Service-linked roles

Create a service-linked role

When you use specific features, ECS checks whether the required SLR exists. If you grant ECS the permission to create SLRs, ECS creates missing roles automatically.

• When you use Workbench, ECS creates the AliyunServiceRoleForECSWorkbench SLR, which grants Workbench access to services such as ECS and Elastic Container Instance.

  See Workbench service-linked role.

• When you use Operation Content and Result Delivery or Session Record Delivery, ECS creates the AliyunServiceRoleForECSArchiving SLR. Cloud Assistant assumes this role to deliver O&M task and session records to an OSS bucket or Simple Log Service (SLS) project for persistent storage.

  See Manage service-linked role.

• When you use Elastic Block Storage (EBS), ECS creates the AliyunServiceRoleForEBS SLR, which grants EBS access to ECS.

  See Service-linked role for EBS.

• When you use Image Builder, ECS creates the AliyunServiceRoleForECSImageBuilder SLR, which grants Image Builder access to CloudOps Orchestration Service, ECS, and VPC.

  See Manage service-linked role.

• When you create an auto provisioning group, ECS creates the AliyunServiceRoleForAutoProvisioning SLR, which grants Auto Provisioning access to services such as ECS, VPC, ApsaraDB RDS, and CloudMonitor.

  See Manage service-linked role.

• When you create a diagnostic line or initiate a diagnostic task, ECS creates the AliyunServiceRoleForECSNetworkInsights SLR, which grants access to VPC resources.

  See Manage the service-linked role for network connectivity diagnosis.

• When you use the Instance Fee and Security Behavior Audit diagnostic feature, ECS creates the AliyunServiceRoleForECSSelfService SLR to query ActionTrail for user operation audit trails.

  See Manage the service-linked role for the instance troubleshooting and diagnosis service.

Delete a service-linked role

To delete an SLR, go to the RAM console.

See Delete an SLR.

RAM user permissions