tencent cloud

文档反馈

SSL 证书

最后更新时间:2024-11-26 10:00:44

    服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。

    CAM中产品名 角色名称 角色类型 角色载体
    SSL证书 SSL_QCSLinkedRoleInCertificateWaf 服务相关角色 certificatewaf.ssl.cloud.tencent.com
    SSL证书 SSL_QCSLinkedRoleInCertificateDependence 服务相关角色 certificatedependence.ssl.cloud.tencent.com
    SSL证书 SSL_QCSLinkedRoleInReplaceLoadCertificate 服务相关角色 replaceloadcertificate.ssl.cloud.tencent.com
    SSL证书 SSL_QCSLinkedRoleInCertificateCloudMonitor 服务相关角色 certificatecloudmonitor.ssl.cloud.tencent.com
    SSL证书 SSL_QCSLinkedRoleInDescribeDeployedResources 服务相关角色 describedeployedresources.ssl.cloud.tencent.com

    SSL_QCSLinkedRoleInCertificateWaf

    使用场景: 当前角色为SSL证书(SSL)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
    权限策略

    • 策略名称: QcloudAccessForSSLLinkedRoleInCertificateWaf
    • 策略内容:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "action": [
                    "waf:DescribeSpartaProtectionList",
                    "waf:DescribeSpartaProtectionInfo",
                    "waf:DescribeUserInstances",
                    "waf:DescribeUserQPS",
                    "waf:DescribePeakPoints",
                    "waf:AddSpartaProtection",
                    "waf:DeleteSpartaProtection",
                    "waf:ModifySpartaProtection",
                    "waf:ModifyProtectionStatus",
                    "waf:DescribeDomains"
                ],
                "resource": [
                    "*"
                ]
            }
        ]
    }
    

    SSL_QCSLinkedRoleInCertificateDependence

    使用场景: 当前角色为SSL证书(SSL)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
    权限策略

    • 策略名称: QcloudAccessForSSLLinkedRoleInCertificateDependence
    • 策略内容:
    {
        "statement": [
            {
                "action": [
                    "dnspod:CreateRecord",
                    "dnspod:DescribeDomain",
                    "dnspod:CreateDomain",
                    "dnspod:DescribeRecordList",
                    "dnspod:DeleteRecord",
                    "dnspod:DescribeDomain",
                    "dnspod:ModifyRecordStatus"
                ],
                "effect": "allow",
                "resource": "*"
            }
        ],
        "version": "2.0"
    }
    

    SSL_QCSLinkedRoleInReplaceLoadCertificate

    使用场景: 当前角色为SSL证书(SSL)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
    权限策略

    • 策略名称: QcloudAccessForSSLLinkedRoleInReplaceLoadCertificate
    • 策略内容:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "action": [
                    "clb:ReplaceCertForLoadBalancers",
                    "waf:DescribeCertificatedDomain",
                    "waf:ModifyCertificatedDomain",
                    "live:DescribeLiveDomainsByCerts",
                    "live:ModifyLiveDomainCertBindings",
                    "antiddos:DescribeL7RulesBySSLCertId",
                    "antiddos:CreateL7RuleCerts",
                    "clb:DescribeLoadBalancerListByCertId",
                    "clb:DescribeLoadBalancers",
                    "clb:DescribeListeners",
                    "clb:ModifyListener",
                    "clb:ModifyDomainAttributes",
                    "clb:DescribeTaskStatus",
                    "cos:GetBucketDomain",
                    "cos:GetBucketDomainCertificate",
                    "cos:GetService",
                    "cos:PutBucketDomainCertificate",
                    "tke:DescribeClusters",
                    "tke:AcquireClusterAdminRole",
                    "tke:AcquireEKSClusterAdminRole",
                    "lighthouse:DescribeSupportHttpsInstances",
                    "lighthouse:InstallCertificate",
                    "lighthouse:DescribeInstallCertificateTasks",
                    "vod:DescribeVodDomainsByCertIds",
                    "vod:ModifyVodDomainCertBindings",
                    "vod:UpdateCertForVodDomains",
                    "clb:DescribeLoadBalancerCount",
                    "teo:ModifyHostsCertificateByHosts",
                    "teo:DescribeHostsByCertID",
                    "tcb:DescribeEnvs",
                    "tcb:DescribeCloudBaseGWService",
                    "tcb:DescribeHostingDomain",
                    "tcb:BindCloudBaseAccessDomain",
                    "tcb:CreateHostingDomain",
                    "tcb:ModifyCloudBaseAccessDomain",
                    "tcb:ModifyHostingDomain",
                    "tse:ModifyCloudNativeAPIGatewayCertificate",
                    "tse:DescribeCloudNativeAPIGatewayCertificates",
                    "tse:DescribeCloudNativeAPIGateways",
                    "cdn:DescribeCdnDomainsByCerts",
                    "cdn:UpdateDomainHttps",
                    "tcm:DescribeMeshList",
                    "tcm:DescribeIstioGatewayList",
                    "tcm:ModifyGatewayCert"
                ],
                "resource": [
                    "*"
                ]
            }
        ]
    }
    

    SSL_QCSLinkedRoleInCertificateCloudMonitor

    使用场景: 当前角色为SSL 证书(SSL)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
    权限策略

    • 策略名称: QcloudAccessForSSLLinkedRoleInCertificateCloudMonitor
    • 策略内容:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "resource": [
                    "*"
                ],
                "action": [
                    "monitor:CreateAlarmPolicy",
                    "monitor:DeleteAlarmPolicy",
                    "monitor:DescribeAlarmPolicies",
                    "monitor:ModifyAlarmPolicyStatus",
                    "monitor:BindingPolicyObject",
                    "monitor:UnBindingPolicyObject",
                    "monitor:ModifyAlarmPolicyNotice",
                    "monitor:CreateAlarmNotice",
                    "monitor:DeleteAlarmNotices",
                    "monitor:ModifyAlarmNotice",
                    "monitor:DescribeAlarmNotices",
                    "monitor:UnBindingAllPolicyObject"
                ]
            }
        ]
    }
    

    SSL_QCSLinkedRoleInDescribeDeployedResources

    使用场景: 当前角色为 SSL 证书(SSL)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
    权限策略

    • 策略名称: QcloudAccessForSSLLinkedRoleInDescribeDeployedResources
    • 策略内容:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "action": [
                    "clb:ReplaceCertForLoadBalancers",
                    "waf:DescribeCertificatedDomain",
                    "waf:ModifyCertificatedDomain",
                    "live:DescribeLiveDomainsByCerts",
                    "live:ModifyLiveDomainCertBindings",
                    "antiddos:DescribeL7RulesBySSLCertId",
                    "antiddos:CreateL7RuleCerts",
                    "clb:DescribeLoadBalancerListByCertId",
                    "cdn:UpdateDomainsCertificate",
                    "teo:DescribeHostsByCertID",
                    "teo:ModifyHostsCertificateByHosts"
                ],
                "resource": [
                    "*"
                ]
            }
        ]
    }
    
    联系我们

    联系我们,为您的业务提供专属服务。

    技术支持

    如果你想寻求进一步的帮助,通过工单与我们进行联络。我们提供7x24的工单服务。

    7x24 电话支持