Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.
| Product | Role Name | Role Types | Role Entity |
|---|---|---|---|
| Tencent Cloud EdgeOne | TEO_QCSLinkedRoleInRce | Service-Related Roles | rce.teo.cloud.tencent.com |
| Tencent Cloud EdgeOne | TEO_QCSLinkedRoleInDdos | Service-Related Roles | ddos.teo.cloud.tencent.com |
| Tencent Cloud EdgeOne | TEO_QCSLinkedRoleInCaptcha | Service-Related Roles | captcha.teo.cloud.tencent.com |
| Tencent Cloud EdgeOne | TEO_QCSLinkedRoleInRceIntl | Service-Related Roles | rce.teointl.cloud.tencent.com |
| Tencent Cloud EdgeOne | TEO_QCSLinkedRoleInCertlist | Service-Related Roles | certlist.teo.cloud.tencent.com |
| Tencent Cloud EdgeOne | TEO_QCSLinkedRoleInInference | Service-Related Roles | edgeoneinference.teo.cloud.tencent.com |
| Tencent Cloud EdgeOne | TEO_QCSLinkedRoleInUpstreamgw | Service-Related Roles | upstreamgw.teo.cloud.tencent.com |
| Tencent Cloud EdgeOne | TEO_QCSLinkedRoleInCaptchaIntl | Service-Related Roles | captcha.teointl.cloud.tencent.com |
| Tencent Cloud EdgeOne | TEO_QCSLinkedRoleInCAMUserGroup | Service-Related Roles | camusergroup.teo.cloud.tencent.com |
| Tencent Cloud EdgeOne | TEO_QCSLinkedRoleInDnspodaccessEO | Service-Related Roles | DnspodaccesEO.TEO.cloud.tencent.com |
| Tencent Cloud EdgeOne | TEO_QCSLinkedRoleInRealTimeLogCLS | Service-Related Roles | realtimelogcls.teo.cloud.tencent.com |
TEO_QCSLinkedRoleInRce
Use Cases: The current role is the TEO service linked role, which will query risk labels in RCE service within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForTEOLinkedRoleInRce
- Policy Information:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "rce:DescribeRiskLabels" ], "resource": "*" } ] }
TEO_QCSLinkedRoleInDdos
Use Cases: The current role is the TEO service linked role, which will be able to CRUD the configurations in the DDoS protection product within the scope of the associated policy permissions.
Authorization Polices
- Policy Name: QcloudAccessForTEOLinkedRoleInDdos
- Policy Information:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "antiddos:ModifyProtection", "antiddos:DescribeProtections", "antiddos:DeleteProtection", "antiddos:CreateProtection", "antiddos:ModifyProtectionResource", "antiddos:DescribeProtectionResources" ], "resource": "*" } ] }
TEO_QCSLinkedRoleInCaptcha
Use Cases: The current role is the TEO service linked role, which will query captcha result in Captcha service within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForTEOLinkedRoleInCaptcha
- Policy Information:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "captcha:DescribeCaptchaResult" ], "resource": "*" } ] }
TEO_QCSLinkedRoleInRceIntl
Use Cases: The current role is the TEO service linked role, which will query risk labels in RCE service within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForTEOLinkedRoleInRceIntl
- Policy Information:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "rce:DescribeRiskLabels" ], "resource": "*" } ] }
TEO_QCSLinkedRoleInCertlist
Use Cases: The current role is the TEO service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForTEOLinkedRoleInCertlist
- Policy Information:
{ "version": "2.0", "statement": [ { "effect": "allow", "resource": [ "*" ], "action": [ "ssl:DescribeCertificate", "ssl:DescribeCertificateDetail", "ssl:DescribeCertificates", "ssl:DownloadCertificate", "ssl:ModifyCertificateAlias", "ssl:UploadCertificate" ] } ] }
TEO_QCSLinkedRoleInInference
Use Cases: The current role is the TEO service linked role, which will access your TCR resources within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForTEOInferenceRole
- Policy Information:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "tcr:DescribeRegions", "tcr:DescribeInstances", "tcr:DescribeNamespaces", "tcr:DescribeRepositories", "tcr:DescribeImages", "tcr:DescribeRepositoryFilterPersonal", "tcr:PullRepository", "tcr:CreateInstanceToken", "tcr:DescribeImagePersonal", "tcr:DescribeApplicationTokenPersonal" ], "resource": "*" } ] }
TEO_QCSLinkedRoleInUpstreamgw
Use Cases: The current role is the teo service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForTEOLinkedRoleInUpstreamgw
- Policy Information:
{ "statement": [ { "action": [ "vpc:DescribeVpcs", "vpc:DescribeSubnets", "vpc:DescribeDirectConnectGateways" ], "effect": "allow", "resource": [ "*" ] } ], "version": "2.0" }
TEO_QCSLinkedRoleInCaptchaIntl
Use Cases: The current role is the TEO service linked role, which will query captcha result in Captcha service within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForTEOLinkedRoleInCaptchaIntl
- Policy Information:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "captcha:DescribeCaptchaResult" ], "resource": "*" } ] }
TEO_QCSLinkedRoleInCAMUserGroup
Use Cases: The current role is the TEO service linked role, which will query your user group info configured in CAM service within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForTEOLinkedRoleInCAMUserGroup
- Policy Information:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "cam:GetGroup" ], "resource": "*" } ] }
TEO_QCSLinkedRoleInDnspodaccessEO
Use Cases: The current role is the TEO service linked role, which will query the status of the domain name you have connected to the DNSPod product and related resolution records within the scope of the associated policy, and help you quickly complete the resolution modification in the scenario of one-click resolution modification, which will accelerate the service switch to EO.
Authorization Polices
- Policy Name: QcloudAccessForteoLinkedRoleInDnspodaccesEO
- Policy Information:
{ "version": "2.0", "statement": [ { "effect": "allow", "action": [ "dnspod:CreateRecord", "dnspod:ModifyRecordStatus", "dnspod:DescribeRecordList", "dnspod:ModifyRecord", "dnspod:DescribeDomain" ], "resource": "*" } ] }
TEO_QCSLinkedRoleInRealTimeLogCLS
Use Cases: The current role is the TEO service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices
- Policy Name: QcloudAccessForTEORealTimeLogCLS
- Policy Information:
{ "version": "2.0", "statement": [ { "action": [ "cls:pushLog", "cls:searchLog", "cls:listLogset", "cls:getLogset", "cls:listTopic", "cls:getTopic", "cls:createTopic", "cls:modifyTopic", "cls:deleteTopic", "cls:createLogset", "cls:modifyLogset", "cls:deleteLogset", "cls:downloadLog", "cls:getIndex", "cls:modifyIndex", "cls:CreateIndex" ], "resource": "*", "effect": "allow" } ] }
Feedback