AliyunServiceRolePolicyForNasCpfsClient 是專用于服務關聯角色的授權策略，會在創建服務關聯角色 AliyunServiceRoleForNasCpfsClient 時自動授權，以允許服務關聯角色代您訪問其他云服務。本策略由對應的阿里云服務按需更新，請勿將本策略授權給服務關聯角色之外的 RAM 身份使用。

策略詳情

• 類型：系統策略

• 創建時間：2024-03-15 09:53:27

• 更新時間：2024-03-15 09:53:27

• 當前版本：v1

策略內容

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "vpc:DescribeVSwitchAttributes",
        "vpc:DescribeVpcs",
        "vpc:DescribeVSwitches"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "ecs:RunInstances",
        "ecs:CreateInstance",
        "ecs:DescribeInstances",
        "ecs:CreateSecurityGroup",
        "ecs:DescribeSecurityGroups",
        "ecs:InstallCloudAssistant",
        "ecs:DescribeInvocations"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ecs:StartInstances",
        "ecs:DeleteInstances",
        "ecs:ModifyInstanceAttribute",
        "ecs:RunCommand",
        "ecs:DescribeSecurityGroupAttribute",
        "ecs:DeleteSecurityGroup",
        "ecs:AuthorizeSecurityGroup",
        "ecs:AuthorizeSecurityGroupEgress",
        "ecs:RevokeSecurityGroup",
        "ecs:RevokeSecurityGroupEgress"
      ],
      "Resource": "acs:ecs:*:*:*/*",
      "Condition": {
        "StringEqualsIgnoreCase": {
          "ecs:tag/nas:cpfs": "true"
        }
      }
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "cpfs-client.nas.aliyuncs.com"
        }
      }
    }
  ]
}

相關文檔

• 權限策略基本元素

• 服務關聯角色