The AliyunServiceRoleForConfigRemediation service-linked role grants Cloud Config the permissions required for automatic remediation. Learn about the role details, scenarios, and how to create or delete the role.
Scenarios
To remediate non-compliant resources by using the automatic remediation feature of Cloud Config, you must grant Cloud Config the permissions to access non-compliant resources. Cloud Config assumes the AliyunServiceRoleForConfigRemediation service-linked role to access non-compliant resources across Alibaba Cloud services.
For more information about service-linked roles, see Service-linked roles.
Role description
The AliyunServiceRoleForConfigRemediation service-linked role has the following details:
-
Role name: AliyunServiceRoleForConfigRemediation.
-
Policy attached to the role: AliyunServiceRolePolicyForConfigRemediation.
-
Policy description: Grants Cloud Config the permissions to access non-compliant resources across Alibaba Cloud services.
NoteFor more information about the policy, see AliyunServiceRolePolicyForConfigRemediation.
Create the AliyunServiceRoleForConfigRemediation service-linked role
When you configure a remediation template for a rule in the Cloud Config console, Cloud Config automatically creates the AliyunServiceRoleForConfigRemediation service-linked role in the Resource Access Management (RAM) console if non-compliant resources are detected.
Delete the AliyunServiceRoleForConfigRemediation service-linked role
-
Delete remediation settings.
-
Delete the remediation settings of a rule. For more information, see Delete remediation settings.
-
Delete all rules for which remediation settings are configured. For more information, see Delete a rule.
-
-
Delete the AliyunServiceRoleForConfigRemediation service-linked role.
For more information, see Delete a RAM role.
The AliyunServiceRoleForConfigRemediation service-linked role cannot be automatically deleted. You must log on to the RAM console and manually delete the role. For more information, see Delete a RAM role.