tencent cloud

PrevNext

フィードバック

キーワードで検索してください

Recent Pages

ドキュメント
Cloud Access Management
    ドキュメント

    SSL Certificate Service

    最終更新日:2024-05-02 09:11:46

      Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.

      Product Role Name Role Types Role Entity
      SSL Certification SSL_QCSLinkedRoleInCertificateWaf Service-Related Roles certificatewaf.ssl.cloud.tencent.com
      SSL Certification SSL_QCSLinkedRoleInCertificateDependence Service-Related Roles certificatedependence.ssl.cloud.tencent.com
      SSL Certification SSL_QCSLinkedRoleInReplaceLoadCertificate Service-Related Roles replaceloadcertificate.ssl.cloud.tencent.com
      SSL Certification SSL_QCSLinkedRoleInCertificateCloudMonitor Service-Related Roles certificatecloudmonitor.ssl.cloud.tencent.com
      SSL Certification SSL_QCSLinkedRoleInDescribeDeployedResources Service-Related Roles describedeployedresources.ssl.cloud.tencent.com

      SSL_QCSLinkedRoleInCertificateWaf

      Use Cases: The current role is the SSL service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
      Authorization Polices

      • Policy Name: QcloudAccessForSSLLinkedRoleInCertificateWaf
      • Policy Information:
      {
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "action": [
                "waf:DescribeSpartaProtectionList",
                "waf:DescribeSpartaProtectionInfo",
                "waf:DescribeUserInstances",
                "waf:DescribeUserQPS",
                "waf:DescribePeakPoints",
                "waf:AddSpartaProtection",
                "waf:DeleteSpartaProtection",
                "waf:ModifySpartaProtection",
                "waf:ModifyProtectionStatus",
                "waf:DescribeDomains"
            ],
            "resource": [
                "*"
            ]
        }
    ]
}

      SSL_QCSLinkedRoleInCertificateDependence

      Use Cases: The current role is the SSL service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
      Authorization Polices

      • Policy Name: QcloudAccessForSSLLinkedRoleInCertificateDependence
      • Policy Information:
      {
    "statement": [
        {
            "action": [
                "dnspod:CreateRecord",
                "dnspod:DescribeDomain",
                "dnspod:CreateDomain",
                "dnspod:DescribeRecordList",
                "dnspod:DeleteRecord",
                "dnspod:DescribeDomain",
                "dnspod:ModifyRecordStatus"
            ],
            "effect": "allow",
            "resource": "*"
        }
    ],
    "version": "2.0"
}

      SSL_QCSLinkedRoleInReplaceLoadCertificate

      Use Cases: The current role is the SSL service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
      Authorization Polices

      • Policy Name: QcloudAccessForSSLLinkedRoleInReplaceLoadCertificate
      • Policy Information:
      {
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "action": [
                "clb:ReplaceCertForLoadBalancers",
                "waf:DescribeCertificatedDomain",
                "waf:ModifyCertificatedDomain",
                "live:DescribeLiveDomainsByCerts",
                "live:ModifyLiveDomainCertBindings",
                "antiddos:DescribeL7RulesBySSLCertId",
                "antiddos:CreateL7RuleCerts",
                "clb:DescribeLoadBalancerListByCertId",
                "clb:DescribeLoadBalancers",
                "clb:DescribeListeners",
                "clb:ModifyListener",
                "clb:ModifyDomainAttributes",
                "clb:DescribeTaskStatus",
                "cos:GetBucketDomain",
                "cos:GetBucketDomainCertificate",
                "cos:GetService",
                "cos:PutBucketDomainCertificate",
                "tke:DescribeClusters",
                "tke:AcquireClusterAdminRole",
                "tke:AcquireEKSClusterAdminRole",
                "lighthouse:DescribeSupportHttpsInstances",
                "lighthouse:InstallCertificate",
                "lighthouse:DescribeInstallCertificateTasks",
                "vod:DescribeVodDomainsByCertIds",
                "vod:ModifyVodDomainCertBindings",
                "vod:UpdateCertForVodDomains",
                "clb:DescribeLoadBalancerCount",
                "teo:ModifyHostsCertificateByHosts",
                "teo:DescribeHostsByCertID",
                "tcb:DescribeEnvs",
                "tcb:DescribeCloudBaseGWService",
                "tcb:DescribeHostingDomain",
                "tcb:BindCloudBaseAccessDomain",
                "tcb:CreateHostingDomain",
                "tcb:ModifyCloudBaseAccessDomain",
                "tcb:ModifyHostingDomain",
                "tse:ModifyCloudNativeAPIGatewayCertificate",
                "tse:DescribeCloudNativeAPIGatewayCertificates",
                "tse:DescribeCloudNativeAPIGateways",
                "cdn:DescribeCdnDomainsByCerts",
                "cdn:UpdateDomainHttps"
            ],
            "resource": [
                "*"
            ]
        }
    ]
}

      SSL_QCSLinkedRoleInCertificateCloudMonitor

      Use Cases: The current role is the SSL service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
      Authorization Polices

      • Policy Name: QcloudAccessForSSLLinkedRoleInCertificateCloudMonitor
      • Policy Information:
      {
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "resource": [
                "*"
            ],
            "action": [
                "monitor:CreateAlarmPolicy",
                "monitor:DeleteAlarmPolicy",
                "monitor:DescribeAlarmPolicies",
                "monitor:ModifyAlarmPolicyStatus",
                "monitor:BindingPolicyObject",
                "monitor:UnBindingPolicyObject",
                "monitor:ModifyAlarmPolicyNotice",
                "monitor:CreateAlarmNotice",
                "monitor:DeleteAlarmNotices",
                "monitor:ModifyAlarmNotice",
                "monitor:DescribeAlarmNotices",
                "monitor:UnBindingAllPolicyObject"
            ]
        }
    ]
}

      SSL_QCSLinkedRoleInDescribeDeployedResources

      Use Cases: The current role is the SSL service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
      Authorization Polices

      • Policy Name: QcloudAccessForSSLLinkedRoleInDescribeDeployedResources
      • Policy Information:
      {
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "action": [
                "clb:ReplaceCertForLoadBalancers",
                "waf:DescribeCertificatedDomain",
                "waf:ModifyCertificatedDomain",
                "live:DescribeLiveDomainsByCerts",
                "live:ModifyLiveDomainCertBindings",
                "antiddos:DescribeL7RulesBySSLCertId",
                "antiddos:CreateL7RuleCerts",
                "clb:DescribeLoadBalancerListByCertId",
                "cdn:UpdateDomainsCertificate",
                "teo:DescribeHostsByCertID",
                "teo:ModifyHostsCertificateByHosts"
            ],
            "resource": [
                "*"
            ]
        }
    ]
}
      お問い合わせ

      カスタマーサービスをご提供できるため、ぜひお気軽にお問い合わせくださいませ。

      お問い合わせ
      テクニカルサポート

      さらにサポートが必要な場合は、サポートチケットを送信して弊社サポートチームにお問い合わせください。24時間365日のサポートをご提供します。

      チケットを送信
      電話サポート(24 時間365日対応)
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      個人情報保護方針利用規約クッキーポリシー