### RAM用户创建服务关联角色的权限策略 Source: https://help.aliyun.com/zh/nis/security-and-compliance/service-linked-roles 当RAM用户(子账号)需要自动创建或删除服务关联角色时,需要添加此权限策略。该策略允许RAM用户执行创建与NIS服务关联角色的操作,并指定了服务名称。策略内容为JSON格式。 ```json { "Statement": [ { "Action":"ram:CreateServiceLinkedRole", "Resource":"*", "Effect":"Allow", "Condition":{ "StringEquals":{ "ram:ServiceName":"nis.aliyuncs.com" } } } ], "Version": "1" } ``` -------------------------------- ### NIS 服务关联角色权限策略 (AliyunServiceRolePolicyForNis) Source: https://help.aliyun.com/zh/nis/security-and-compliance/service-linked-roles 此权限策略授予NIS服务访问ECS实例相关资源的权限,包括调用命令、停止命令、描述云助手状态、命令、调用和调用结果。它还允许删除与NIS服务关联的角色。策略内容为JSON格式。 ```json { "Version": "1", "Statement": [ { "Action": [ "ecs:InvokeCommand", "ecs:StopInvocation", "ecs:DescribeCloudAssistantStatus", "ecs:DescribeCommands", "ecs:DescribeInvocations", "ecs:DescribeInvocationResults" ], "Resource": [ "acs:ecs:*:*:instance/*", "acs:ecs:*:*:command/cmd-ACS-SLB-Diagnosis*" ], "Effect": "Allow" }, { "Action": "ram:DeleteServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "nis.aliyuncs.com" } } } ] } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.