本文介绍账号注销时ECS服务关联角色AliyunServiceRoleForECSResourceClean以及如何删除该角色。
背景信息
ECS服务关联角色AliyunServiceRoleForECSResourceClean是在用户确认账号注销的情况下,为了清理用户在ECS关联的资源数据,需要获取ECS服务的资源访问和资源删除权限而提供的RAM角色。
更多关于服务关联角色的信息请参见服务关联角色。
AliyunServiceRoleForECSResourceClean应用场景
账号注销时,如果账户在ECS服务中存在关联的资源,系统会将关联的资源数据自动删除,包括:弹性网卡、安全组、快照、使用快照一致性组、自定义镜像、实例启动模板等。
系统需要访问ECS的关联资源数据,并通过什么是资源编排服务创建清理任务实现资源删除,在资源清理完成后自动删除服务关联角色AliyunServiceRoleForECSResourceClean。
注销账户在ECS服务中存在关联资源的情况下,系统通过自动创建ECS服务关联角色AliyunServiceRoleForECSResourceClean来获取访问权限。
AliyunServiceRoleForECSResourceClean权限说明
AliyunServiceRoleForECSResourceClean具备以下云服务的访问权限:
云服务器ECS的访问权限
{
"Action": [
"ecs:DescribeNetworkInterfaces",
"ecs:DescribeInstances",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSecurityGroupReferences",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSnapshots",
"ecs:DescribeAutoSnapshotPolicyEx",
"ecs:DescribeSnapshotGroups",
"ecs:DescribeImages",
"ecs:DescribeImageSharePermission",
"ecs:DescribeRegions",
"ecs:DeleteNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:DeleteSecurityGroup",
"ecs:RevokeSecurityGroup",
"ecs:DeleteSnapshot",
"ecs:DeleteAutoSnapshotPolicy",
"ecs:DeleteSnapshotGroup",
"ecs:ModifyImageSharePermission",
"ecs:DeleteImage",
"ecs:DeleteLaunchTemplate"
],
"Resource": "*",
"Effect": "Allow"
}资源编排服务ROS的访问权限
{
"Action": [
"ros:CreateStack"
],
"Resource": "*",
"Effect": "Allow"
}访问控制服务RAM的访问权限
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ram:ListRoles",
"ram:GetServiceLinkedRoleDeletionStatus"
],
"Resource": "*"
},
{
"Action": "ram:DeleteRole",
"Resource": "acs:ram:*:*:role/AliyunServiceRoleForECSResourceClean",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "resource-clean.ecs.aliyuncs.com"
}
}
}
]
}删除AliyunServiceRoleForECSResourceClean
在完成ECS侧的资源清理后,系统会自动删除ECS服务关联角色AliyunServiceRoleForECSResourceClean。
相关文档
反馈
- 本页导读 (0)
文档反馈