tencent cloud

Feedback

Virtual Private Cloud

Last updated: 2024-04-22 09:23:25

    Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.

    Product Role Name Role Types Role Entity
    vpc VPC_QCSLinkedRoleInEipTat Service-Related Roles eiptat.vpc.cloud.tencent.com
    vpc VPC_QCSLinkedRoleInSnapshot Service-Related Roles snapshot.vpc.cloud.tencent.com
    vpc VPC_QCSLinkedRoleInVpcflowlog Service-Related Roles vpcflowlog.vpc.cloud.tencent.com
    vpc VPC_QCSLinkedRoleInPrivateLink Service-Related Roles privatelink.vpc.cloud.tencent.com
    vpc VPC_QCSLinkedRoleInFlowLogAdvanceAnalysis Service-Related Roles flowlogadvanceanalysis.vpc.cloud.tencent.com

    VPC_QCSLinkedRoleInEipTat

    Use Cases: The current role is the VPC service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForVpcLinkedRoleInEipTat
    • Policy Information:
    {
        "statement": [
            {
                "action": [
                    "tat:DescribeCommands",
                    "tat:DescribeInvocations",
                    "tat:DescribeInvocationTasks",
                    "tat:CreateCommand",
                    "tat:DeleteCommand",
                    "tat:InvokeCommand",
                    "tat:RunCommand"
                ],
                "effect": "allow",
                "resource": [
                    "*"
                ]
            }
        ],
        "version": "2.0"
    }
    

    VPC_QCSLinkedRoleInSnapshot

    Use Cases: The current role is the VPC service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForVPCLinkedRoleInSnapshot
    • Policy Information:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "action": [
                    "cos:GetService",
                    "cos:HeadBucket",
                    "cos:GetBucket",
                    "cos:PutBucket",
                    "cos:ListMultipartUploads",
                    "cos:GetObject*",
                    "cos:HeadObject",
                    "cos:GetBucketObjectVersions",
                    "cos:OptionsObject",
                    "cos:ListParts",
                    "cos:DeleteObject",
                    "cos:PostObject",
                    "cos:PostObjectRestore",
                    "cos:PutObject*",
                    "cos:InitiateMultipartUpload",
                    "cos:UploadPart",
                    "cos:UploadPartCopy",
                    "cos:CompleteMultipartUpload",
                    "cos:AbortMultipartUpload",
                    "cos:DeleteMultipleObjects",
                    "cos:AppendObject"
                ],
                "resource": "*"
            }
        ]
    }
    

    VPC_QCSLinkedRoleInVpcflowlog

    Use Cases: The current role is the VPC service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForVPCLinkedRoleInVpcflowlog
    • Policy Information:
    {
        "version": "2.0",
        "statement": [
            {
                "effect": "allow",
                "resource": [
                    "*"
                ],
                "action": [
                    "ckafka:DescribeInstances",
                    "ckafka:DescribeTopic",
                    "ckafka:DescribeRoute",
                    "ckafka:DeleteRoute",
                    "ckafka:DescribeInstanceAttributes",
                    "ckafka:DescribeInstancesDetail",
                    "ckafka:CreateRoute"
                ]
            }
        ]
    }
    

    Use Cases: The current role is the VPC service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForVPCLinkedRoleInPrivateLink
    • Policy Information:
    {
        "version": "2.0",
        "statement": [
            {
                "action": [
                    "redis:DescribeInstances",
                    "cdb:DescribeDBInstances",
                    "clb:DescribeGatewayLoadBalancers"
                ],
                "resource": "*",
                "effect": "allow"
            }
        ]
    }
    

    VPC_QCSLinkedRoleInFlowLogAdvanceAnalysis

    Use Cases: The current role is the VPC service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
    Authorization Polices

    • Policy Name: QcloudAccessForVPCRoleInFlowLogAdvanceAnalysis
    • Policy Information:
    {
        "version": "2.0",
        "statement": [
            {
                "action": [
                    "cls:DescribeLogsets",
                    "cls:CreateLogset",
                    "cls:CreateTopic",
                    "cls:DescribeTopics",
                    "cls:DeleteTopic",
                    "cls:DescribeIndex",
                    "cls:ModifyIndex",
                    "cls:CreateIndex",
                    "cls:DeleteIndex",
                    "cls:GetDashboard",
                    "cls:CreateDashboard",
                    "cls:DeleteDashboard",
                    "cls:ModifyDashboard",
                    "cls:ListDashboard",
                    "cls:pushLog"
                ],
                "resource": "*",
                "effect": "allow"
            }
        ]
    }
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support