DocsICP FilingConsole
官方文档
首页

Service-linked Role

更新时间:
复制 MD 格式
产品详情
我的收藏

Some features require access to other Alibaba Cloud services. For example, the feature for attaching a private domain name in the IoT Platform requires access to resources in the IoT service. Alibaba Cloud provides service-linked roles (SLRs) for these scenarios.

Introduction to the service-linked role

The service-linked role for the IoT Platform is named AliyunServiceRoleForLivingLink, and its access policy is AliyunServiceRolePolicyForLivingLink. For more information about service-linked roles, see Service-linked roles.

The permissions for the IoT Platform service-linked role are described below. For more information about permissions, see IoT Platform RAM Authorization.

{
    "Version": "1",
    "Statement": [{
            "Action": [
                "iot:CreateProduct",
                "iot:CreateProductTopic",
                "iot:DeleteProduct",
                "iot:DeleteProductTopic",
                "iot:DisableThing",
                "iot:EnableThing",
                "iot:ListProduct",
                "iot:ListProductTag",
                "iot:QueryProduct",
                "iot:QueryProductTopic",
                "iot:RemoveThingTopo",
                "iot:UpdateProductTopic"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "iot:GetGatewayBySubDevice",
                "iot:QueryDeviceEventData",
                "iot:QueryDeviceProp",
                "iot:QueryDevicePropertyData",
                "iot:QueryDevicePropertyStatus",
                "iot:QueryDeviceServiceData",
                "iot:BatchUpdateDeviceNickname",
                "iot:QueryDeviceDesiredProperty",
                "iot:GetDeviceShadow",
                "iot:UpdateDeviceShadow",
                "iot:QueryDeviceFileList",
                "iot:DeleteDeviceFile",
                "iot:QueryDeviceFile"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ram:DeleteServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "livinglink.aliyuncs.com"
                }
            }
        }
    ]
}

Create a service-linked role

When you log on to the IoT Platform console for the first time, you are prompted to grant authorization to the platform. After you grant the authorization, the service-linked role (AliyunServiceRoleForLivingLink) is automatically created. No extra operations are required. For more information, see Log on to the IoT Platform.

Delete a service-linked role

To delete the service-linked role (AliyunServiceRoleForLivingLink), log on to the Resource Access Management (RAM) console. For more information, see Delete a RAM role.

Previous:Project managementNext:Project data synchronization and API operations