tencent cloud

Feedback

Cloud Object Storage

Last updated: 2024-11-26 10:00:24

    Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.

    Product Role Name Role Types Role Entity
    COS COS_QCSLinkedRoleInCOSAcc Service-Related Roles COSAcc.COS.cloud.tencent.com
    COS COS_QCSLinkedRoleInCLSAccess Service-Related Roles cosoclsr.cos.cloud.tencent.com
    COS COS_QCSLinkedRoleInLighthouseMounting Service-Related Roles lhmounting.cos.cloud.tencent.com

    COS_QCSLinkedRoleInCOSAcc

    Use Cases: The current role is the COS service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForCOSLinkedRoleInCOSAcc
    • Policy Information:
    {
        "statement": [
            {
                "action": [
                    "cos:*"
                ],
                "effect": "allow",
                "resource": "*"
            }
        ],
        "version": "2.0"
    }
    

    COS_QCSLinkedRoleInCLSAccess

    Use Cases: Object Storage Service (COS) operation permissions include but are not limited to the following permissions: Add, delete, and modify log service (CLS) log sets, log topics, logs, add, delete, and modify machine groups, add, delete, and modify indexes, and delivery logs, etc.
    Authorization Polices

    • Policy Name: QcloudAccessForCOSLinkedRoleInCosoclsr
    • Policy Information:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "action": [
                    "cls:CreateIndex",
                    "cls:ModifyIndex",
                    "cls:DescribeIndex",
                    "cls:CreateTopic",
                    "cls:ModifyTopic",
                    "cls:DeleteTopic",
                    "cls:DescribeTopics",
                    "cls:ModifyLogset",
                    "cls:DeleteLogset",
                    "cls:CreateLogset",
                    "cls:DescribeLogsets",
                    "tag:DescribeResourceTagsByResourceIds",
                    "tag:DescribeTagKeys",
                    "tag:DescribeTagValues",
                    "tag:DescribeResourceTags",
                    "tag:TagResources",
                    "tag:DescribeTags"
                ],
                "resource": "*"
            }
        ]
    }
    

    COS_QCSLinkedRoleInLighthouseMounting

    Use Cases: The current role is the COS service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForCOSLinkedRoleInLighthouseMounting
    • Policy Information:
    {
        "statement": [
            {
                "action": [
                    "tat:DescribeCommands",
                    "tat:RunCommand",
                    "tat:InvokeCommand",
                    "tat:DescribeInvocations",
                    "tat:DescribeInvocationTasks",
                    "tat:DescribeAutomationAgentStatus",
                    "tat:CancelInvocation",
                    "tat:DescribeInstancesFeatureStatus"
                ],
                "effect": "allow",
                "resource": "*"
            }
        ],
        "version": "2.0"
    }
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support