实践背景
说明:
建议用户对目标账号配置对应云产品只读访问权限的预设策略,否则若有接口变更可能影响对应产品正常采集。
必要权限
必须授予账号以下预设策略和接口权限后才能进行采集。
云产品 | 预设策略 | 接口权限 |
腾讯云可观测平台 | QcloudMonitorReadOnlyAccess | monitor:DescribeBaseMetrics monitor:GetMonitorData monitor:GetLastMonitorData monitor:DescribePrometheusIntegrationAuth |
标签 | QcloudTAGReadOnlyAccess | tag:DescribeResourceTagsByResourceIds |
云产品权限
云产品 | 预设策略 | 接口权限 |
云服务器 | QcloudCVMReadOnlyAccess | cvm:DescribeInstances |
云服务器(内网) | QcloudCVMReadOnlyAccess | cvm:DescribeInstances |
云硬盘 | QcloudCVMReadOnlyAccess | cvm:DescribeCbsStorages cvm:DescribeInstances |
负载均衡(公网) | QcloudCLBReadOnlyAccess | clb:DescribeLoadBalancers clb:DescribeListeners clb:DescribeTargets |
负载均衡(内网) | QcloudCLBReadOnlyAccess | clb:DescribeLoadBalancers clb:DescribeListeners |
负载均衡(四层独占集群) | QcloudCLBReadOnlyAccess | clb:DescribeExclusiveClusters |
负载均衡(七层独占集群) | QcloudCLBReadOnlyAccess | clb:DescribeExclusiveClusters |
云数据库 MongoDB | QcloudMongoDBReadOnlyAccess | mongodb:DescribeDBInstances |
云数据库 MySQL(CDB) | QcloudCDBReadOnlyAccess | cdb:DescribeDBInstances cdb:DescribeCdbProxyInfo |
云数据库 Redis(CKV 版) | QcloudRedisReadOnlyAccess | redis:DescribeInstances |
云数据库 Redis(内存版) | QcloudRedisReadOnlyAccess | redis:DescribeInstances redis:DescribeInstanceNodeInfo |
云数据库 Tendis | QcloudRedisReadOnlyAccess | redis:DescribeInstances redis:DescribeInstanceNodeInfo |
CTSDB(InfluxDB 版) | QcloudCTSDBReadOnlyAccess | ctsdb:DescribeClusters ctsdb:DescribeAccessPool ctsdb:DescribeDatabases |
云数据库 MariaDB | QcloudMariaDBReadOnlyAccess | mariadb:DescribeDBInstances |
云数据库 PostgreSQL | QcloudPostgreSQLReadOnlyAccess | postgres:DescribeDBInstances |
TDSQL MySQL 版 | QcloudTDSQLReadOnlyAccess | dcdb:DescribeDCDBInstances |
TDSQL TDStore 引擎版 | QcloudTDMySQLReadOnlyAccess | tdmysql:DescribeDBInstances tdmysql:DescribeDBNodes |
TDSQL-C MySQL 版 | QcloudCynosDBReadOnlyAccess | cynosdb:DescribeInstances |
云数据库 SQL Server | QcloudSQLServerReadOnlyAccess | sqlserver:DescribeDBInstances |
云数据库 KeeWiDB | QcloudKeeWiDBReadOnlyaccess | keewidb:DescribeInstances keewidb:DescribeInstanceNodeInfo |
向量数据库 | QcloudVDBReadOnlyaccess | vdb:DescribeInstances vdb:DescribeInstanceNodes |
NAT 网关 | QcloudVPCReadOnlyAccess | vpc:DescribeNatGateways |
NAT 实例监控丢包率 | QcloudVPCReadOnlyAccess | vpc:DescribeNatGateways |
消息队列 Ckafka 版 | QcloudCkafkaReadOnlyAccess | ckafka:DescribeInstancesDetail ckafka:DescribeConsumerGroup ckafka:DescribeTopic |
消息队列 Pulsar 版 | QcloudTDMQReadOnlyAccess | tdmq:DescribeClusters tdmq:DescribeEnvironments tdmq:DescribeTopics tdmq:DescribeSubscriptions |
消息队列 RocketMQ 版 | QcloudTrocketReadOnlyaccess QcloudTDMQReadOnlyAccess | trocket:DescribeInstanceList trocket:DescribeFusionInstanceList trocket:DescribeTopicList trocket:DescribeConsumerGroupList tdmq:DescribeRocketMQClusters tdmq:DescribeRocketMQNamespaces tdmq:DescribeRocketMQTopics tdmq:DescribeRocketMQGroups |
消息队列 RabbitMQ 版 | QcloudTDMQReadOnlyAccess | tdmq:DescribeRabbitMQVipInstances tdmq:DescribeRabbitMQNodeList |
消息队列 RabbitMQ Serverless 版 | QcloudTrabbitReadOnlyaccess | trabbit:ListRabbitMQServerlessInstances trabbit:DescribeRabbitMQServerlessVirtualHost trabbit:DescribeRabbitMQServerlessExchanges trabbit:DescribeRabbitMQServerlessQueues |
消息队列 MQTT 版 | QcloudMQTTReadOnlyAccess | mqtt:DescribeInstanceList mqtt:DescribeTopicList |
弹性公网 IP | QcloudVPCReadOnlyAccess | vpc:DescribeAddresses vpc:DescribeIp6Addresses |
VPN 网关 | QcloudVPCReadOnlyAccess | vpc:DescribeVpnGateways |
VPN 通道 | QcloudVPCReadOnlyAccess | vpc:DescribeVpnConnections |
网络探测 | QcloudVPCReadOnlyAccess | vpc:DescribeNetDetects |
私有网络-跨可用区流量 | QcloudVPCReadOnlyAccess | vpc:DescribeVpcs vpc:DescribeSubnets |
私有网络-私有连接 | QcloudVPCReadOnlyAccess | vpc:DescribeVpcEndPoint vpc:DescribeVpcEndPointService |
CDN(国内域名) | QcloudCDNReadOnlyAccess | cdn:DescribeDomains |
CDN(国外域名) | QcloudCDNReadOnlyAccess | cdn:DescribeDomains |
COS | QcloudCOSReadOnlyAccess | cos:GetService |
专线接入-物理专线 | QcloudDCReadOnlyAccess | dc:DescribeDirectConnects |
专线接入-专用通道 | QcloudDCReadOnlyAccess | dc:DescribeDirectConnectTunnels |
专线接入-专线网关 | QcloudVPCReadOnlyAccess | vpc:DescribeDirectConnectGateways |
轻量应用服务器 | QcloudLighthouseReadOnlyAccess | lighthouse:DescribeInstances |
云原生 API 网关 | QcloudTSEReadOnlyAccess | tse:DescribeCloudNativeAPIGateways tse:DescribeCloudNativeAPIGatewayNodes tse:DescribePublicAddressConfig |
Nacos | QcloudTSEReadOnlyAccess | tse:DescribeSREInstances tse:DescribeNacosReplicas tse:DescribeNacosServerInterfaces |
Zookeeper | QcloudTSEReadOnlyAccess | tse:DescribeSREInstances tse:DescribeZookeeperReplicas tse:DescribeZookeeperServerInterfaces |
Elasticsearch | QcloudElasticsearchServiceReadOnlyAccess 还需通过自定义策略添加 region 权限 | es:DescribeInstances es:DescribeViews region:DescribeZones |
流计算 Oceanus | QcloudOceanusReadOnlyAccess | oceanus:DescribeJobs oceanus:DescribeJobRuntimeInfo |
数据湖计算 DLC | QcloudDLCReadOnlyAccess | dlc:ListLakeFsInfo dlc:ListDataEngines dlc:DescribeSparkAppJobs |
腾讯云数据仓库 TCHouse-C | QcloudCDWCHReadOnlyAccess | cdwch:DescribeInstancesNew cdwch:DescribeInstanceNodes |
腾讯云数据仓库 TCHouse-D | QcloudCdwdorisReadOnlyaccess | cdwdoris:DescribeInstances cdwdoris:DescribeInstanceNodes |
数据传输服务 | QcloudDTSReadOnlyAccess | dts:DescribeSyncJobs dts:DescribeMigrateJobs dts:DescribeSubscribes |
云联网 | QcloudVPCReadOnlyAccess | vpc:DescribeCcns vpc:DescribeCcnRegionBandwidthLimits vpc:DescribeTrafficQosPolicy vpc:DescribeCcnAttachedInstances |
全球应用加速 | QcloudGAAPReadOnlyAccess | gaap:DescribeProxies gaap:DescribeProxyGroupList gaap:DescribeProxyInstances gaap:DescribeNoneBgpIpList gaap:DescribeTCPListeners gaap:DescribeUDPListeners |
全球加速2.0 | QcloudGATWOReadOnlyAccess | ga2:DescribeGlobalAccelerators ga2:DescribeListeners ga2:DescribeAccelerateAreas |
EdgeOne(七层) | QcloudTEOReadOnlyaccess | teo:DescribeZones teo:DescribeHostsSetting |
EdgeOne(四层) | QcloudTEOReadOnlyaccess | teo:DescribeZones teo:DescribeL4Proxy teo:DescribeL4ProxyRules |
Web 应用防火墙 | QcloudWAFReadOnlyAccess | waf:DescribeDomains |
文件存储 | QcloudCFSReadOnlyAccess | cfs:DescribeCfsFileSystems cfs:DescribeCfsSnapshots cfs:DescribeUserQuota cfs:DescribeCfsFileSystemClients |
数据加速器 GooseFS | QcloudGoosefsReadOnlyaccess | goosefs:DescribeClusters |
数据加速器 GooseFSX | QcloudGoosefsReadOnlyaccess | goosefs:DescribeFileSystems goosefs:DescribeMonitorMetricUserView goosefs:DescribeMonitorMetricNodeView |
共享带宽包 | QcloudVPCReadOnlyAccess | vpc:DescribeBandwidthPackages |
云函数 | QcloudSCFReadOnlyAccess | scf:ListNamespaces scf:ListFunctions scf:ListVersionByFunction scf:ListAliases |
云点播(VOD) | QcloudVODReadonlyAccess | vod:DescribeSubAppIds vod:DescribeDomains vod:DescribeCdnBillingAreas |
云直播(CSS) | QcloudLIVEReadOnlyAccess | live:DescribeLiveDomains |
云直播 MCDN | QcloudLIVEReadOnlyAccess | live:DescribeMCDNDomains |
日志服务(CLS)-日志主题 | QcloudCLSReadOnlyAccess | cls:DescribeTopics |
数据万象 | QcloudCIReadOnlyAccess | ci:DescribeCIBuckets |
API 网关 | QcloudAPIGWReadOnlyAccess | apigw:DescribeServicesStatus apigw:DescribeServiceEnvironmentList apigw:DescribeApisStatus |
TI-ONE(任务式建模) | QcloudTIONEReadOnlyAccessContainMultiservice | tione:DescribeTrainingTasks tione:DescribeTrainingTaskPods tione:DescribeBillingResourceGroups |
TI-ONE(Notebook) | QcloudTIONEReadOnlyAccessContainMultiservice | tione:DescribeNotebooks |
TI-ONE(在线服务) | QcloudTIONEReadOnlyAccessContainMultiservice | tione:DescribeModelServiceGroups tione:DescribeModelServiceCallInfo tione:DescribeBillingResourceGroups |
Prometheus | QcloudMonitorReadOnlyAccess | monitor:DescribePrometheusInstances |
