Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.
| Product | Role Name | Role Types | Role Entity |
|---|---|---|---|
| COS | COS_QCSLinkedRoleInCOSAcc | Service-Related Roles | COSAcc.COS.cloud.tencent.com |
| COS | COS_QCSLinkedRoleInCLSAccess | Service-Related Roles | cosoclsr.cos.cloud.tencent.com |
| COS | COS_QCSLinkedRoleVectorBucket | Service-Related Roles | vector.cos.cloud.tencent.com |
| COS | COS_QCSLinkedRoleInLighthouseMounting | Service-Related Roles | lhmounting.cos.cloud.tencent.com |
COS_QCSLinkedRoleInCOSAcc
Use Cases: The current role is the COS service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForCOSLinkedRoleInCOSAcc
- Policy Information:
{ "statement": [ { "action": [ "cos:*" ], "effect": "allow", "resource": "*" } ], "version": "2.0" }
COS_QCSLinkedRoleInCLSAccess
Use Cases: Object Storage Service (COS) operation permissions include but are not limited to the following permissions: Add, delete, and modify log service (CLS) log sets, log topics, logs, add, delete, and modify machine groups, add, delete, and modify indexes, and delivery logs, etc.
Authorization Polices
- Policy Name: QcloudAccessForCOSLinkedRoleInCosoclsr
- Policy Information:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "cls:CreateIndex", "cls:ModifyIndex", "cls:DescribeIndex", "cls:CreateTopic", "cls:ModifyTopic", "cls:DeleteTopic", "cls:DescribeTopics", "cls:ModifyLogset", "cls:DeleteLogset", "cls:CreateLogset", "cls:DescribeLogsets", "tag:DescribeResourceTagsByResourceIds", "tag:DescribeTagKeys", "tag:DescribeTagValues", "tag:DescribeResourceTags", "tag:TagResources", "tag:DescribeTags" ], "resource": "*" } ] }
COS_QCSLinkedRoleVectorBucket
Use Cases: The current role is the COS service linked role for vector bucket, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudCOSAccessForVectorBucket
- Policy Information:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "cos:PutBucketEncryption", "cos:GetBucketEncryption", "cos:DeleteBucketEncryption", "cos:PutObject", "cos:PutObjectCopy", "cos:PostObject", "cos:GetObject", "cos:HeadObject", "cos:DeleteObject", "cos:DeleteMultipleObjects", "cos:PutObjectTagging", "cos:GetObjectTagging", "cos:DeleteObjectTagging", "cos:InitiateMultipartUpload", "cos:UploadPart", "cos:UploadPartCopy", "cos:CompleteMultipartUpload", "cos:AbortMultipartUpload", "cos:ListMultipartUploads", "cos:ListParts", "cos:PutBucket", "cos:GetBucket", "cos:HeadBucket", "cos:DeleteBucket" ], "resource": "*" } ] }
COS_QCSLinkedRoleInLighthouseMounting
Use Cases: The current role is the COS service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForCOSLinkedRoleInLighthouseMounting
- Policy Information:
{ "statement": [ { "action": [ "tat:DescribeCommands", "tat:RunCommand", "tat:InvokeCommand", "tat:DescribeInvocations", "tat:DescribeInvocationTasks", "tat:DescribeAutomationAgentStatus", "tat:CancelInvocation", "tat:DescribeInstancesFeatureStatus" ], "effect": "allow", "resource": "*" } ], "version": "2.0" }
Feedback