This topic describes how to create, view, and delete the service-linked role for Elastic Accelerated Computing Instances (EAIS), AliyunServiceRoleForEais.
A service-linked role is a Resource Access Management (RAM) role whose trusted entity is an Alibaba Cloud service. EAIS uses the service-linked role to obtain access permissions for other Alibaba Cloud services or cloud resources.
The system automatically creates a service-linked role when you perform certain operations. If the automatic creation of the service-linked role fails, you must manually create the service-linked role, AliyunServiceRoleForEais.
RAM provides a system policy for each service-linked role. You cannot modify this policy. To view the details of this system policy, go to the product page of the service-linked role. For more information, see System policies for Elastic Accelerated Computing Instances.
Scenarios
EAIS automatically creates the AliyunServiceRoleForEais service-linked role in the following scenarios:
When you create an EAIS instance for the first time, EAIS automatically creates the AliyunServiceRoleForEais service-linked role.
If you create an EAIS instance after the AliyunServiceRoleForEais role is deleted, EAIS automatically re-creates the service-linked role.
Permissions required for a RAM user to use the service-linked role
If you use a RAM user to create or delete the service-linked role, you must contact an administrator to grant the administrative permission (AliyunEAISFullAccess) to the RAM user. Alternatively, you can add the following permissions to the Action statement of a custom policy for the RAM user:
Create a service-linked role:
ram:CreateServiceLinkedRoleDelete a service-linked role:
ram:DeleteServiceLinkedRole
For more information about how to grant permissions, see Permissions required to manage a service-linked role.
Create a service-linked role
When you create an EAIS instance, the system automatically creates the service-linked role. For more information, see Create an EAIS instance.
You can also manually create the service-linked role in the RAM console or by calling an API operation. For more information, see Create a service-linked role and CreateServiceLinkedRole.
View a service-linked role
After the service-linked role is created, go to the Roles page of the RAM console and search for AliyunServiceRoleForEais to view the following information about the role:
Basic information
On the product page of the AliyunServiceRoleForEais role, in the Basic Information section, you can view the basic information about the role. This includes the role name, creation time, Alibaba Cloud Resource Name (ARN), and description.
Access policy
On the product page of the AliyunServiceRoleForEais role, on the Permission Management tab, click the policy name to view the policy document and the cloud resources that the role can access.
Trust policy
On the product page of the AliyunServiceRoleForEais role, on the Trust Policy tab, you can view the trust policy document. A trust policy describes the trusted entities of a RAM role. A trusted entity is an entity that can assume the RAM role. The trusted entity of a service-linked role is an Alibaba Cloud service. You can view this in the
Servicefield of the trust policy.
For more information about how to view a service-linked role, see View the information about a RAM role.
Delete a service-linked role
After you delete a service-linked role, features that depend on the role will no longer work as expected. Delete service-linked roles with caution.
If you no longer use EAIS for an extended period, you can manually delete the service-linked role in the RAM console.
For more information, see Delete a RAM role.