SSL Certificate Service

Product	Role Name	Role Types	Role Entity
SSL Certification	SSL_QCSLinkedRoleInCertificateWaf	Service-Related Roles	certificatewaf.ssl.cloud.tencent.com
SSL Certification	SSL_QCSLinkedRoleInCertificateDependence	Service-Related Roles	certificatedependence.ssl.cloud.tencent.com
SSL Certification	SSL_QCSLinkedRoleInReplaceLoadCertificate	Service-Related Roles	replaceloadcertificate.ssl.cloud.tencent.com
SSL Certification	SSL_QCSLinkedRoleInCertificateCloudMonitor	Service-Related Roles	certificatecloudmonitor.ssl.cloud.tencent.com
SSL Certification	SSL_QCSLinkedRoleInDescribeDeployedResources	Service-Related Roles	describedeployedresources.ssl.cloud.tencent.com

SSL_QCSLinkedRoleInCertificateWaf

Use Cases： The current role is the SSL service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

Policy Name： QcloudAccessForSSLLinkedRoleInCertificateWaf
Policy Information：

{
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "action": [
                "waf:DescribeSpartaProtectionList",
                "waf:DescribeSpartaProtectionInfo",
                "waf:DescribeUserInstances",
                "waf:DescribeUserQPS",
                "waf:DescribePeakPoints",
                "waf:AddSpartaProtection",
                "waf:DeleteSpartaProtection",
                "waf:ModifySpartaProtection",
                "waf:ModifyProtectionStatus",
                "waf:DescribeDomains"
            ],
            "resource": [
                "*"
            ]
        }
    ]
}

SSL_QCSLinkedRoleInCertificateDependence

Policy Name： QcloudAccessForSSLLinkedRoleInCertificateDependence
Policy Information：

{
    "statement": [
        {
            "action": [
                "dnspod:CreateRecord",
                "dnspod:DescribeDomain",
                "dnspod:CreateDomain",
                "dnspod:DescribeRecordList",
                "dnspod:DeleteRecord",
                "dnspod:DescribeDomain",
                "dnspod:ModifyRecordStatus"
            ],
            "effect": "allow",
            "resource": "*"
        }
    ],
    "version": "2.0"
}

SSL_QCSLinkedRoleInReplaceLoadCertificate

Policy Name： QcloudAccessForSSLLinkedRoleInReplaceLoadCertificate
Policy Information：

{
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "action": [
                "clb:ReplaceCertForLoadBalancers",
                "waf:DescribeCertificatedDomain",
                "waf:ModifyCertificatedDomain",
                "live:DescribeLiveDomainsByCerts",
                "live:ModifyLiveDomainCertBindings",
                "antiddos:DescribeL7RulesBySSLCertId",
                "antiddos:CreateL7RuleCerts",
                "clb:DescribeLoadBalancerListByCertId",
                "clb:DescribeLoadBalancers",
                "clb:DescribeListeners",
                "clb:ModifyListener",
                "clb:ModifyDomainAttributes",
                "clb:DescribeTaskStatus",
                "cos:GetBucketDomain",
                "cos:GetBucketDomainCertificate",
                "cos:GetService",
                "cos:PutBucketDomainCertificate",
                "tke:DescribeClusters",
                "tke:AcquireClusterAdminRole",
                "tke:AcquireEKSClusterAdminRole",
                "lighthouse:DescribeSupportHttpsInstances",
                "lighthouse:InstallCertificate",
                "lighthouse:DescribeInstallCertificateTasks",
                "vod:DescribeVodDomainsByCertIds",
                "vod:ModifyVodDomainCertBindings",
                "vod:UpdateCertForVodDomains",
                "clb:DescribeLoadBalancerCount",
                "teo:ModifyHostsCertificateByHosts",
                "teo:DescribeHostsByCertID",
                "tcb:DescribeEnvs",
                "tcb:DescribeCloudBaseGWService",
                "tcb:DescribeHostingDomain",
                "tcb:BindCloudBaseAccessDomain",
                "tcb:CreateHostingDomain",
                "tcb:ModifyCloudBaseAccessDomain",
                "tcb:ModifyHostingDomain",
                "tse:ModifyCloudNativeAPIGatewayCertificate",
                "tse:DescribeCloudNativeAPIGatewayCertificates",
                "tse:DescribeCloudNativeAPIGateways",
                "cdn:DescribeCdnDomainsByCerts",
                "cdn:UpdateDomainHttps",
                "tcm:DescribeMeshList",
                "tcm:DescribeIstioGatewayList",
                "tcm:ModifyGatewayCert"
            ],
            "resource": [
                "*"
            ]
        }
    ]
}

SSL_QCSLinkedRoleInCertificateCloudMonitor

Policy Name： QcloudAccessForSSLLinkedRoleInCertificateCloudMonitor
Policy Information：

{
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "resource": [
                "*"
            ],
            "action": [
                "monitor:CreateAlarmPolicy",
                "monitor:DeleteAlarmPolicy",
                "monitor:DescribeAlarmPolicies",
                "monitor:ModifyAlarmPolicyStatus",
                "monitor:BindingPolicyObject",
                "monitor:UnBindingPolicyObject",
                "monitor:ModifyAlarmPolicyNotice",
                "monitor:CreateAlarmNotice",
                "monitor:DeleteAlarmNotices",
                "monitor:ModifyAlarmNotice",
                "monitor:DescribeAlarmNotices",
                "monitor:UnBindingAllPolicyObject"
            ]
        }
    ]
}

SSL_QCSLinkedRoleInDescribeDeployedResources

Policy Name： QcloudAccessForSSLLinkedRoleInDescribeDeployedResources
Policy Information：

{
    "version": "2.0",
    "statement": [
        {
            "effect": "allow",
            "action": [
                "clb:ReplaceCertForLoadBalancers",
                "waf:DescribeCertificatedDomain",
                "waf:ModifyCertificatedDomain",
                "live:DescribeLiveDomainsByCerts",
                "live:ModifyLiveDomainCertBindings",
                "antiddos:DescribeL7RulesBySSLCertId",
                "antiddos:CreateL7RuleCerts",
                "clb:DescribeLoadBalancerListByCertId",
                "cdn:UpdateDomainsCertificate",
                "teo:DescribeHostsByCertID",
                "teo:ModifyHostsCertificateByHosts"
            ],
            "resource": [
                "*"
            ]
        }
    ]
}

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

tencent cloud

Sign Up

Log in

Compute

Microservice

Data Migration

Database SaaS Tool

Data Security

Application Security

Big Data

Image Creation

Internet of Things

Stream Services

Cloud Real-time Rendering

Cloud Resource Management

More

Edge Computing

Serverless

Relational Database

Networking

Business Security

Domains & Websites

Face Recognition

AI Platform Service

Middleware

Media On-Demand

Game Services

Management and Audit Tools

Container

Essential Storage Service

Enterprise Distributed DBMS

CDN and Acceleration

Security Services

Enterprise Applications

Voice Technology

Natural Language Processing

Communication

Media Process Services

Education Sevices

Developer Tools

Distributed cloud

Data Process and Analysis

NoSQL Database

Network Security

Cloud Security

Office Collaboration

Tencent Big Model

Optical Character Recognition

Interactive Video Services

Media SDK

Medical Services

Monitor and Operation

SSL_QCSLinkedRoleInCertificateWaf

SSL_QCSLinkedRoleInCertificateDependence

SSL_QCSLinkedRoleInReplaceLoadCertificate

SSL_QCSLinkedRoleInCertificateCloudMonitor

SSL_QCSLinkedRoleInDescribeDeployedResources