AliyunCSManagedCsiProvisionerRolePolicy 是專用于服務角色的授權策略,通常會在創建對應的服務角色時同步完成授權,以允許服務角色代您訪問其他云服務。本策略由對應的阿里云服務按需更新,請勿將本策略授權給服務角色之外的 RAM 身份使用。
策略詳情
類型:系統策略
創建時間:2024-06-04 16:25:39
更新時間:2024-06-04 16:25:39
當前版本:v1
策略內容
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:AttachDisk",
"ecs:DetachDisk",
"ecs:DescribeDisks",
"ecs:CreateDisk",
"ecs:ResizeDisk",
"ecs:CreateSnapshot",
"ecs:DeleteSnapshot",
"ecs:AddTags",
"ecs:RemoveTags",
"ecs:DescribeTags",
"ecs:DescribeSnapshots",
"ecs:ListTagResources",
"ecs:TagResources",
"ecs:UntagResources",
"ecs:ModifyDiskSpec",
"ecs:CreateSnapshot",
"ecs:DescribeSnapshotGroups",
"ecs:CreateSnapshotGroup",
"ecs:DeleteSnapshotGroup",
"ecs:DeleteDisk",
"ecs:DescribeInstanceAttribute",
"ecs:DescribeInstanceHistoryEvents",
"ecs:DescribeTaskAttribute",
"ecs:DescribeInstances"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"nas:DescribeFileSystems",
"nas:DescribeMountTargets",
"nas:AddTags",
"nas:DescribeTags",
"nas:RemoveTags",
"nas:CreateFileSystem",
"nas:DeleteFileSystem",
"nas:ModifyFileSystem",
"nas:CreateMountTarget",
"nas:DeleteMountTarget",
"nas:ModifyMountTarget",
"nas:TagResources",
"nas:SetDirQuota",
"nas:EnableRecycleBin",
"nas:GetRecycleBinAttribute",
"nas:DescribeProtocolMountTarget",
"nas:CancelDirQuota",
"nas:DescribeDirQuotas",
"nas:CreateDir",
"nas:GetRecycleBinAttribute",
"nas:DescribeAccessPoint",
"nas:CreateAccessPoint",
"nas:DescribeAccessPoints"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"cs:CreateResourcesSystemTags",
"cs:DescribeTemplateAttribute",
"cs:DescribeTemplates"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"ens:DescribeInstances",
"ens:DescribeDisks",
"ens:ModifyDiskAttribute",
"ens:CreateDisk",
"ens:DetachDisk",
"ens:AttachDisk",
"ens:DeleteDisk"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"oss:PutObject",
"oss:IsObjectExist",
"oss:ListObjects",
"oss:GetObject",
"oss:DeleteObject",
"oss:GetBucket"
],
"Resource": "acs:oss:*:*:cnfs-oss*"
}
]
}相關文檔
文檔內容是否對您有幫助?