(wù)關(guān)聯(lián)角色之外的 RAM 身份使用。
策略詳情
類型:系統(tǒng)策略
創(chuàng)建時間:2024-03-15 09:53:27
更新時間:2024-03-15 09:53:27
當前版本:v1
策略內(nèi)容
{
"Version": "1",
"Statement": [
{
"Action": [
"vpc:DescribeVSwitchAttributes",
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:RunInstances",
"ecs:CreateInstance",
"ecs:DescribeInstances",
"ecs:CreateSecurityGroup",
"ecs:DescribeSecurityGroups",
"ecs:InstallCloudAssistant",
"ecs:DescribeInvocations"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"ecs:StartInstances",
"ecs:DeleteInstances",
"ecs:ModifyInstanceAttribute",
"ecs:RunCommand",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DeleteSecurityGroup",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:RevokeSecurityGroup",
"ecs:RevokeSecurityGroupEgress"
],
"Resource": "acs:ecs:*:*:*/*",
"Condition": {
"StringEqualsIgnoreCase": {
"ecs:tag/nas:cpfs": "true"
}
}
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "cpfs-client.nas.aliyuncs.com"
}
}
}
]
}