tencent cloud

Virtual Private Cloud
Download PDF
Last updated: 2025-12-04 09:17:01
Virtual Private Cloud
Last updated: 2025-12-04 09:17:01
Download PDF

Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.

Product Role Name Role Types Role Entity
vpc VPC_QCSLinkedRoleInEipTat Service-Related Roles eiptat.vpc.cloud.tencent.com
vpc VPC_QCSLinkedRoleInSnapshot Service-Related Roles snapshot.vpc.cloud.tencent.com
vpc VPC_QCSLinkedRoleInVpcflowlog Service-Related Roles vpcflowlog.vpc.cloud.tencent.com
vpc VPC_QCSLinkedRoleInPrivateLink Service-Related Roles privatelink.vpc.cloud.tencent.com
vpc VPC_QCSLinkedRoleInFlowLogAdvanceAnalysis Service-Related Roles flowlogadvanceanalysis.vpc.cloud.tencent.com

VPC_QCSLinkedRoleInEipTat

Use Cases: The current role is the VPC service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

  • Policy Name: QcloudAccessForVpcLinkedRoleInEipTat
  • Policy Information:
    {
  "statement": [
      {
          "action": [
              "tat:DescribeCommands",
              "tat:DescribeInvocations",
              "tat:DescribeInvocationTasks",
              "tat:CreateCommand",
              "tat:DeleteCommand",
              "tat:InvokeCommand",
              "tat:RunCommand"
          ],
          "effect": "allow",
          "resource": [
              "*"
          ]
      }
  ],
  "version": "2.0"
}

VPC_QCSLinkedRoleInSnapshot

Use Cases: The current role is the VPC service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

  • Policy Name: QcloudAccessForVPCLinkedRoleInSnapshot
  • Policy Information:
    {
  "version": "2.0",
  "statement": [
      {
          "effect": "allow",
          "action": [
              "cos:GetService",
              "cos:HeadBucket",
              "cos:GetBucket",
              "cos:PutBucket",
              "cos:ListMultipartUploads",
              "cos:GetObject*",
              "cos:HeadObject",
              "cos:GetBucketObjectVersions",
              "cos:OptionsObject",
              "cos:ListParts",
              "cos:DeleteObject",
              "cos:PostObject",
              "cos:PostObjectRestore",
              "cos:PutObject*",
              "cos:InitiateMultipartUpload",
              "cos:UploadPart",
              "cos:UploadPartCopy",
              "cos:CompleteMultipartUpload",
              "cos:AbortMultipartUpload",
              "cos:DeleteMultipleObjects",
              "cos:AppendObject"
          ],
          "resource": "*"
      }
  ]
}

VPC_QCSLinkedRoleInVpcflowlog

Use Cases: The current role is the VPC service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

  • Policy Name: QcloudAccessForVPCLinkedRoleInVpcflowlog
  • Policy Information:
    {
  "version": "2.0",
  "statement": [
      {
          "effect": "allow",
          "resource": [
              "*"
          ],
          "action": [
              "ckafka:DescribeInstances",
              "ckafka:DescribeTopic",
              "ckafka:DescribeRoute",
              "ckafka:DeleteRoute",
              "ckafka:DescribeInstanceAttributes",
              "ckafka:DescribeInstancesDetail",
              "ckafka:CreateRoute"
          ]
      }
  ]
}

Use Cases: The current role is the VPC service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

  • Policy Name: QcloudAccessForVPCLinkedRoleInPrivateLink
  • Policy Information:
    {
  "version": "2.0",
  "statement": [
      {
          "action": [
              "redis:DescribeInstances",
              "cdb:DescribeDBInstances",
              "clb:DescribeGatewayLoadBalancers",
              "mongodb:DescribeDBInstances"
          ],
          "resource": "*",
          "effect": "allow"
      }
  ]
}

VPC_QCSLinkedRoleInFlowLogAdvanceAnalysis

Use Cases: The current role is the VPC service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

  • Policy Name: QcloudAccessForVPCRoleInFlowLogAdvanceAnalysis
  • Policy Information:
    {
  "version": "2.0",
  "statement": [
      {
          "action": [
              "cls:DescribeLogsets",
              "cls:CreateLogset",
              "cls:CreateTopic",
              "cls:DescribeTopics",
              "cls:DeleteTopic",
              "cls:DescribeIndex",
              "cls:ModifyIndex",
              "cls:CreateIndex",
              "cls:DeleteIndex",
              "cls:GetDashboard",
              "cls:CreateDashboard",
              "cls:DeleteDashboard",
              "cls:ModifyDashboard",
              "cls:ListDashboard",
              "cls:pushLog"
          ],
          "resource": "*",
          "effect": "allow"
      }
  ]
}
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback