tencent cloud

Elasticsearch Service
下载PDF
最后更新时间:2025-12-16 09:58:13
Elasticsearch Service
最后更新时间: 2025-12-16 09:58:13
下载PDF

服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。

CAM中产品名 角色名称 角色类型 角色载体
Elasticsearch Service ES_QCSLinkedRoleInAuthCos 服务相关角色 authcos.es.cloud.tencent.com
Elasticsearch Service ES_QCSLinkedRoleInAccessCos 服务相关角色 acesscos.es.cloud.tencent.com
Elasticsearch Service ES_QCSLinkedRoleInDataImport 服务相关角色 dataimport.es.cloud.tencent.com
Elasticsearch Service ES_QCSLinkedRoleInLogSyncCls 服务相关角色 logsynccls.es.cloud.tencent.com
Elasticsearch Service ES_QCSLinkedRoleInVpcOperate 服务相关角色 vpcoperate.es.cloud.tencent.com
Elasticsearch Service ES_QCSLinkedRoleInBeatsCollector 服务相关角色 beatscollector.es.cloud.tencent.com

ES_QCSLinkedRoleInAuthCos

使用场景: 获取访问用户cos数据的角色
权限策略

  • 策略名称: QcloudAccessForESLinkedRoleInAuthCos
  • 策略内容:
    {
  "version": "2.0",
  "statement": [
      {
          "effect": "allow",
          "action": [
              "cos:List*",
              "cos:Get*",
              "cos:Head*",
              "cos:OptionsObject"
          ],
          "resource": "*"
      }
  ]
}

ES_QCSLinkedRoleInAccessCos

使用场景: 当前角色为检索服务(ES)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略

  • 策略名称: QcloudAccessForEsLinkedRoleInCosAcess
  • 策略内容:
    {
  "statement": [
      {
          "action": [
              "cos:GetBucket",
              "cos:HeadBucket",
              "cos:GetObject",
              "cos:HeadObject",
              "cos:PutObject",
              "cos:PostObject",
              "cos:InitiateMultipartUpload",
              "cos:ListMultipartUploads",
              "cos:ListParts",
              "cos:UploadPart",
              "cos:CompleteMultipartUpload",
              "cos:DeleteObject",
              "cos:DeleteMultipleObjects"
          ],
          "effect": "allow",
          "resource": "*"
      }
  ],
  "version": "2.0"
}

ES_QCSLinkedRoleInDataImport

使用场景: 当前角色为 Elasticsearch Service(ES)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略

  • 策略名称: QcloudAccessForESLinkedRoleInDataImport
  • 策略内容:
    {
  "version": "2.0",
  "statement": [
      {
          "action": [
              "ckafka:DescribeInstancesDetail",
              "ckafka:DescribeInstances",
              "ckafka:CreateTopic",
              "ckafka:DescribeTopicDetail",
              "ckafka:DescribeTopic",
              "ckafka:DescribeRoute",
              "ckafka:CreateDatahubTopic",
              "ckafka:DescribeDatahubTopic",
              "ckafka:CreateConnectResource",
              "ckafka:DescribeConnectResource",
              "ckafka:CreateDatahubTask",
              "ckafka:DescribeDatahubTask",
              "tat:RunCommand",
              "tat:DescribeInvocations",
              "tat:DescribeAutomationAgentStatus",
              "tke:DescribeClusters",
              "tke:DescribeClusterReleases",
              "tke:CreateClusterRelease",
              "tke:UpgradeClusterRelease",
              "tke:UninstallClusterRelease",
              "tke:CancelClusterRelease",
              "ckafka:DeleteDatahubTopic",
              "ckafka:DeleteConnectResource",
              "ckafka:DeleteDatahubTask",
              "ckafka:DeleteDatahubGroup",
              "ckafka:ModifyGroupOffsets",
              "ckafka:ModifyDatahubResource",
              "cvm:DescribeInstances",
              "emr:DescribeClusterLogInfo",
              "emr:NotifyEmr"
          ],
          "resource": "*",
          "effect": "allow"
      }
  ]
}

ES_QCSLinkedRoleInLogSyncCls

使用场景: 当前角色为Elasticsearch Serivce(ES)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略

  • 策略名称: QcloudAccessForESLinkedRoleInLogSyncCls
  • 策略内容:
    {
  "statement": [
      {
          "action": [
              "cls:ModifyTopic",
              "emr:AddClusterLogsToCls",
              "emr:RemoveClusterLogsToCls",
              "emr:DescribeInstances",
              "cls:RealtimeProducer"
          ],
          "effect": "allow",
          "resource": "*"
      }
  ],
  "version": "2.0"
}

ES_QCSLinkedRoleInVpcOperate

使用场景: 当前角色为Elasticsearch Service (ES)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略

  • 策略名称: QcloudAccessForESLinkedRoleInVpcOperate
  • 策略内容:
    {
  "version": "1.0",
  "statement": [
      {
          "action": [
              "vpc:DescribeVpcEx",
              "vpc:DescribeSubnetEx",
              "vpc:CreateCcn",
              "vpc:AttachCcnInstances",
              "vpc:DeleteCcn",
              "vpc:DetachCcnInstances",
              "vpc:DescribeNetworkInterfaces",
              "vpc:CreateNetworkInterface",
              "vpc:DeleteNetworkInterface",
              "vpc:DescribeVpcTaskResult",
              "vpc:CreateVpcEndPoint",
              "vpc:DescribeVpcEndPoint",
              "vpc:ModifyVpcEndPointAttribute",
              "vpc:DeleteVpcEndPoint",
              "vpc:DisassociateVpcEndPointSecurityGroups",
              "cvm:DescribeSecurityGroups"
          ],
          "resource": "*",
          "effect": "allow"
      }
  ]
}

ES_QCSLinkedRoleInBeatsCollector

使用场景: 当前角色为 Elasticsearch Service(ES)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略

  • 策略名称: QcloudAccessForESLinkedRoleInBeatsCollector
  • 策略内容:
    {
  "version": "2.0",
  "statement": [
      {
          "effect": "allow",
          "action": [
              "tat:RunCommand",
              "tat:DescribeInvocations",
              "tat:DescribeAutomationAgentStatus",
              "tke:DescribeClusters",
              "tke:DescribeClusterReleases",
              "tke:CreateClusterRelease",
              "tke:UpgradeClusterRelease",
              "tke:UninstallClusterRelease",
              "tke:CancelClusterRelease",
              "cvm:DescribeInstances",
              "emr:DescribeClusterLogInfo",
              "emr:NotifyEmr"
          ],
          "resource": [
              "*"
          ]
      }
  ]
}
本页内容是否解决了您的问题?
您也可以 联系销售 提交工单 以寻求帮助。

文档反馈