tencent cloud

文档反馈

弹性微服务

最后更新时间:2024-11-26 10:00:48

    服务(相关)角色是由腾讯云服务预定义,经用户授权后相应服务即可通过扮演服务相关角色对用户资源进行访问操作。本文档介绍具体服务相关角色的使用场景及相关权限策略信息。

    CAM中产品名 角色名称 角色类型 角色载体
    弹性微服务 TEM_QCSLinkedRoleInTEMAPI 服务相关角色 temapi.tem.cloud.tencent.com
    弹性微服务 TEM_QCSLinkedRoleInTEMLog 服务相关角色 cvm.qcloud.com
    temlog.tem.cloud.tencent.com
    弹性微服务 TEM_QCSLinkedRoleInAccessCluster 服务相关角色 accesscluster.tem.cloud.tencent.com
    弹性微服务 TEM_QCSLinkedRoleInAccessResourceService 服务相关角色 accessresourceservice.tem.cloud.tencent.com

    TEM_QCSLinkedRoleInTEMAPI

    使用场景: 当前角色为弹性微服务(TEM)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
    权限策略

    • 策略名称: QcloudAccessForTEMLinkedRoleInTEMApi
    • 策略内容:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "resource": [
                    "*"
                ],
                "action": [
                    "apm:CreatePAASInstance",
                    "apm:DescribeApmAgent",
                    "apm:DescribeTopology",
                    "apm:DeletePAASInstance",
                    "apm:DescribePAASTopology",
                    "tcb:CreateCloudBaseRunServerVersionWithMicroService"
                ]
            }
        ]
    }
    

    TEM_QCSLinkedRoleInTEMLog

    使用场景: 当前角色为弹性微服务(TEM)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
    权限策略

    • 策略名称: QcloudAccessForTEMLinkedRoleInTEMLog
    • 策略内容:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "resource": [
                    "*"
                ],
                "action": [
                    "cls:listTopic",
                    "cls:getTopic",
                    "cls:createTopic",
                    "cls:modifyTopic",
                    "cls:listMachineGroup",
                    "cls:getMachineGroup",
                    "cls:createMachineGroup",
                    "cls:modifyMachineGroup",
                    "cls:deleteMachineGroup",
                    "cls:getMachineStatus",
                    "cls:pushLog",
                    "cls:agentHeartBeat",
                    "cls:getConfig"
                ]
            }
        ]
    }
    

    TEM_QCSLinkedRoleInAccessCluster

    使用场景: 当前角色为弹性微服务(TEM)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
    权限策略

    • 策略名称: QcloudAccessForTEMLinkedRoleInAccessCluster
    • 策略内容:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "action": [
                    "tse:DescribeSREInstances",
                    "tse:DescribeSREInstanceAccessAddress",
                    "tse:DescribeSREGlobalConfigs",
                    "tke:DescribeClusters",
                    "tcr:CreateNamespacePersonal",
                    "tcr:DeleteNamespacePersonal",
                    "tcr:DescribeRepositoryOwnerPersonal",
                    "tcr:DeleteRepositoryPersonal",
                    "tcr:DeleteImagePersonal",
                    "tcr:CreateRepositoryPersonal",
                    "tcr:BatchDeleteRepositoryPersonal",
                    "tcr:BatchDeleteImagePersonal",
                    "tcr:CreateInstanceToken",
                    "tcr:DescribeInstanceToken",
                    "tcr:DeleteInstanceToken",
                    "tcr:DescribeRepositories",
                    "tcr:PullRepository",
                    "tcr:PullRepositoryPersonal",
                    "cls:searchLog",
                    "cls:getTopic",
                    "cls:getIndex",
                    "cls:CreateIndex",
                    "cls:modifyIndex",
                    "cls:DeleteIndex",
                    "cfs:DescribeCfsFileSystems",
                    "cfs:DescribeMountTargets",
                    "vpc:DescribeSubnetEx",
                    "vpc:DescribeSubnet",
                    "apm:CreateApmInstance",
                    "apm:ModifyApmInstance",
                    "apm:TerminateApmInstance",
                    "apm:CreatePAASInstance",
                    "apm:DeletePAASInstance",
                    "apm:DescribeApmAgent",
                    "apm:DescribeTopologyMetricLineData",
                    "apm:DescribeMetricLineData",
                    "apm:DescribeServiceOverview",
                    "apm:DescribeMetricRecords",
                    "cam:GetRole",
                    "tcr:DescribeInternalEndpoints",
                    "tcr:DescribeInternalEndpointDnsStatus",
                    "tcr:CreateInternalEndpointDns",
                    "tcr:DuplicateImagePersonal",
                    "tcr:DescribeInstances",
                    "tcr:CreateInstance",
                    "tcr:DescribeNamespaces",
                    "tcr:CreateNamespace",
                    "tcr:CreateRepository",
                    "tcr:DescribeRepositories",
                    "tcr:ManageInternalEndpoint",
                    "tcr:PushRepository",
                    "tcr:PushRepositoryPersonal",
                    "monitor:DescribePrometheusInstances",
                    "monitor:UpgradeGrafanaDashboard",
                    "vpc:CreateVpc",
                    "vpc:CreateSubnet",
                    "vpc:DescribeVpcEx",
                    "vpc:DeleteNatGateway",
                    "vpc:CreateNatGateway",
                    "vpc:CreateRoute",
                    "vpc:EnableRoutes",
                    "vpc:DeleteRoute",
                    "vpc:DescribeNatGateways",
                    "vpc:DescribeRouteTable",
                    "cvm:ReleaseAddresses",
                    "monitor:TerminatePrometheusInstances",
                    "monitor:CreatePrometheusMultiTenantInstancePostPayMode"
                ],
                "resource": [
                    "*"
                ]
            }
        ]
    }
    

    TEM_QCSLinkedRoleInAccessResourceService

    使用场景: 当前角色为弹性微服务(TEM)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
    权限策略

    • 策略名称: QcloudAccessForTEMLinkedRoleInAccessResourceService
    • 策略内容:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "action": [
                    "tcb:DescribeCloudBaseGWAPI",
                    "tcb:DescribeCloudBaseRunServer",
                    "tcb:DescribeCloudBaseRunServers",
                    "tcb:DescribeCloudBaseRunServerVersion",
                    "tcb:DescribeEnvLimit",
                    "tcb:DescribeCloudBaseRunPodList",
                    "tcb:DescribeICPResources",
                    "tcb:DescribePostPackage",
                    "tcb:DescribeCloudBaseGWService",
                    "tcb:DescribeCurveData",
                    "tcb:SearchClsLog",
                    "tcb:DescribeCloudBaseRunImages",
                    "tcb:DescribeCloudBaseRunServerFlowConf",
                    "tcb:CreateCloudBaseRunServerVersion",
                    "tcb:CreateCloudBaseGWAPI",
                    "tcb:ModifyCloudBaseGWAPIPublicAccess",
                    "tcb:ModifyCloudBaseGWAPIAccessType",
                    "tcb:ModifyCloudBaseRunServerVersion",
                    "tcb:CreatePostpayPackage",
                    "tcb:DeleteCloudBaseRunImageRepo",
                    "tcb:DeleteCloudBaseRunServer",
                    "tcb:DeleteCloudBaseRunServerVersion",
                    "tcb:EstablishCloudBaseRunServer",
                    "tcb:ModifyCloudBaseRunServerFlowConf",
                    "tcb:RollUpdateCloudBaseRunServerVersion",
                    "tcb:DescribeEnvs",
                    "tcb:DestroyEnv",
                    "tcb:CheckTcbService",
                    "tcb:ModifyEnv",
                    "tcb:DescribeCloudBaseRunVersionException"
                ],
                "resource": [
                    "*"
                ]
            }
        ]
    }
    
    联系我们

    联系我们,为您的业务提供专属服务。

    技术支持

    如果你想寻求进一步的帮助,通过工单与我们进行联络。我们提供7x24的工单服务。

    7x24 电话支持