背景信息

AnalyticDB for MySQL 服务将使用AliyunServiceRoleForADSDiskEncrypt调用用户密钥管理服务 (KMS) 以向用户提供云盘加密服务。

AliyunServiceRoleForADSDiskEncrypt

角色名称:AliyunServiceRoleForADSDiskEncrypt

角色权限策略:AliyunServiceRolePolicyForADSDiskEncrypt

权限说明:

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "kms:ListKeys",
        "kms:ListAliases",
        "kms:ListResourceTags",
        "kms:DescribeKey",
        "kms:TagResource",
        "kms:UntagResource"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "kms:Encrypt",
        "kms:Decrypt",
        "kms:GenerateDataKey"
      ],
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEqualsIgnoreCase": {
          "kms:tag/acs:ads:instance-encryption": "true"
        }
      }
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "diskencryption.ads.aliyuncs.com"
        }
      }
    }
  ]
}

删除服务关联角色

如果您需要删除 AliyunServiceRoleForADSDiskEncrypt(云盘加密服务关联角色),需要先释放依赖这个服务角色的所有集群。