DocsICP FilingConsole
官方文档
首页

Service-linked role for Vector Retrieval Service DashVector

更新时间:
复制 MD 格式
产品详情
我的收藏

Create a service-linked role for DashVector to grant the service permissions to access virtual private cloud (VPC) resources.

Background information

AliyunServiceRoleForDashVector is a Resource Access Management (RAM) service-linked role that grants DashVector permissions to access VPC resources. DashVector uses these permissions to query VPCs, security groups, and zones for private network access. For more information about service-linked roles, see Service-linked roles.

Prerequisites

  • A cluster has been created in a region.

  • You are accessing the VPC configuration page for DashVector for the first time, or you previously deleted the service-linked role for DashVector.

Introduction to the service-linked role for DashVector

Role name: AliyunServiceRoleForDashVector

Access policy: AliyunServiceRoleForDashVector

Permissions:

{
      "Action": [
        "privatelink:OpenPrivateLinkService",
        "privatelink:CheckProductOpen",
        "privatelink:ListVpcEndpointServices",
        "privatelink:CreateVpcEndpoint",
        "privatelink:ListVpcEndpoints",
        "privatelink:UpdateVpcEndpointAttribute",
        "privatelink:GetVpcEndpointAttribute",
        "privatelink:ListVpcEndpointSecurityGroups",
        "privatelink:AttachSecurityGroupToVpcEndpoint",
        "privatelink:DetachSecurityGroupFromVpcEndpoint",
        "privatelink:AddZoneToVpcEndpoint",
        "privatelink:RemoveZoneFromVpcEndpoint",
        "privatelink:ListVpcEndpointZones",
        "privatelink:DeleteVpcEndpoint",
        "vpc:DescribeVpcs",
        "ecs:DescribeSecurityGroups",
        "vpc:DescribeVSwitches"
      ],
      "Resource": "*",
      "Effect": "Allow"
    }

Create the service-linked role for DashVector

  1. Log on to the Vector Retrieval Service DashVector console.

  2. Click Cluster List. In the Actions column of a cluster, click Details.image

  3. On the details page, click Access Control, and then click Virtual Private Cloud. In the Create Service-Linked Role for DashVector dialog box that appears, click OK. This automatically creates a service-linked role to manage VPCs.image

    Note

    You can view the automatically created service-linked role for DashVector in the RAM console. For more information, see View a RAM role.

Delete the service-linked role for DashVector

If you no longer need the service-linked role for DashVector (AliyunServiceRoleForDashVector), delete it in the RAM console. For more information, see Delete a service-linked role.

Note

  • Before you delete the service-linked role (AliyunServiceRoleForDashVector), delete all private networks attached to the clusters in your account. For more information, see Delete a private network. Otherwise, the deletion fails.

  • If the deletion fails, a message indicates which clusters still have private network endpoints attached.

Warning

After you delete the service-linked role (AliyunServiceRoleForDashVector), DashVector loses access to VPC resources. To restore access, you must recreate the service-linked role for Vector Retrieval Service DashVector.

Previous:Virtual private cloudNext:Support