本文为您介绍VMware服务关联角色AliyunServiceRoleForACVS和AliyunServiceRoleForACVSCenResourceConfiguration的应用场景以及如何删除服务关联角色。
背景信息
VMware服务关联角色AliyunServiceRoleForACVS和AliyunServiceRoleForACVSCenResourceConfiguration是在某些情况下,为了完成VMware服务自身的某个功能,需要获取其他云服务的访问权限,而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色。
应用场景
1.VMware服务关联角色AliyunServiceRoleForACVS:VMware服务的创建专属VMware环境功能需要访问云服务器ECS、专有网络VPC、云企业网CEN、资源编排云服务的资源时,通过服务关联角色功能获取访问权限。
2.VMware服务关联角色AliyunServiceRoleForACVSCenResourceConfiguration:VMware服务查询您的云企业网CEN相关信息、在转发路由器中创建路由表和添加路由、在您的云企业网CEN下查询/创建/删除VPC与VBR的网络实例连接、对网络实例连接创建关联转发和路由学习以及添加路由时,通过服务关联角色功能获取访问权限。
AliyunServiceRoleForACVS介绍
角色名称:AliyunServiceRoleForACVS
角色权限策略:AliyunServiceRolePolicyForACVS
权限说明:
{
"Version": "1",
"Statement": [
{
"Action": [
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches",
"vpc:CreateVSwitch",
"vpc:DeleteVSwitch",
"vpc:ConfirmPhysicalConnection",
"vpc:CreateVirtualBorderRouter",
"vpc:DeleteVirtualBorderRouter",
"vpc:DescribeVirtualBorderRouters",
"vpc:CreateBgpGroup",
"vpc:DeleteBgpGroup",
"vpc:DescribeBgpGroups",
"vpc:CreateBgpPeer",
"vpc:DeleteBgpPeer",
"vpc:DescribeBgpPeers",
"vpc:CreateRouteEntry",
"vpc:DeleteRouteEntry",
"vpc:DescribeRouteTables",
"vpc:DescribeVRouters",
"vpc:DescribeRouteEntryList",
"vpc:AddBgpNetwork",
"vpc:DeleteBgpNetwork",
"vpc:DescribeBgpNetworks",
"vpc:AssociateEipAddress",
"vpc:UnassociateEipAddress",
"vpc:DescribeEipAddresses",
"vpc:CreateForwardEntry",
"vpc:DeleteForwardEntry",
"vpc:DescribeForwardTableEntries",
"vpc:CreateSnatEntry",
"vpc:DeleteSnatEntry",
"vpc:DescribeSnatTableEntries",
"vpc:DescribeNatGateways",
"vpc:TerminatePhysicalConnection",
"vpc:RecoverPhysicalConnection",
"vpc:DeletePhysicalConnection",
"vpc:OpenPhysicalConnectionService",
"vpc:GetPhysicalConnectionServiceStatus",
"vpc:DescribeGrantRulesToCen",
"vpc:GrantInstanceToCen",
"vpc:DescribeRouteTableList"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cen:ResolveAndRouteServiceInCen",
"cen:DeleteRouteServiceInCen",
"cen:DescribeRouteServicesInCen",
"cen:DescribeCenAttachedChildInstances",
"cen:AttachCenChildInstance",
"cen:DetachCenChildInstance",
"cen:DescribeCenAttachedChildInstanceAttribute",
"cen:DescribeCens",
"cen:ListTransitRouters",
"cen:ListTransitRouterAvailableResource",
"cen:CreateTransitRouterVpcAttachment",
"cen:ListTransitRouterVpcAttachments",
"cen:DeleteTransitRouterVpcAttachment",
"cen:CreateTransitRouterVbrAttachment",
"cen:ListTransitRouterVbrAttachments",
"cen:DeleteTransitRouterVbrAttachment",
"cen:CreateCenChildInstanceRouteEntryToAttachment",
"cen:DescribeCenChildInstanceRouteEntries",
"cen:DeleteCenChildInstanceRouteEntryToAttachment",
"cen:CreateTransitRouterRouteTable",
"cen:ListTransitRouterRouteTables",
"cen:DeleteTransitRouterRouteTable",
"cen:CreateTransitRouterRouteEntry",
"cen:ListTransitRouterRouteEntries",
"cen:DeleteTransitRouterRouteEntry",
"cen:AssociateTransitRouterAttachmentWithRouteTable",
"cen:ListTransitRouterRouteTableAssociations",
"cen:DissociateTransitRouterAttachmentFromRouteTable",
"cen:EnableTransitRouterRouteTablePropagation",
"cen:ListTransitRouterRouteTablePropagations",
"cen:DisableTransitRouterRouteTablePropagation",
"cen:DescribeGrantRulesToCen"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"bssapi:CreateInstance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:CreateSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSecurityGroupAttribute",
"ecs:AuthorizeSecurityGroup",
"ecs:RevokeSecurityGroup",
"ecs:CreateNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeNetworkInterfaces"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"nas:DescribeFileSystems"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ros:ListStacks",
"ros:GetStack",
"ros:ListStackEvents",
"ros:ListStackResources",
"ros:GetStackResource",
"ros:CreateStack",
"ros:DeleteStack",
"ros:PreviewStack"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": "ram:PassRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"acs:Service": [
"ros.aliyuncs.com"
]
}
}
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "acvs.aliyuncs.com"
}
}
}
]
}AliyunServiceRoleForACVSCenResourceConfiguration介绍
角色名称:AliyunServiceRoleForACVSCenResourceConfiguration
角色权限策略:AliyunServiceRoleForACVSCenResourceConfiguration
权限说明:
{
"Version": "1",
"Statement": [
{
"Action": [
"cen:DescribeCens",
"cen:DescribeGrantRulesToCen",
"cen:ListTransitRouters",
"cen:ListTransitRouterAvailableResource",
"cen:CreateTransitRouterVpcAttachment",
"cen:ListTransitRouterVpcAttachments",
"cen:DeleteTransitRouterVpcAttachment",
"cen:CreateTransitRouterVbrAttachment",
"cen:ListTransitRouterVbrAttachments",
"cen:DeleteTransitRouterVbrAttachment",
"cen:CreateCenChildInstanceRouteEntryToAttachment",
"cen:DescribeCenChildInstanceRouteEntries",
"cen:DeleteCenChildInstanceRouteEntryToAttachment",
"cen:CreateTransitRouterRouteTable",
"cen:ListTransitRouterRouteTables",
"cen:DeleteTransitRouterRouteTable",
"cen:CreateTransitRouterRouteEntry",
"cen:ListTransitRouterRouteEntries",
"cen:DeleteTransitRouterRouteEntry",
"cen:AssociateTransitRouterAttachmentWithRouteTable",
"cen:ListTransitRouterRouteTableAssociations",
"cen:DissociateTransitRouterAttachmentFromRouteTable",
"cen:EnableTransitRouterRouteTablePropagation",
"cen:ListTransitRouterRouteTablePropagations",
"cen:DisableTransitRouterRouteTablePropagation",
"cen:ResolveAndRouteServiceInCen",
"cen:DeleteRouteServiceInCen",
"cen:DescribeRouteServicesInCen",
"cen:DescribeCenAttachedChildInstances",
"cen:AttachCenChildInstance",
"cen:DetachCenChildInstance",
"cen:DescribeCenAttachedChildInstanceAttribute"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ros:ListStacks",
"ros:GetStack",
"ros:ListStackEvents",
"ros:ListStackResources",
"ros:GetStackResource",
"ros:CreateStack",
"ros:DeleteStack",
"ros:PreviewStack"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": "ram:PassRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"acs:Service": [
"ros.aliyuncs.com"
]
}
}
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "cen.acvs.aliyuncs.com"
}
}
}
]
}删除服务关联角色
如果您需要删除AliyunServiceRoleForACVS服务关联角色,需要先释放依赖这个服务关联角色的专属VMware环境。
如果您需要删除AliyunServiceRoleForACVSCenResourceConfiguration服务关联角色,需要在VMware服务控制台-跨账号授权中删除所有跨账号授权。
删除服务关联角色具体操作请参见
反馈
- 本页导读 (0)
文档反馈