tencent cloud

피드백

Web Application Firewall

마지막 업데이트 시간:2024-11-26 10:00:55

    Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.

    Product Role Name Role Types Role Entity
    cloudWaf WAF_QCSLinkedRoleInCLS Service-Related Roles cls.waf.cloud.tencent.com
    cloudWaf WAF_QCSLinkedRoleInAccess Service-Related Roles access.waf.cloud.tencent.com
    cloudWaf WAF_QCSLinkedRoleInCKafka Service-Related Roles ckafka.waf.cloud.tencent.com

    WAF_QCSLinkedRoleInCLS

    Use Cases: The current role is the WAF service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForWAFLinkedRoleInCLS
    • Policy Information:
    {
        "version": "2.0",
        "statement": [
            {
                "action": [
                    "cls:getLogset",
                    "cls:listLogset",
                    "cls:getTopic",
                    "cls:listTopic",
                    "cls:UploadLog",
                    "cls:SearchLog",
                    "cls:searchLog",
                    "cls:pushLog",
                    "cls:pullLogs",
                    "cls:GetLog",
                    "cls:CreateLogset",
                    "cls:createLogset",
                    "cls:CreateTopic",
                    "cls:createTopic",
                    "cls:CreateIndex",
                    "cls:ModifyIndex",
                    "cls:modifyIndex",
                    "cls:DescribeIndex",
                    "monitor:GetMonitorData"
                ],
                "resource": "*",
                "effect": "allow"
            }
        ]
    }
    

    WAF_QCSLinkedRoleInAccess

    Use Cases: The current role is the WAF service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForWAFLinkedRoleInAccess
    • Policy Information:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "action": [
                    "dnspod:*",
                    "ssl:*",
                    "clb:*",
                    "vpc:DescribeAddress",
                    "vpc:CreateAddress",
                    "cvm:DescribeSecurityGroups",
                    "cvm:CreateSecurityGroupPolicy",
                    "cvm:CreateSecurityGroup",
                    "cvm:DescribeSecurityGroupPolicys",
                    "cvm:DescribeInstances",
                    "cvm:AssociateSecurityGroups",
                    "cvm:ModifyInstancesAttribute"
                ],
                "resource": [
                    "*"
                ]
            }
        ]
    }
    

    WAF_QCSLinkedRoleInCKafka

    Use Cases: The current role is the WAF service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForWAFLinkedRoleInCKafka
    • Policy Information:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "resource": [
                    "*"
                ],
                "action": [
                    "ckafka:DescribeInstanceAttributes",
                    "ckafka:DescribeTopicAttributes",
                    "ckafka:DescribeUser",
                    "ckafka:GetInstanceAttributes",
                    "ckafka:GetTopicAttributes",
                    "ckafka:DescribeTopicDetail",
                    "ckafka:GetInstanceAttributes",
                    "ckafka:GetTopicAttributes",
                    "ckafka:DescribeInstances",
                    "ckafka:DescribeInstancesDetail",
                    "ckafka:DescribeRoute",
                    "ckafka:DescribeTopic",
                    "ckafka:ListRoute",
                    "ckafka:ListTopic",
                    "monitor:GetMonitorData"
                ]
            }
        ]
    }
    
    문의하기

    고객의 업무에 전용 서비스를 제공해드립니다.

    기술 지원

    더 많은 도움이 필요하시면, 티켓을 통해 연락 바랍니다. 티켓 서비스는 연중무휴 24시간 제공됩니다.

    연중무휴 24시간 전화 지원