- 产品简介
- 购买指南
- 快速入门
- 用户指南
- 支持角色的业务
- 支持CAM的业务接口
- 实践教程
- 商用案例
- API 文档
- History
- Introduction
- API Category
- User APIs
- DescribeSafeAuthFlagColl
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- 常见问题
- 词汇表
- 产品简介
- 购买指南
- 快速入门
- 用户指南
- 支持角色的业务
- 支持CAM的业务接口
- 实践教程
- 商用案例
- API 文档
- History
- Introduction
- API Category
- User APIs
- DescribeSafeAuthFlagColl
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- 常见问题
- 词汇表
服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。
| CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
|---|---|---|---|
| 容器服务 | TKE_QCSLinkedRoleInTDCC | 服务相关角色 | cvm.qcloud.com tdcc.tke.cloud.tencent.com |
| 容器服务 | TKE_QCSLinkedRoleInEKSLog | 服务相关角色 | cvm.qcloud.com ekslog.tke.cloud.tencent.com |
| 容器服务 | TKE_QCSLinkedRoleInEtcdService | 服务相关角色 | cvm.qcloud.com etcdservice.tke.cloud.tencent.com |
| 容器服务 | TKE_QCSLinkedRoleInEKSCostMaster | 服务相关角色 | cvm.qcloud.com ekscostmaster.tke.cloud.tencent.com |
| 容器服务 | TKE_QCSLinkedRoleInPrometheusService | 服务相关角色 | cvm.qcloud.com prometheusservice.tke.cloud.tencent.com |
TKE_QCSLinkedRoleInTDCC
使用场景: 当前角色为容器服务(TKE)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForTKELinkedRoleInTDCC
- 策略内容:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"cls:listTopic",
"cls:getTopic",
"cls:createTopic",
"cls:modifyTopic",
"cls:listMachineGroup",
"cls:getMachineGroup",
"cls:createMachineGroup",
"cls:modifyMachineGroup",
"cls:deleteMachineGroup",
"cls:getMachineStatus",
"cls:pushLog",
"cls:agentHeartBeat",
"cls:getConfig",
"cls:getIndex",
"cls:modifyIndex",
"cls:ApplyConfigToMachineGroup",
"cls:CreateConfig",
"cls:CreateIndex",
"cls:CreateLogset",
"cls:CreateMachineGroup",
"cls:CreateTopic",
"cls:DeleteConfig",
"cls:DeleteConfigFromMachineGroup",
"cls:DeleteLogset",
"cls:DeleteMachineGroup",
"cls:DeleteTopic",
"cls:DescribeConfigMachineGroups",
"cls:DescribeConfigs",
"cls:DescribeLogsets",
"cls:DescribeMachineGroupConfigs",
"cls:DescribeMachineGroups",
"cls:DescribeTopics",
"cls:ModifyConfig",
"cls:ModifyIndex",
"cls:ModifyMachineGroup",
"cls:ModifyTopic"
],
"resource": [
"*"
]
}
]
}
TKE_QCSLinkedRoleInEKSLog
使用场景: 当前角色为容器服务(TKE)服务角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForTKELinkedRoleInEKSLog
- 策略内容:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"cls:pushLog",
"cls:agentHeartBeat",
"cls:getConfig"
],
"resource": [
"*"
]
}
]
}
TKE_QCSLinkedRoleInEtcdService
使用场景: 当前角色为容器服务(TKE)服务角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForTKELinkedRoleInEtcdService
- 策略内容:
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"resource": [
"*"
],
"action": [
"cos:DeleteBucket",
"cos:GetBucket",
"cos:PutBucket",
"cos:HeadBucket",
"cos:GetObject",
"cos:HeadObject",
"cos:PutObject",
"cos:DeleteObject",
"cos:DeleteMultipleObjects",
"cos:ListMultipartUploads",
"cos:AbortMultipartUpload"
]
}
]
}
TKE_QCSLinkedRoleInEKSCostMaster
使用场景: 当前角色为容器服务(TKE)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForTKELinkedRoleInEKSCostMaster
- 策略内容:
{
"version": "2.0",
"statement": [
{
"action": [
"monitor:DescribeMidDimensionValueList",
"monitor:DescribeStatisticData",
"monitor:GetMonitorData"
],
"resource": "*",
"effect": "allow"
}
]
}
TKE_QCSLinkedRoleInPrometheusService
使用场景: 当前角色为容器服务(TKE)服务角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
- 策略名称: QcloudAccessForTKELinkedRoleInPrometheusService
- 策略内容:
{
"statement": [
{
"action": [
"cos:DeleteBucket",
"cos:GetBucket",
"cos:PutBucket",
"cos:HeadBucket",
"cos:GetObject",
"cos:HeadObject",
"cos:PutObject",
"cos:DeleteObject",
"cos:DeleteMultipleObjects",
"cos:ListMultipartUploads",
"cos:AbortMultipartUpload",
"cos:AbortMultipartUpload",
"cos:ListMultipartUploads",
"monitor:DescribePrometheusInstances",
"monitor:DescribeRecordingRules",
"monitor:DescribeAlertRules",
"monitor:DescribeAlarmNotice",
"monitor:DescribeAlarmNotices",
"monitor:DescribeAlarmNoticeCallbacks",
"monitor:DescribeAlarmHistories",
"monitor:CreatePrometheusMultiTenantInstance",
"monitor:TerminatePrometheusInstances",
"monitor:ModifyPrometheusInstanceAttributes",
"monitor:CreateRecordingRule",
"monitor:DeleteRecordingRules",
"monitor:UpdateRecordingRule",
"monitor:CreateAlertRule",
"monitor:DeleteAlertRules",
"monitor:UpdateAlertRule",
"monitor:UpdateAlertRuleState",
"monitor:CreateAlarmNotice",
"monitor:DeleteAlarmNotices",
"monitor:ModifyAlarmNotice",
"monitor:ModifyAlarmPolicyNotice",
"monitor:CreateManagedEKSAgent",
"monitor:DescribeManagedEKSAgent",
"monitor:CreateAlertRuleReceiverNotRequired",
"monitor:UpdateAlertRuleReceiverNotRequired",
"monitor:DescribeExporterIntegrations",
"monitor:CreateExporterIntegration",
"monitor:UpdateExporterIntegration",
"monitor:DeleteExporterIntegration",
"monitor:CreateGrafanaInstance",
"monitor:CreatePrometheusMultiTenantInstancePostPayMode",
"monitor:BindPrometheusManagedGrafana",
"monitor:DescribeGrafanaInstances",
"tdcc:DescribeExternalClusters",
"tdcc:DescribeExternalClusterCredential",
"monitor:UpgradeGrafanaDashboard",
"monitor:UninstallGrafanaDashboard",
"monitor:DescribePrometheusAlertGroups",
"monitor:CreatePrometheusAlertGroup",
"monitor:UpdatePrometheusAlertGroup",
"monitor:DeletePrometheusAlertGroups",
"monitor:UpdatePrometheusAlertGroupState",
"tke:DescribeTKEEdgeExternalKubeconfig",
"tke:DescribeTKEEdgeClusterCredential",
"tke:DescribeTKEEdgeClusters",
"tke:DescribeClusters",
"tke:DescribeClusterSecurity"
],
"effect": "allow",
"resource": [
"*"
]
}
],
"version": "2.0"
}
是
否
本页内容是否解决了您的问题?