备案控制台
文档
产品文档
输入文档关键字查找
首页 云数据库 SelectDB 版 操作指南 云数据库SelectDB版服务关联角色

云数据库SelectDB版服务关联角色

更新时间:
一键部署
提交缺陷
我的收藏

本文为您介绍云数据库 SelectDB 版服务关联角色(AliyunServiceRoleForSelectDB)的应用场景以及如何删除服务关联角色。

背景信息

云数据库 SelectDB 版服务关联角色(AliyunServiceRoleForSelectDB)是在某些情况下,为了完成云数据库 SelectDB 版自身的某个功能,需要获取其他云服务的访问权限,而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色

应用场景

例如在开通云数据库 SelectDB 版服务的时,需要调用ARMS监控服务的查询大盘、创建Prometheus实例等接口来提供监控服务或调用VPC和vSwitch相关查询接口来查询用户账户下的VPC和交换机用于创建实例等。

AliyunServiceRoleForSelectDB介绍

  • 角色名称:AliyunServiceRoleForSelectDB

  • 角色权限策略:AliyunServiceRolePolicyForSelectDB

  • 权限说明:

    {
  "Statement": [
    {
      "Action": [
        "log:GetProject",
        "log:ListProject",
        "log:GetCursor",
        "log:GetCursorTime",
        "log:GetLogs",
        "log:GetHistograms",
        "log:GetContextLogs",
        "log:PullLogs",
        "log:GetLogStoreLogs",
        "log:GetLogStoreHistogram",
        "log:GetLogStore",
        "log:ListLogStores",
        "log:GetCursorOrData",
        "log:ListShards",
        "log:GetConfig",
        "log:ListConfig",
        "log:GetShipperStatus",
        "log:GetCheckPoint",
        "log:HeartBeat",
        "log:UpdateCheckPoint",
        "log:PostLogStoreLogs",
        "log:CreateConsumerGroup",
        "log:UpdateConsumerGroup",
        "log:DeleteConsumerGroup",
        "log:ListConsumerGroup",
        "log:ConsumerGroupUpdateCheckPoint",
        "log:ConsumerGroupHeartBeat",
        "log:GetConsumerGroupCheckPoint",
        "log:CreateExport",
        "log:GetExport",
        "log:ListExport",
        "log:UpdateExport",
        "log:DeleteExport",
        "log:CreateJob",
        "log:GetJob",
        "log:ListJobs",
        "log:UpdateJob",
        "log:DeleteJob",
        "ecs:AttachNetworkInterface",
        "ecs:AuthorizeSecurityGroup",
        "ecs:CreateNetworkInterface",
        "ecs:CreateNetworkInterfacePermission",
        "ecs:CreateRouteEntry",
        "ecs:CreateSecurityGroup",
        "ecs:DeleteNetworkInterface",
        "ecs:DeleteNetworkInterfacePermission",
        "ecs:DeleteRouteEntry",
        "ecs:DeleteSecurityGroup",
        "ecs:DescribeInstanceAttribute",
        "ecs:DescribeInstanceStatus",
        "ecs:DescribeInstanceTypeFamilies",
        "ecs:DescribeInstanceTypes",
        "ecs:DescribeInstances",
        "ecs:DescribeInstancesFullStatus",
        "ecs:DescribeNetworkInterfaceAttribute",
        "ecs:DescribeNetworkInterfaces",
        "ecs:DescribeRegions",
        "ecs:DescribeSecurityGroupAttribute",
        "ecs:DescribeSecurityGroups",
        "ecs:DescribeZones",
        "ecs:DetachNetworkInterface",
        "ecs:ListTagResources",
        "ecs:ModifyNetworkInterfaceAttribute",
        "ecs:RevokeSecurityGroup",
        "ecs:TagResources",
        "ecs:UntagResources",
        "vpc:CreateRouteEntry",
        "vpc:DeleteRouteEntry",
        "vpc:DescribeRegions",
        "vpc:DescribeVSwitchAttributes",
        "vpc:DescribeVSwitches",
        "vpc:DescribeVpcAttribute",
        "vpc:DescribeVpcs",
        "vpc:DescribeZones",
        "vpc:ListTagResources",
        "vpc:ModifyBypassToaAttribute",
        "vpc:TagResources",
        "vpc:UntagResources",
        "selectdb:DescribeSecurityIPList",
        "selectdb:ModifySecurityIPList"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "selectdb.aliyuncs.com"
        }
      }
    },
    {
      "Action": [
        "kms:Listkeys",
        "kms:Listaliases",
        "kms:ListResourceTags",
        "kms:DescribeKey",
        "kms:UntagResource",
        "kms:TagResource",
        "kms:DescribeAccountKmsStatus"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "kms:Encrypt",
        "kms:Decrypt",
        "kms:GenerateDataKey"
      ],
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEqualsIgnoreCase": {
          "kms:tag/acs:selectdb:instance-encryption": "true"
        }
      }
    },
    {
      "Action": [
        "rds:ModifySecurityIps",
        "rds:DescribeDBInstanceNetInfo",
        "rds:DescribeDBInstanceIPArrayList"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "arms:CheckServiceStatus",
        "arms:OpenArmsService",
        "arms:GetPrometheusApiToken",
        "arms:OpenVCluster",
        "arms:ListDashboards"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "slb:AddBackendServers",
        "slb:AddTags",
        "slb:AddVServerGroupBackendServers",
        "slb:CreateLoadBalancer",
        "slb:CreateLoadBalancerForCloudService",
        "slb:CreateLoadBalancerHTTPListener",
        "slb:CreateLoadBalancerHTTPSListener",
        "slb:CreateLoadBalancerTCPListener",
        "slb:CreateLoadBalancerUDPListener",
        "slb:CreateVServerGroup",
        "slb:DeleteLoadBalancer",
        "slb:DeleteLoadBalancerListener",
        "slb:DeleteVServerGroup",
        "slb:DescribeTags",
        "slb:DescribeVServerGroups",
        "slb:DescribeLoadBalancers",
        "slb:DescribeVServerGroupAttribute",
        "slb:DescribeLoadBalancerAttribute",
        "slb:DescribeLoadBalancerHTTPSListenerAttribute",
        "slb:DescribeLoadBalancerHTTPListenerAttribute",
        "slb:DescribeLoadBalancerListeners",
        "slb:DescribeLoadBalancerTCPListenerAttribute",
        "slb:DescribeLoadBalancerUDPListenerAttribute",
        "slb:ModifyLoadBalancerInstanceSpec",
        "slb:ModifyLoadBalancerInternetSpec",
        "slb:ModifyVServerGroupBackendServers",
        "slb:RemoveBackendServers",
        "slb:RemoveTags",
        "slb:DescribeAccessControlLists",
        "slb:RemoveVServerGroupBackendServers",
        "slb:SetLoadBalancerHTTPListenerAttribute",
        "slb:SetLoadBalancerHTTPSListenerAttribute",
        "slb:SetLoadBalancerTCPListenerAttribute",
        "slb:SetLoadBalancerUDPListenerAttribute",
        "slb:SetLoadBalancerModificationProtection",
        "slb:SetLoadBalancerDeleteProtection",
        "slb:SetVServerGroupAttribute",
        "slb:ServiceManagedControl",
        "slb:StartLoadBalancerListener",
        "slb:StopLoadBalancerListener",
        "slb:DeleteAccessControlList",
        "slb:CreateAccessControlList",
        "slb:DescribeAccessControlListAttribute",
        "slb:AddAccessControlListEntry",
        "slb:RemoveAccessControlListEntry"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "pvtz:DescribeUserServiceStatus",
        "pvtz:DescribeZones"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Effect": "Allow",
      "Action": [
        "bssapi:QueryAvailableInstances"
      ],
      "Resource": "*"
    },
    {
      "Action": "bss:DescribeAcccount",
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Effect": "Allow",
      "Action": [
        "bssapi:CreateInstance"
      ],
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "bssapi:ProductCode": "pvtz",
          "bssapi:ProductType": [
            "pvtzpost"
          ]
        }
      }
    },
    {
      "Action": "ram:CreateServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "eipaccess.slb.aliyuncs.com"
        }
      }
    }
  ],
  "Version": "1"
}

删除服务关联角色

删除AliyunServiceRoleForSelectDB(服务关联角色)的具体操作,请参见删除服务关联角色

文档推荐
  • 本页导读 (1)
文档反馈