本文介绍AHAS服务关联角色AliyunServiceRoleForAHAS以及如何删除该角色。
背景信息
AHAS服务关联角色AliyunServiceRoleForAHAS是AHAS在某些情况下,为了完成自身的某个功能,需要获取其他云服务的访问权限而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色。
应用场景
AHAS架构感知的资源拓扑、流量防护等功能需要访问负载均衡SLB(Server Load Balancer)、专有网络VPC(Virtual Private Cloud)、云服务器ECS(Elastic Compute Service)等云服务的资源时,可通过自动创建的AHAS服务关联角色AliyunServiceRoleForAHAS获取访问权限。
权限说明
AHAS服务关联角色AliyunServiceRoleForAHAS具备的云服务的访问权限如下所示,更多权限说明请参见权限策略管理。
{
"Action": [
"ecs:DescribeInstanceAutoRenewAttribute",
"ecs:DescribeInstances",
"ecs:DescribeInstanceStatus",
"ecs:DescribeInstanceVncUrl",
"ecs:DescribeSpotPriceHistory",
"ecs:DescribeUserdata",
"ecs:DescribeInstanceRamRole",
"ecs:DescribeDisks",
"ecs:DescribeSnapshots",
"ecs:DescribeAutoSnapshotPolicy",
"ecs:DescribeSnapshotLinks",
"ecs:DescribeImages",
"ecs:DescribeImageSharePermission",
"ecs:DescribeClassicLinkInstances",
"ecs:AuthorizeSecurityGroup",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroups",
"ecs:ModifySecurityGroupAttribute",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:ModifySecurityGroupRule",
"ecs:DescribeSecurityGroupReferences",
"ecs:ModifySecurityGroupPolicy",
"ecs:RevokeSecurityGroup",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribeTags",
"ecs:DescribeRegions",
"ecs:DescribeZones",
"ecs:DescribeInstanceMonitorData",
"ecs:DescribeEipMonitorData",
"ecs:DescribeDiskMonitorData",
"ecs:DescribeInstanceTypes",
"ecs:DescribeInstanceTypeFamilies",
"ecs:DescribeTasks",
"ecs:DescribeTaskAttribute",
"ecs:DescribeInstanceAttribute",
"ecs:InvokeCommand",
"ecs:CreateCommand",
"ecs:StopInvocation",
"ecs:DeleteCommand",
"ecs:DescribeCommands",
"ecs:DescribeInvocations",
"ecs:DescribeInvocationResults",
"ecs:ModifyCommand",
"ecs:InstallCloudAssistant",
"ecs:CreateNetworkInterfacePermission",
"ecs:DeleteNetworkInterfacePermission",
"ecs:CreateNetworkInterface",
"ecs:CreateSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:ModifyNetworkInterfaceAttribute",
"ecs:ModifyInstanceAttribute",
"ecs:DescribeNetworkInterfaces",
"ecs:RebootInstances",
"ecs:StopInstances",
"ecs:StartInstances"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"slb:DescribeLoadBalancers",
"slb:DescribeLoadBalancerAttribute",
"slb:DescribeLoadBalancerHTTPListenerAttribute",
"slb:DescribeLoadBalancerHTTPSListenerAttribute",
"slb:DescribeLoadBalancerTCPListenerAttribute",
"slb:DescribeLoadBalancerUDPListenerAttribute",
"slb:DescribeHealthStatus",
"slb:DescribeVServerGroups",
"slb:DescribeVServerGroupAttribute",
"slb:DescribeTags",
"slb:DescribeRules"
],
"Resource": "*",
"Effect": "Allow"
}
{
"Action": [
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs",
"vpc:DescribeNatGateways",
"vpc:DescribeForwardTableEntries",
"vpc:DescribeSnatTableEntries",
"vpc:DescribeBandwidthPackages",
"vpc:DescribeEipAddresses",
"vpc:DescribeEipGatewayInfo",
"vpc:DescribeEipMonitorData"
],
"Resource": "*",
"Effect": "Allow"
},
删除AHAS服务关联角色
如果您需要删除AHAS服务关联角色AliyunServiceRoleForAHAS,请注意删除AliyunServiceRoleForAHAS后,会影响您AHAS数据的获取。删除AliyunServiceRoleForAHAS的操作步骤如下。
常见问题
问:为什么我的RAM用户无法自动创建AHAS服务关联角色AliyunServiceRoleForAHAS?
{
"Statement": [
{
"Action": [
"ram:CreateServiceLinkedRole"
],
"Resource": "acs:ram:*:主账号ID:role/*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"ahas.aliyuncs.com"
]
}
}
}
],
"Version": "1"
}主账号ID替换为您实际的阿里云账号(主账号)ID。