CAM中产品名 | 角色名称 | 角色类型 | 角色载体 |
---|---|---|---|
Web 应用防火墙 | WAF_QCSLinkedRoleInCLS | 服务相关角色 | cls.waf.cloud.tencent.com |
Web 应用防火墙 | WAF_QCSLinkedRoleInAccess | 服务相关角色 | access.waf.cloud.tencent.com |
Web 应用防火墙 | WAF_QCSLinkedRoleInCKafka | 服务相关角色 | ckafka.waf.cloud.tencent.com |
使用场景: 当前角色为Web应用防火墙(WAF)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
{
"version": "2.0",
"statement": [
{
"action": [
"cls:getLogset",
"cls:listLogset",
"cls:getTopic",
"cls:listTopic",
"cls:UploadLog",
"cls:SearchLog",
"cls:searchLog",
"cls:pushLog",
"cls:pullLogs",
"cls:GetLog",
"cls:CreateLogset",
"cls:createLogset",
"cls:CreateTopic",
"cls:createTopic",
"cls:CreateIndex",
"cls:ModifyIndex",
"cls:modifyIndex",
"cls:DescribeIndex",
"monitor:GetMonitorData"
],
"resource": "*",
"effect": "allow"
}
]
}
使用场景: 当前角色为Web应用防火墙(WAF)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"action": [
"dnspod:*",
"ssl:*",
"clb:*",
"vpc:DescribeAddress",
"vpc:CreateAddress",
"cvm:DescribeSecurityGroups",
"cvm:CreateSecurityGroupPolicy",
"cvm:CreateSecurityGroup",
"cvm:DescribeSecurityGroupPolicys",
"cvm:DescribeInstances",
"cvm:AssociateSecurityGroups",
"cvm:ModifyInstancesAttribute"
],
"resource": [
"*"
]
}
]
}
使用场景: 当前角色为Web应用防火墙(WAF)服务相关角色,该角色将在已关联策略的权限范围内访问您的其他云服务资源。
权限策略
{
"version": "2.0",
"statement": [
{
"effect": "allow",
"resource": [
"*"
],
"action": [
"ckafka:DescribeInstanceAttributes",
"ckafka:DescribeTopicAttributes",
"ckafka:DescribeUser",
"ckafka:GetInstanceAttributes",
"ckafka:GetTopicAttributes",
"ckafka:DescribeTopicDetail",
"ckafka:GetInstanceAttributes",
"ckafka:GetTopicAttributes",
"ckafka:DescribeInstances",
"ckafka:DescribeInstancesDetail",
"ckafka:DescribeRoute",
"ckafka:DescribeTopic",
"ckafka:ListRoute",
"ckafka:ListTopic",
"monitor:GetMonitorData"
]
}
]
}
本页内容是否解决了您的问题?