本文为您介绍云数据库 SelectDB 版服务关联角色(AliyunServiceRoleForSelectDB)的应用场景以及如何删除服务关联角色。
背景信息
云数据库 SelectDB 版服务关联角色(AliyunServiceRoleForSelectDB)是在某些情况下,为了完成云数据库 SelectDB 版自身的某个功能,需要获取其他云服务的访问权限,而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色。
应用场景
例如在开通云数据库 SelectDB 版服务的时,需要调用ARMS监控服务的查询大盘、创建Prometheus实例等接口来提供监控服务或调用VPC和vSwitch相关查询接口来查询用户账户下的VPC和交换机用于创建实例等。
AliyunServiceRoleForSelectDB介绍
角色名称:AliyunServiceRoleForSelectDB
角色权限策略:AliyunServiceRolePolicyForSelectDB
权限说明:
{ "Statement": [ { "Action": [ "log:GetProject", "log:ListProject", "log:GetCursor", "log:GetCursorTime", "log:GetLogs", "log:GetHistograms", "log:GetContextLogs", "log:PullLogs", "log:GetLogStoreLogs", "log:GetLogStoreHistogram", "log:GetLogStore", "log:ListLogStores", "log:GetCursorOrData", "log:ListShards", "log:GetConfig", "log:ListConfig", "log:GetShipperStatus", "log:GetCheckPoint", "log:HeartBeat", "log:UpdateCheckPoint", "log:PostLogStoreLogs", "log:CreateConsumerGroup", "log:UpdateConsumerGroup", "log:DeleteConsumerGroup", "log:ListConsumerGroup", "log:ConsumerGroupUpdateCheckPoint", "log:ConsumerGroupHeartBeat", "log:GetConsumerGroupCheckPoint", "log:CreateExport", "log:GetExport", "log:ListExport", "log:UpdateExport", "log:DeleteExport", "log:CreateJob", "log:GetJob", "log:ListJobs", "log:UpdateJob", "log:DeleteJob", "ecs:AttachNetworkInterface", "ecs:AuthorizeSecurityGroup", "ecs:CreateNetworkInterface", "ecs:CreateNetworkInterfacePermission", "ecs:CreateRouteEntry", "ecs:CreateSecurityGroup", "ecs:DeleteNetworkInterface", "ecs:DeleteNetworkInterfacePermission", "ecs:DeleteRouteEntry", "ecs:DeleteSecurityGroup", "ecs:DescribeInstanceAttribute", "ecs:DescribeInstanceStatus", "ecs:DescribeInstanceTypeFamilies", "ecs:DescribeInstanceTypes", "ecs:DescribeInstances", "ecs:DescribeInstancesFullStatus", "ecs:DescribeNetworkInterfaceAttribute", "ecs:DescribeNetworkInterfaces", "ecs:DescribeRegions", "ecs:DescribeSecurityGroupAttribute", "ecs:DescribeSecurityGroups", "ecs:DescribeZones", "ecs:DetachNetworkInterface", "ecs:ListTagResources", "ecs:ModifyNetworkInterfaceAttribute", "ecs:RevokeSecurityGroup", "ecs:TagResources", "ecs:UntagResources", "vpc:CreateRouteEntry", "vpc:DeleteRouteEntry", "vpc:DescribeRegions", "vpc:DescribeVSwitchAttributes", "vpc:DescribeVSwitches", "vpc:DescribeVpcAttribute", "vpc:DescribeVpcs", "vpc:DescribeZones", "vpc:ListTagResources", "vpc:ModifyBypassToaAttribute", "vpc:TagResources", "vpc:UntagResources", "selectdb:DescribeSecurityIPList", "selectdb:ModifySecurityIPList" ], "Resource": "*", "Effect": "Allow" }, { "Action": "ram:DeleteServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "selectdb.aliyuncs.com" } } }, { "Action": [ "kms:Listkeys", "kms:Listaliases", "kms:ListResourceTags", "kms:DescribeKey", "kms:UntagResource", "kms:TagResource", "kms:DescribeAccountKmsStatus" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "kms:Encrypt", "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*", "Effect": "Allow", "Condition": { "StringEqualsIgnoreCase": { "kms:tag/acs:selectdb:instance-encryption": "true" } } }, { "Action": [ "rds:ModifySecurityIps", "rds:DescribeDBInstanceNetInfo", "rds:DescribeDBInstanceIPArrayList" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "arms:CheckServiceStatus", "arms:OpenArmsService", "arms:GetPrometheusApiToken", "arms:OpenVCluster", "arms:ListDashboards" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "slb:AddBackendServers", "slb:AddTags", "slb:AddVServerGroupBackendServers", "slb:CreateLoadBalancer", "slb:CreateLoadBalancerForCloudService", "slb:CreateLoadBalancerHTTPListener", "slb:CreateLoadBalancerHTTPSListener", "slb:CreateLoadBalancerTCPListener", "slb:CreateLoadBalancerUDPListener", "slb:CreateVServerGroup", "slb:DeleteLoadBalancer", "slb:DeleteLoadBalancerListener", "slb:DeleteVServerGroup", "slb:DescribeTags", "slb:DescribeVServerGroups", "slb:DescribeLoadBalancers", "slb:DescribeVServerGroupAttribute", "slb:DescribeLoadBalancerAttribute", "slb:DescribeLoadBalancerHTTPSListenerAttribute", "slb:DescribeLoadBalancerHTTPListenerAttribute", "slb:DescribeLoadBalancerListeners", "slb:DescribeLoadBalancerTCPListenerAttribute", "slb:DescribeLoadBalancerUDPListenerAttribute", "slb:ModifyLoadBalancerInstanceSpec", "slb:ModifyLoadBalancerInternetSpec", "slb:ModifyVServerGroupBackendServers", "slb:RemoveBackendServers", "slb:RemoveTags", "slb:DescribeAccessControlLists", "slb:RemoveVServerGroupBackendServers", "slb:SetLoadBalancerHTTPListenerAttribute", "slb:SetLoadBalancerHTTPSListenerAttribute", "slb:SetLoadBalancerTCPListenerAttribute", "slb:SetLoadBalancerUDPListenerAttribute", "slb:SetLoadBalancerModificationProtection", "slb:SetLoadBalancerDeleteProtection", "slb:SetVServerGroupAttribute", "slb:ServiceManagedControl", "slb:StartLoadBalancerListener", "slb:StopLoadBalancerListener", "slb:DeleteAccessControlList", "slb:CreateAccessControlList", "slb:DescribeAccessControlListAttribute", "slb:AddAccessControlListEntry", "slb:RemoveAccessControlListEntry" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "pvtz:DescribeUserServiceStatus", "pvtz:DescribeZones" ], "Resource": "*", "Effect": "Allow" }, { "Effect": "Allow", "Action": [ "bssapi:QueryAvailableInstances" ], "Resource": "*" }, { "Action": "bss:DescribeAcccount", "Resource": "*", "Effect": "Allow" }, { "Effect": "Allow", "Action": [ "bssapi:CreateInstance" ], "Resource": "*", "Condition": { "StringEquals": { "bssapi:ProductCode": "pvtz", "bssapi:ProductType": [ "pvtzpost" ] } } }, { "Action": "ram:CreateServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "eipaccess.slb.aliyuncs.com" } } } ], "Version": "1" }
删除服务关联角色
删除AliyunServiceRoleForSelectDB(服务关联角色)的具体操作,请参见删除服务关联角色。
反馈
- 本页导读 (1)
文档反馈