ADP服务关联角色
本文为您介绍云原生应用交付平台服务关联角色(AliyunServiceRoleForApplicationDeliveryPlatform)的应用场景以及如何删除服务关联角色。
背景信息
云原生应用交付平台服务关联角色(AliyunServiceRoleForApplicationDeliveryPlatform)是在某些情况下,为了完成云原生应用交付平台自身的某个功能,需要获取其他云服务的访问权限,而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色。
应用场景
云原生应用交付平台在创建一套应用集成环境或在线交付环境时需要访问VPC、NAT网关、ECS、EIP等云服务的资源,通过服务关联角色功能获取访问权限。
AliyunServiceRoleForApplicationDeliveryPlatform介绍
角色名称:AliyunServiceRoleForApplicationDeliveryPlatform
角色权限策略:AliyunServiceRolePolicyForApplicationDeliveryPlatform
权限说明:
{
"Action": [
"vpc:CreateVpc",
"vpc:AllocateEipAddress",
"vpc:AllocateEipAddressPro",
"vpc:CreateNatGateway",
"vpc:DescribeForwardTableEntries",
"vpc:CreateForwardEntry",
"vpc:ModifyForwardEntry",
"vpc:DeleteForwardEntry",
"vpc:CreateSnatEntry",
"vpc:ModifySnatEntry",
"vpc:DescribeSnatTableEntries",
"vpc:DeleteSnatEntry",
"vpc:AllocateEipSegmentAddress",
"vpc:AssociateEipAddress",
"vpc:UnassociateEipAddress",
"vpc:DescribeEipAddresses",
"vpc:DescribeEipSegment",
"vpc:ModifyEipAddressAttribute",
"vpc:ReleaseEipAddress",
"vpc:ReleaseEipSegmentAddress",
"vpc:DescribeEipMonitorData",
"vpc:DescribeEipGatewayInfo",
"vpc:ListTagResources",
"vpc:DescribeVpcAttribute",
"vpc:DescribeBandwidthPackages",
"vpc:ModifyNatGatewayAttribute",
"vpc:ModifyNatGatewaySpec",
"vpc:ListEnhanhcedNatGatewayAvailableZones",
"vpc:UpdateNatGatewayNatType",
"vpc:GetNatGatewayConvertStatus",
"vpc:DescribeNatGateways",
"vpc:DeleteNatGateway",
"vpc:EnableNatGatewayEcsMetric",
"vpc:ListNatGatewayEcsMetric",
"vpc:DisableNatGatewayEcsMetric",
"vpc:ConvertBandwidthPackage",
"vpc:DeleteVpc",
"vpc:DescribeVpcs",
"vpc:ModifyVpcAttribute",
"vpc:DescribeVpcAttribute",
"vpc:RevokeInstanceFromCen",
"vpc:DisableVpcClassicLink",
"vpc:EnableVpcClassicLink",
"vpc:DeletionProtection",
"vpc:AssociateVpcCidrBlock",
"vpc:UnassociateVpcCidrBlock",
"vpc:DescribeGrantRulesToCen",
"vpc:DescribeVRouters",
"vpc:ModifyVRouterAttribute",
"vpc:CreateVSwitch",
"vpc:DeleteVSwitch",
"vpc:DescribeVSwitches",
"vpc:ModifyVSwitchAttribute",
"vpc:DescribeVSwitchAttributes",
"vpc:CreateRouteEntry",
"vpc:DeleteRouteEntry",
"vpc:CreateRouteTable",
"vpc:AssociateRouteTable",
"vpc:DeleteRouteTable",
"vpc:DescribeRouteTableList",
"vpc:ModifyRouteTableAttributes",
"vpc:UnassociateRouteTable",
"vpc:ModifyRouteEntry",
"vpc:TagResources",
"vpc:DescribeRouteEntryList"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"ecs:DescribeInstanceTypeFamilies",
"ecs:DescribeInstanceTypes",
"ecs:DescribeAvailableResource",
"ecs:DescribePrice",
"ecs:DescribeImageFromFamily",
"ecs:DescribeInstanceStatus",
"ecs:ReactivateInstances",
"ecs:RunInstances",
"ecs:CreateDisk",
"ecs:CreateSecurityGroup",
"ecs:DescribeDisks",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroupReferences",
"ecs:DescribeInstances",
"ecs:TagResources",
"ecs:DescribeSpotPriceHistory"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"ecs:DescribeResourcesModification",
"ecs:DescribeTags",
"ecs:ListTagResources",
"ecs:DescribeInstanceVncUrl",
"ecs:DescribeRenewalPrice",
"ecs:DescribeImages",
"ecs:DescribeUserData",
"ecs:DescribeInstanceAutoRenewAttribute",
"ecs:DescribeInstanceRamRole",
"ecs:StartInstance",
"ecs:StopInstance",
"ecs:RebootInstance",
"ecs:DeleteInstance",
"ecs:StartInstances",
"ecs:RebootInstances",
"ecs:ModifyInstanceAttribute",
"ecs:ModifyInstanceVncPasswd",
"ecs:ModifyInstanceAutoReleaseTime",
"ecs:ModifyInstanceAutoRenewAttribute",
"ecs:ModifyInstanceChargeType",
"ecs:ModifyInstanceSpec",
"ecs:ModifyPrepayInstanceSpec",
"ecs:ModifyInstanceMetadataOptions",
"ecs:RenewInstance",
"ecs:DeleteInstances",
"ecs:DeleteDisk",
"ecs:AttachDisk",
"ecs:DetachDisk",
"ecs:ModifyDiskAttribute",
"ecs:ReplaceSystemDisk",
"ecs:ReInitDisk",
"ecs:ResetDisk",
"ecs:ResizeDisk",
"ecs:ModifyDiskChargeType",
"ecs:ModifyDiskSpec",
"ecs:CreateImage",
"ecs:CopyImage",
"ecs:UntagResources",
"ecs:CancelCopyImage",
"ecs:DeleteImage",
"ecs:DescribeImageSharePermission",
"ecs:ModifyImageAttribute",
"ecs:ModifyImageSharePermission",
"ecs:DescribeImageSupportInstanceTypes",
"ecs:CreateSnapshot",
"ecs:CreateAutoSnapshotPolicy",
"ecs:ApplyAutoSnapshotPolicy",
"ecs:CopySnapshot",
"ecs:DeleteSnapshot",
"ecs:CancelAutoSnapshotPolicy",
"ecs:DeleteAutoSnapshotPolicy",
"ecs:DescribeAutoSnapshotPolicyEX",
"ecs:DescribeSnapshots",
"ecs:DescribeSnapshotLinks",
"ecs:ModifyAutoSnapshotPolicyEx",
"ecs:DescribeSnapshotsUsage",
"ecs:DescribeSnapshotPackage",
"ecs:ModifySnapshotAttribute",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:RevokeSecurityGroup",
"ecs:RevokeSecurityGroupEgress",
"ecs:JoinSecurityGroup",
"ecs:LeaveSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:ModifySecurityGroupAttribute",
"ecs:ModifySecurityGroupPolicy",
"ecs:ModifySecurityGroupRule",
"ecs:ModifySecurityGroupEgressRule",
"ecs:CreateNetworkInterface",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:ModifyNetworkInterfaceAttribute",
"ecs:AssignPrivateIpAddresses",
"ecs:UnassignPrivateIpAddresses",
"ecs:AssignIpv6Addresses",
"ecs:UnassignIpv6Addresses",
"ecs:CreateCommand",
"ecs:InvokeCommand",
"ecs:StopInvocation",
"ecs:DeleteCommand",
"ecs:DescribeCommands",
"ecs:DescribeInvocations",
"ecs:DescribeInvocationResults",
"ecs:DescribeCloudAssistantStatus",
"ecs:InstallCloudAssistant",
"ecs:RunCommand",
"ecs:CancelTask",
"ecs:DescribeTasks",
"ecs:DescribeTaskAttribute"
],
"Condition": {
"StringEqualsIgnoreCase": {
"ecs:tag/managed-by-adp": "true"
}
},
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"cr:DeleteNamespace",
"cr:GetNamespace",
"cr:UpdateNamespace",
"cr:ListNamespace",
"cr:CreateRepository",
"cr:DeleteRepository",
"cr:UpdateRepository",
"cr:GetRepository",
"cr:ListRepository",
"cr:ListRepositoryTag",
"cr:DeleteRepositoryTag",
"cr:GetRepositoryManifest",
"cr:GetRepositoryLayers",
"cr:GetAuthorizationToken",
"cr:PullRepository",
"cr:PushRepository",
"cr:CreateNamespace",
"cr:GetInstance",
"cr:ListInstance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cs:DescribeAddons",
"cs:DescribeClusterAddonsVersion",
"cs:DescribeClusterDetail",
"cs:DescribeClusterLogs",
"cs:DescribeClusterNodes",
"cs:DescribeClusterResources",
"cs:DescribeClusters",
"cs:DescribeClustersV1",
"cs:GetClusters",
"cs:DescribeUserQuota",
"cs:ModifyClusterTags",
"cs:DescribeClusterNodePoolDetail",
"cs:DescribeClusterNodePools",
"cs:DescribeClusterInnerServiceKubeconfig",
"cs:RevokeClusterInnerServiceKubeconfig"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"rds:DescribeAvailableResource",
"rds:ListClasses",
"rds:DescribeDBInstanceAttribute",
"rds:CreateDBInstance",
"rds:ModifyDBInstancePayType",
"rds:ModifyDBInstanceSpec",
"rds:ModifyDasInstanceConfig",
"rds:DeleteDBInstance",
"rds:DescribeDatabases",
"rds:CreateDatabase",
"rds:ModifyDBDescription",
"rds:DeleteDatabase",
"rds:CreateAccount",
"rds:DescribeAccounts",
"rds:ResetAccount",
"rds:DeleteAccount"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kvstore:DescribeAvailableResource",
"kvstore:DescribeInstanceAttribute",
"kvstore:CreateInstance",
"kvstore:ModifyInstanceSpec",
"kvstore:ModifyNodeSpec",
"kvstore:ModifyInstanceAttribute",
"kvstore:ModifyAccountPassword",
"kvstore:ModifyAccountDescription",
"kvstore:DeleteInstance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "adp.aliyuncs.com"
}
}
}删除服务关联角色
如果您需要删除AliyunServiceRoleForApplicationDeliveryPlatform(服务关联角色),需要先释放依赖这个服务关联角色的云原生应用交付平台的环境。
释放云原生应用交付平台的环境
删除服务关联角色具体操作请参见删除服务关联角色