Web Application Firewall

Download PDF

Last updated: 2025-12-04 09:17:02

Web Application Firewall

Last updated: 2025-12-04 09:17:02

Download PDF

Service roles and service-linked roles are predefined by Tencent Cloud services and, upon user authorization, the corresponding services can access and use resources by assuming these service-linked roles. This document provides detailed information on the use cases and associated authorization policies of these specific service-linked roles.

Product	Role Name	Role Types	Role Entity
cloudWaf	WAF_QCSLinkedRoleInCLS	Service-Related Roles	cls.waf.cloud.tencent.com
cloudWaf	WAF_QCSLinkedRoleInAccess	Service-Related Roles	access.waf.cloud.tencent.com
cloudWaf	WAF_QCSLinkedRoleInCKafka	Service-Related Roles	ckafka.waf.cloud.tencent.com

WAF_QCSLinkedRoleInCLS

Use Cases： The current role is the WAF service linked role, which will access your other service resources within the scope of the permissions of the associated policy.
Authorization Polices

Policy Name： QcloudAccessForWAFLinkedRoleInCLS

Policy Information：

{
  "version": "2.0",
  "statement": [
      {
          "action": [
              "cls:getLogset",
              "cls:listLogset",
              "cls:getTopic",
              "cls:listTopic",
              "cls:UploadLog",
              "cls:SearchLog",
              "cls:searchLog",
              "cls:pushLog",
              "cls:pullLogs",
              "cls:GetLog",
              "cls:CreateLogset",
              "cls:createLogset",
              "cls:CreateTopic",
              "cls:createTopic",
              "cls:CreateIndex",
              "cls:ModifyIndex",
              "cls:modifyIndex",
              "cls:DescribeIndex",
              "monitor:GetMonitorData"
          ],
          "resource": "*",
          "effect": "allow"
      }
  ]
}

WAF_QCSLinkedRoleInAccess

Policy Name： QcloudAccessForWAFLinkedRoleInAccess

Policy Information：

{
  "version": "2.0",
  "statement": [
      {
          "effect": "allow",
          "action": [
              "dnspod:*",
              "ssl:*",
              "clb:*",
              "vpc:DescribeAddress",
              "vpc:CreateAddress",
              "cvm:DescribeSecurityGroups",
              "cvm:CreateSecurityGroupPolicy",
              "cvm:CreateSecurityGroup",
              "cvm:DescribeSecurityGroupPolicys",
              "cvm:DescribeInstances",
              "cvm:AssociateSecurityGroups",
              "cvm:ModifyInstancesAttribute",
              "organization:ListOrganizationService",
              "organization:ListOrgServiceAssignMember",
              "organization:DescribeOrganization",
              "organization:DescribeOrganizationMembers",
              "organization:DescribeOrganizationOverView",
              "organization:CreateOrgMemberProductServiceRole"
          ],
          "resource": [
              "*"
          ]
      }
  ]
}

WAF_QCSLinkedRoleInCKafka

Policy Name： QcloudAccessForWAFLinkedRoleInCKafka

Policy Information：

{
  "version": "2.0",
  "statement": [
      {
          "effect": "allow",
          "resource": [
              "*"
          ],
          "action": [
              "ckafka:DescribeInstanceAttributes",
              "ckafka:DescribeTopicAttributes",
              "ckafka:DescribeUser",
              "ckafka:GetInstanceAttributes",
              "ckafka:GetTopicAttributes",
              "ckafka:DescribeTopicDetail",
              "ckafka:GetInstanceAttributes",
              "ckafka:GetTopicAttributes",
              "ckafka:DescribeInstances",
              "ckafka:DescribeInstancesDetail",
              "ckafka:DescribeRoute",
              "ckafka:DescribeTopic",
              "ckafka:ListRoute",
              "ckafka:ListTopic",
              "monitor:GetMonitorData"
          ]
      }
  ]
}

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Feedback

tencent cloud

WAF_QCSLinkedRoleInCLS

WAF_QCSLinkedRoleInAccess

WAF_QCSLinkedRoleInCKafka