tencent cloud

Feedback

Tencent Cloud Elastic Microservice

Last updated: 2024-11-26 10:00:49

    Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.

    Product Role Name Role Types Role Entity
    Tencent Cloud Elastic Microservice TEM_QCSLinkedRoleInTEMAPI Service-Related Roles temapi.tem.cloud.tencent.com
    Tencent Cloud Elastic Microservice TEM_QCSLinkedRoleInTEMLog Service-Related Roles cvm.qcloud.com
    temlog.tem.cloud.tencent.com
    Tencent Cloud Elastic Microservice TEM_QCSLinkedRoleInAccessCluster Service-Related Roles accesscluster.tem.cloud.tencent.com
    Tencent Cloud Elastic Microservice TEM_QCSLinkedRoleInAccessResourceService Service-Related Roles accessresourceservice.tem.cloud.tencent.com

    TEM_QCSLinkedRoleInTEMAPI

    Use Cases: The current role is the TEM service role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForTEMLinkedRoleInTEMApi
    • Policy Information:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "resource": [
                    "*"
                ],
                "action": [
                    "apm:CreatePAASInstance",
                    "apm:DescribeApmAgent",
                    "apm:DescribeTopology",
                    "apm:DeletePAASInstance",
                    "apm:DescribePAASTopology",
                    "tcb:CreateCloudBaseRunServerVersionWithMicroService"
                ]
            }
        ]
    }
    

    TEM_QCSLinkedRoleInTEMLog

    Use Cases: The current role is the TEM service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForTEMLinkedRoleInTEMLog
    • Policy Information:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "resource": [
                    "*"
                ],
                "action": [
                    "cls:listTopic",
                    "cls:getTopic",
                    "cls:createTopic",
                    "cls:modifyTopic",
                    "cls:listMachineGroup",
                    "cls:getMachineGroup",
                    "cls:createMachineGroup",
                    "cls:modifyMachineGroup",
                    "cls:deleteMachineGroup",
                    "cls:getMachineStatus",
                    "cls:pushLog",
                    "cls:agentHeartBeat",
                    "cls:getConfig"
                ]
            }
        ]
    }
    

    TEM_QCSLinkedRoleInAccessCluster

    Use Cases: The current role is the TEM service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForTEMLinkedRoleInAccessCluster
    • Policy Information:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "action": [
                    "tse:DescribeSREInstances",
                    "tse:DescribeSREInstanceAccessAddress",
                    "tse:DescribeSREGlobalConfigs",
                    "tke:DescribeClusters",
                    "tcr:CreateNamespacePersonal",
                    "tcr:DeleteNamespacePersonal",
                    "tcr:DescribeRepositoryOwnerPersonal",
                    "tcr:DeleteRepositoryPersonal",
                    "tcr:DeleteImagePersonal",
                    "tcr:CreateRepositoryPersonal",
                    "tcr:BatchDeleteRepositoryPersonal",
                    "tcr:BatchDeleteImagePersonal",
                    "tcr:CreateInstanceToken",
                    "tcr:DescribeInstanceToken",
                    "tcr:DeleteInstanceToken",
                    "tcr:DescribeRepositories",
                    "tcr:PullRepository",
                    "tcr:PullRepositoryPersonal",
                    "cls:searchLog",
                    "cls:getTopic",
                    "cls:getIndex",
                    "cls:CreateIndex",
                    "cls:modifyIndex",
                    "cls:DeleteIndex",
                    "cfs:DescribeCfsFileSystems",
                    "cfs:DescribeMountTargets",
                    "vpc:DescribeSubnetEx",
                    "vpc:DescribeSubnet",
                    "apm:CreateApmInstance",
                    "apm:ModifyApmInstance",
                    "apm:TerminateApmInstance",
                    "apm:CreatePAASInstance",
                    "apm:DeletePAASInstance",
                    "apm:DescribeApmAgent",
                    "apm:DescribeTopologyMetricLineData",
                    "apm:DescribeMetricLineData",
                    "apm:DescribeServiceOverview",
                    "apm:DescribeMetricRecords",
                    "cam:GetRole",
                    "tcr:DescribeInternalEndpoints",
                    "tcr:DescribeInternalEndpointDnsStatus",
                    "tcr:CreateInternalEndpointDns",
                    "tcr:DuplicateImagePersonal",
                    "tcr:DescribeInstances",
                    "tcr:CreateInstance",
                    "tcr:DescribeNamespaces",
                    "tcr:CreateNamespace",
                    "tcr:CreateRepository",
                    "tcr:DescribeRepositories",
                    "tcr:ManageInternalEndpoint",
                    "tcr:PushRepository",
                    "tcr:PushRepositoryPersonal",
                    "monitor:DescribePrometheusInstances",
                    "monitor:UpgradeGrafanaDashboard",
                    "vpc:CreateVpc",
                    "vpc:CreateSubnet",
                    "vpc:DescribeVpcEx",
                    "vpc:DeleteNatGateway",
                    "vpc:CreateNatGateway",
                    "vpc:CreateRoute",
                    "vpc:EnableRoutes",
                    "vpc:DeleteRoute",
                    "vpc:DescribeNatGateways",
                    "vpc:DescribeRouteTable",
                    "cvm:ReleaseAddresses",
                    "monitor:TerminatePrometheusInstances",
                    "monitor:CreatePrometheusMultiTenantInstancePostPayMode"
                ],
                "resource": [
                    "*"
                ]
            }
        ]
    }
    

    TEM_QCSLinkedRoleInAccessResourceService

    Use Cases: The current role is the TEM service role,which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForTEMLinkedRoleInAccessResourceService
    • Policy Information:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "action": [
                    "tcb:DescribeCloudBaseGWAPI",
                    "tcb:DescribeCloudBaseRunServer",
                    "tcb:DescribeCloudBaseRunServers",
                    "tcb:DescribeCloudBaseRunServerVersion",
                    "tcb:DescribeEnvLimit",
                    "tcb:DescribeCloudBaseRunPodList",
                    "tcb:DescribeICPResources",
                    "tcb:DescribePostPackage",
                    "tcb:DescribeCloudBaseGWService",
                    "tcb:DescribeCurveData",
                    "tcb:SearchClsLog",
                    "tcb:DescribeCloudBaseRunImages",
                    "tcb:DescribeCloudBaseRunServerFlowConf",
                    "tcb:CreateCloudBaseRunServerVersion",
                    "tcb:CreateCloudBaseGWAPI",
                    "tcb:ModifyCloudBaseGWAPIPublicAccess",
                    "tcb:ModifyCloudBaseGWAPIAccessType",
                    "tcb:ModifyCloudBaseRunServerVersion",
                    "tcb:CreatePostpayPackage",
                    "tcb:DeleteCloudBaseRunImageRepo",
                    "tcb:DeleteCloudBaseRunServer",
                    "tcb:DeleteCloudBaseRunServerVersion",
                    "tcb:EstablishCloudBaseRunServer",
                    "tcb:ModifyCloudBaseRunServerFlowConf",
                    "tcb:RollUpdateCloudBaseRunServerVersion",
                    "tcb:DescribeEnvs",
                    "tcb:DestroyEnv",
                    "tcb:CheckTcbService",
                    "tcb:ModifyEnv",
                    "tcb:DescribeCloudBaseRunVersionException"
                ],
                "resource": [
                    "*"
                ]
            }
        ]
    }
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support