| CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
|---|---|---|---|
| 配置审计 | Config_QCSLinkedRoleInConfigRecorder | 服务相关角色 | configrecorder.config.cloud.tencent.com |
使用场景: 当前角色为配置审计(Config)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"cvm:DescribeInstances",
"cvm:DescribeCbsStorages",
"cvm:DescribeSecurityGroups",
"cvm:DescribeSecurityGroupPolicys",
"cvm:AssociateSecurityGroups",
"cvm:DisassociateSecurityGroups",
"vpc:DescribeVpcEx",
"vpc:DescribeVpcInstances",
"vpc:DescribeSubnetEx",
"cam:ListUsers",
"cam:DescribeSafeAuthFlagColl",
"cam:ListAccessKeys",
"cam:ListGroupsForUser",
"cam:ListAttachedUserAllPolicies",
"cam:ListGroups",
"cam:ListUsersForGroup",
"cam:ListAttachedGroupPolicies",
"cam:DescribeRoleList",
"cam:ListAttachedRolePolicies",
"cam:ListPolicies",
"cam:ListEntitiesForPolicy",
"cam:GetRole",
"cam:GetUser",
"cam:GetPolicy",
"cam:GetGroup",
"cos:GetService",
"cos:GetBucket",
"cos:PutObject",
"cos:GetBucket",
"cos:GetBucketACL",
"cos:GetBucketVersioning",
"cos:GetBucketLogging",
"cos:GetBucketEncryption",
"cos:GetBucketTagging",
"cloudaudit:DescribeEvents",
"cls:pushLog",
"cls:DescribeTopics",
"organization:DescribeOrganizationMembers",
"organization:CreateOrgMemberProductServiceRole",
"organization:DescribeOrganization",
"scf:ListFunctions",
"scf:Invoke",
"cvm:DescribeSecurityGroupAssociateInstances",
"clb:DescribeLoadBalancers",
"clb:DescribeLoadBalancersDetail",
"cam:GetSecurityLastUsed",
"lighthouse:DescribeFirewallTemplates",
"lighthouse:DescribeInstances",
"lighthouse:DescribeBlueprints",
"lighthouse:DescribeDisks",
"lighthouse:DescribeDiskBackups",
"lighthouse:DescribeFirewallTemplateRules",
"lighthouse:DescribeSnapshots",
"lighthouse:DescribeKeyPairs",
"lighthouse:DescribeDomains",
"lighthouse:DescribeDNSRecords",
"lighthousedb:DescribeClusters",
"lighthousedb:DescribeClusterDetail",
"cdb:DescribeDBInstances",
"tke:DescribeClusters",
"tke:DescribeImageCaches",
"tke:DescribeReservedInstances",
"tke:DescribeImageRegistryCredentials",
"domain:DescribeDomainList",
"domain:DescribeDomainBaseInfo",
"domain:DescribeDomain",
"domain:BatchDescribeDomainDetail",
"dnspod:DescribeDomainFilterList",
"dnspod:DescribeDomain",
"ssl:DescribeCertificate",
"ssl:DescribeCertificates",
"ssl:DescribeCertificateDetail",
"ssl:DescribeCompanies",
"ssl:DescribeManagers",
"ssl:DescribeManagerDetail",
"ssl:DescribeCSRSet",
"ssl:DescribeCSR",
"cdn:ListCdnDomains",
"cdn:DescribeDomains",
"cdn:DescribeDomainsConfig",
"mongodb:DescribeDBInstances",
"mongodb:DescribeInstanceDB",
"domain:DescribeDomainNameList",
"clb:DescribeLoadBalancers",
"clb:DescribeLoadBalancersDetail",
"redis:DescribeInstances",
"ckafka:DescribeInstances",
"ckafka:DescribeInstanceDetail",
"ckafka:DescribeInstanceAttributes",
"vod:DescribeSubAppIds",
"cynosdb:DescribeInstances",
"cynosdb:DescribeInstanceDetail",
"vpc:DescribeAddresses",
"vpc:DescribeVpnGateways",
"vpc:DescribeVpnConnections",
"waf:DescribeInstances",
"as:DescribeLaunchConfigurations",
"as:DescribeAutoScalingGroups",
"cvm:DescribeAddresses",
"lighthouse:DescribeFirewallTemplates",
"lighthouse:DescribeInstances",
"lighthouse:DescribeBlueprints",
"lighthouse:DescribeDisks",
"lighthouse:DescribeDiskBackups",
"lighthouse:DescribeFirewallTemplateRules",
"lighthouse:DescribeSnapshots",
"lighthouse:DescribeKeyPairs",
"lighthouse:DescribeDomains",
"lighthouse:DescribeDNSRecords",
"es:DescribeInstances",
"tcr:DescribeInstances",
"cls:DescribeLogsets",
"cfs:DescribeCfsFileSystems",
"cdwch:DescribeInstances",
"cdwch:DescribeInstance",
"cvm:DescribeSnapshots",
"dts:DescribeSyncJobs",
"tcaplusdb:DescribeClusters",
"ssm:ListSecrets",
"ssm:DescribeSecret",
"scf:ListNamespaces",
"cvm:DescribeKeyPairs",
"cvm:DescribeInstancesStatus",
"cvm:DescribeAutoSnapshotPolicies",
"vpc:DescribeCcns",
"vpc:DescribeNetworkAcls",
"vpc:DescribeNatGateways",
"vpc:DescribeSecurityGroupPolicies",
"vpc:DescribeFlowLogs",
"vpc:DescribeVpcs",
"vpc:DescribeRouteTables",
"vpc:DescribeSubnets",
"vpc:DescribeCcnRegionBandwidthLimits",
"vpc:DescribeNatGatewayDestinationIpPortTranslationNatRules",
"tke:DescribeClusterEndpoints",
"tke:DescribeClusterInstances",
"tke:DescribePrometheusAgentInstances",
"tke:DescribeAvailableClusterVersion",
"tke:DescribeEKSContainerInstances",
"tke:DescribePrometheusOverviews",
"tke:DescribeAddon",
"kms:DescribeKeys",
"kms:GetKeyRotationStatus",
"scf:GetAsyncEventStatus",
"scf:GetFunction",
"scf:ListFunctions",
"cos:GetBucketPolicy",
"cos:GetBucketReferer",
"ckafka:DescribeTopicAttributes",
"ssa:DescribeVulList",
"clb:DescribeListeners",
"mongodb:DescribeDBBackups",
"redis:DescribeSSLStatus",
"cynosdb:DescribeSSLStatus",
"cynosdb:DescribeClusterTransparentEncryptInfo",
"cynosdb:DescribeBinlogSaveDays",
"cynosdb:DescribeBackupConfig",
"cynosdb:DescribeDBSecurityGroups",
"cynosdb:DescribeAuditInstanceList",
"cynosdb:DescribeMaintainPeriod",
"cynosdb:DescribeInstanceParams",
"cynosdb:DescribeClusters",
"cdb:DescribeDBSecurityGroups",
"cdb:DescribeAuditInstanceList",
"cdb:DescribeDBInstanceInfo",
"cdb:DescribeBackupConfig",
"cdb:DescribeTimeWindow",
"cdb:DescribeSSLStatus",
"cdb:DescribeInstanceParams",
"tcr:DescribeSecurityPolicies",
"tcr:DescribeExternalEndpointStatus",
"cfs:DescribeCfsRules",
"cfs:DescribeCfsSnapshots",
"cloudaudit:DescribeAuditTracks",
"ssm:DescribeRotationDetail",
"waf:DescribeDomains",
"waf:DescribeModuleStatus",
"waf:DescribeDomainRules",
"cdwch:DescribeBackUpJob",
"cdwch:DescribeInstancesNew",
"monitor:DescribePrometheusAgents",
"kms:ListKeyDetail",
"kms:ListKeys",
"kms:DescribeKey",
"cam:ListUserTags",
"vpc:DescribeVpcEndPoint",
"vpc:DescribeVpcEndPointService",
"vpc:DescribeSecurityGroupReferences",
"teo:DescribeZones",
"teo:DescribeZoneDetails",
"teo:DescribeL7AccRules",
"teo:DescribeL7AccSetting",
"dts:DescribeMigrationJobs",
"postgres:DescribeDBInstances",
"postgres:DescribeDBInstanceAttribute",
"tse:DescribeSREInstances",
"tse:DescribeCloudNativeAPIGateways",
"tse:DescribeCloudNativeAPIGateway",
"tse:DescribeCloudNativeAPIGatewayRoutes",
"sqlserver:DescribeDBInstances",
"tdmysql:DescribeDBInstances",
"tdmysql:DescribeDBInstanceDetail",
"tdmysql:DescribeBackupConfig",
"cynosdb:DescribeBinlogConfig",
"cynosdb:DescribeInstanceAuditConfig",
"cynosdb:DescribeBackupConfig",
"cam:GetPasswordRules",
"clb:DescribeTargets",
"mongodb:DescribeDBInstanceDeletionProtection",
"mongodb:DescribeAuditInstanceList",
"cwp:DescribeMachines",
"postgres:DescribeDBInstanceSSLConfig",
"postgres:DescribeLogBackups",
"sqlserver:DescribeDBInstancesAttribute",
"sqlserver:DescribeBackups",
"csip:DescribeAssetViewVulRiskList",
"csip:DescribeVULRiskAdvanceCFGList",
"cwp:DescribeMachinesSimple",
"tcss:DescribeUserCluster",
"tcss:DescribeAssetHostList",
"teo:DescribeAccelerationDomains",
"redis:DescribeLogInstanceList",
"cynosdb:DescribeClusterDetail"
],
"resource": [
"*"
]
}
]
}
文档反馈