ADP服务关联角色

本文为您介绍云原生应用交付平台服务关联角色(AliyunServiceRoleForApplicationDeliveryPlatform)的应用场景以及如何删除服务关联角色。

背景信息

云原生应用交付平台服务关联角色(AliyunServiceRoleForApplicationDeliveryPlatform)是在某些情况下,为了完成云原生应用交付平台自身的某个功能,需要获取其他云服务的访问权限,而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色

应用场景

云原生应用交付平台在创建一套应用集成环境或在线交付环境时需要访问VPC、NAT网关、ECS、EIP等云服务的资源,通过服务关联角色功能获取访问权限。

AliyunServiceRoleForApplicationDeliveryPlatform介绍

角色名称:AliyunServiceRoleForApplicationDeliveryPlatform

角色权限策略:AliyunServiceRolePolicyForApplicationDeliveryPlatform

权限说明:

  {
      "Action": [
        "vpc:CreateVpc",
        "vpc:AllocateEipAddress",
        "vpc:AllocateEipAddressPro",
        "vpc:CreateNatGateway",
        "vpc:DescribeForwardTableEntries",
        "vpc:CreateForwardEntry",
        "vpc:ModifyForwardEntry",
        "vpc:DeleteForwardEntry",
        "vpc:CreateSnatEntry",
        "vpc:ModifySnatEntry",
        "vpc:DescribeSnatTableEntries",
        "vpc:DeleteSnatEntry",
        "vpc:AllocateEipSegmentAddress",
        "vpc:AssociateEipAddress",
        "vpc:UnassociateEipAddress",
        "vpc:DescribeEipAddresses",
        "vpc:DescribeEipSegment",
        "vpc:ModifyEipAddressAttribute",
        "vpc:ReleaseEipAddress",
        "vpc:ReleaseEipSegmentAddress",
        "vpc:DescribeEipMonitorData",
        "vpc:DescribeEipGatewayInfo",
        "vpc:ListTagResources",
        "vpc:DescribeVpcAttribute",
        "vpc:DescribeBandwidthPackages",
        "vpc:ModifyNatGatewayAttribute",
        "vpc:ModifyNatGatewaySpec",
        "vpc:ListEnhanhcedNatGatewayAvailableZones",
        "vpc:UpdateNatGatewayNatType",
        "vpc:GetNatGatewayConvertStatus",
        "vpc:DescribeNatGateways",
        "vpc:DeleteNatGateway",
        "vpc:EnableNatGatewayEcsMetric",
        "vpc:ListNatGatewayEcsMetric",
        "vpc:DisableNatGatewayEcsMetric",
        "vpc:ConvertBandwidthPackage",
        "vpc:DeleteVpc",
        "vpc:DescribeVpcs",
        "vpc:ModifyVpcAttribute",
        "vpc:DescribeVpcAttribute",
        "vpc:RevokeInstanceFromCen",
        "vpc:DisableVpcClassicLink",
        "vpc:EnableVpcClassicLink",
        "vpc:DeletionProtection",
        "vpc:AssociateVpcCidrBlock",
        "vpc:UnassociateVpcCidrBlock",
        "vpc:DescribeGrantRulesToCen",
        "vpc:DescribeVRouters",
        "vpc:ModifyVRouterAttribute",
        "vpc:CreateVSwitch",
        "vpc:DeleteVSwitch",
        "vpc:DescribeVSwitches",
        "vpc:ModifyVSwitchAttribute",
        "vpc:DescribeVSwitchAttributes",
        "vpc:CreateRouteEntry",
        "vpc:DeleteRouteEntry",
        "vpc:CreateRouteTable",
        "vpc:AssociateRouteTable",
        "vpc:DeleteRouteTable",
        "vpc:DescribeRouteTableList",
        "vpc:ModifyRouteTableAttributes",
        "vpc:UnassociateRouteTable",
        "vpc:ModifyRouteEntry",
        "vpc:TagResources",
        "vpc:DescribeRouteEntryList"
      ],
      "Resource": [
        "*"
      ],
      "Effect": "Allow"
    },
    {
      "Action": [
        "ecs:DescribeInstanceTypeFamilies",
        "ecs:DescribeInstanceTypes",
        "ecs:DescribeAvailableResource",
        "ecs:DescribePrice",
        "ecs:DescribeImageFromFamily",
        "ecs:DescribeInstanceStatus",
        "ecs:ReactivateInstances",
        "ecs:RunInstances",
        "ecs:CreateDisk",
        "ecs:CreateSecurityGroup",
        "ecs:DescribeDisks",
        "ecs:DescribeSecurityGroups",
        "ecs:DescribeSecurityGroupAttribute",
        "ecs:DescribeSecurityGroupReferences",
        "ecs:DescribeInstances",
        "ecs:TagResources",
        "ecs:DescribeSpotPriceHistory"
      ],
      "Resource": [
        "*"
      ],
      "Effect": "Allow"
    },
    {
      "Action": [
        "ecs:DescribeResourcesModification",
        "ecs:DescribeTags",
        "ecs:ListTagResources",
        "ecs:DescribeInstanceVncUrl",
        "ecs:DescribeRenewalPrice",
        "ecs:DescribeImages",
        "ecs:DescribeUserData",
        "ecs:DescribeInstanceAutoRenewAttribute",
        "ecs:DescribeInstanceRamRole",
        "ecs:StartInstance",
        "ecs:StopInstance",
        "ecs:RebootInstance",
        "ecs:DeleteInstance",
        "ecs:StartInstances",
        "ecs:RebootInstances",
        "ecs:ModifyInstanceAttribute",
        "ecs:ModifyInstanceVncPasswd",
        "ecs:ModifyInstanceAutoReleaseTime",
        "ecs:ModifyInstanceAutoRenewAttribute",
        "ecs:ModifyInstanceChargeType",
        "ecs:ModifyInstanceSpec",
        "ecs:ModifyPrepayInstanceSpec",
        "ecs:ModifyInstanceMetadataOptions",
        "ecs:RenewInstance",
        "ecs:DeleteInstances",
        "ecs:DeleteDisk",
        "ecs:AttachDisk",
        "ecs:DetachDisk",
        "ecs:ModifyDiskAttribute",
        "ecs:ReplaceSystemDisk",
        "ecs:ReInitDisk",
        "ecs:ResetDisk",
        "ecs:ResizeDisk",
        "ecs:ModifyDiskChargeType",
        "ecs:ModifyDiskSpec",
        "ecs:CreateImage",
        "ecs:CopyImage",
        "ecs:UntagResources",
        "ecs:CancelCopyImage",
        "ecs:DeleteImage",
        "ecs:DescribeImageSharePermission",
        "ecs:ModifyImageAttribute",
        "ecs:ModifyImageSharePermission",
        "ecs:DescribeImageSupportInstanceTypes",
        "ecs:CreateSnapshot",
        "ecs:CreateAutoSnapshotPolicy",
        "ecs:ApplyAutoSnapshotPolicy",
        "ecs:CopySnapshot",
        "ecs:DeleteSnapshot",
        "ecs:CancelAutoSnapshotPolicy",
        "ecs:DeleteAutoSnapshotPolicy",
        "ecs:DescribeAutoSnapshotPolicyEX",
        "ecs:DescribeSnapshots",
        "ecs:DescribeSnapshotLinks",
        "ecs:ModifyAutoSnapshotPolicyEx",
        "ecs:DescribeSnapshotsUsage",
        "ecs:DescribeSnapshotPackage",
        "ecs:ModifySnapshotAttribute",
        "ecs:AuthorizeSecurityGroup",
        "ecs:AuthorizeSecurityGroupEgress",
        "ecs:RevokeSecurityGroup",
        "ecs:RevokeSecurityGroupEgress",
        "ecs:JoinSecurityGroup",
        "ecs:LeaveSecurityGroup",
        "ecs:DeleteSecurityGroup",
        "ecs:ModifySecurityGroupAttribute",
        "ecs:ModifySecurityGroupPolicy",
        "ecs:ModifySecurityGroupRule",
        "ecs:ModifySecurityGroupEgressRule",
        "ecs:CreateNetworkInterface",
        "ecs:AttachNetworkInterface",
        "ecs:DetachNetworkInterface",
        "ecs:DeleteNetworkInterface",
        "ecs:DescribeNetworkInterfaces",
        "ecs:ModifyNetworkInterfaceAttribute",
        "ecs:AssignPrivateIpAddresses",
        "ecs:UnassignPrivateIpAddresses",
        "ecs:AssignIpv6Addresses",
        "ecs:UnassignIpv6Addresses",
        "ecs:CreateCommand",
        "ecs:InvokeCommand",
        "ecs:StopInvocation",
        "ecs:DeleteCommand",
        "ecs:DescribeCommands",
        "ecs:DescribeInvocations",
        "ecs:DescribeInvocationResults",
        "ecs:DescribeCloudAssistantStatus",
        "ecs:InstallCloudAssistant",
        "ecs:RunCommand",
        "ecs:CancelTask",
        "ecs:DescribeTasks",
        "ecs:DescribeTaskAttribute"
      ],
      "Condition": {
        "StringEqualsIgnoreCase": {
          "ecs:tag/managed-by-adp": "true"
        }
      },
      "Resource": [
        "*"
      ],
      "Effect": "Allow"
    },
    {
      "Action": [
        "cr:DeleteNamespace",
        "cr:GetNamespace",
        "cr:UpdateNamespace",
        "cr:ListNamespace",
        "cr:CreateRepository",
        "cr:DeleteRepository",
        "cr:UpdateRepository",
        "cr:GetRepository",
        "cr:ListRepository",
        "cr:ListRepositoryTag",
        "cr:DeleteRepositoryTag",
        "cr:GetRepositoryManifest",
        "cr:GetRepositoryLayers",
        "cr:GetAuthorizationToken",
        "cr:PullRepository",
        "cr:PushRepository",
        "cr:CreateNamespace",
        "cr:GetInstance",
        "cr:ListInstance"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "cs:DescribeAddons",
        "cs:DescribeClusterAddonsVersion",
        "cs:DescribeClusterDetail",
        "cs:DescribeClusterLogs",
        "cs:DescribeClusterNodes",
        "cs:DescribeClusterResources",
        "cs:DescribeClusters",
        "cs:DescribeClustersV1",
        "cs:GetClusters",
        "cs:DescribeUserQuota",
        "cs:ModifyClusterTags",
        "cs:DescribeClusterNodePoolDetail",
        "cs:DescribeClusterNodePools",
        "cs:DescribeClusterInnerServiceKubeconfig",
        "cs:RevokeClusterInnerServiceKubeconfig"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "rds:DescribeAvailableResource",
        "rds:ListClasses",
        "rds:DescribeDBInstanceAttribute",
        "rds:CreateDBInstance",
        "rds:ModifyDBInstancePayType",
        "rds:ModifyDBInstanceSpec",
        "rds:ModifyDasInstanceConfig",
        "rds:DeleteDBInstance",
        "rds:DescribeDatabases",
        "rds:CreateDatabase",
        "rds:ModifyDBDescription",
        "rds:DeleteDatabase",
        "rds:CreateAccount",
        "rds:DescribeAccounts",
        "rds:ResetAccount",
        "rds:DeleteAccount"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "kvstore:DescribeAvailableResource",
        "kvstore:DescribeInstanceAttribute",
        "kvstore:CreateInstance",
        "kvstore:ModifyInstanceSpec",
        "kvstore:ModifyNodeSpec",
        "kvstore:ModifyInstanceAttribute",
        "kvstore:ModifyAccountPassword",
        "kvstore:ModifyAccountDescription",
        "kvstore:DeleteInstance"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "adp.aliyuncs.com"
         }
      }
    }

删除服务关联角色

如果您需要删除AliyunServiceRoleForApplicationDeliveryPlatform(服务关联角色),需要先释放依赖这个服务关联角色的云原生应用交付平台的环境。