AliyunServiceRoleForCEN

本文为您介绍服务关联角色AliyunServiceRoleForCEN以及如何删除该服务关联角色。

背景信息

服务关联角色SLR(Service Linked Role)是指与某个云服务关联的RAM角色。在某些场景下,为了完成云服务的某个功能,需要获取其他云服务的访问权限。通过服务关联角色,您可以更好地创建云服务正常操作所需的权限,避免误操作带来的风险。关于服务关联角色的更多信息,请参见服务关联角色

创建服务关联角色AliyunServiceRoleForCEN

您在企业版转发路由器中创建专有网络VPC(Virtual Private Cloud)网络实例连接时,系统将会为您自动创建一个名称为AliyunServiceRoleForCEN的服务关联角色,并且为该角色添加名称为AliyunServiceRolePolicyForCEN的权限策略,该权限会允许企业版转发路由器在VPC中创建弹性网卡,作为VPC发往企业版转发路由器的流量入口。权限策略内容如下:

说明

如果服务关联角色AliyunServiceRoleForCEN已存在,系统则不会重复创建。

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "vpc:DescribeVSwitchAttributes",
        "vpc:CreateRouteEntries",
        "vpc:DeleteRouteEntries",
        "vpc:DescribeRouteEntryList",
        "vpc:GetVpcRouteEntrySummary"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "ecs:CreateNetworkInterface",
        "ecs:CreateSecurityGroup",
        "ecs:AuthorizeSecurityGroup",
        "ecs:RevokeSecurityGroup",
        "ecs:DeleteSecurityGroup",
        "ecs:JoinSecurityGroup",
        "ecs:DeleteSecurityGroup",
        "ecs:LeaveSecurityGroup",
        "ecs:DescribeSecurityGroups",
        "ecs:AttachNetworkInterface",
        "ecs:DetachNetworkInterface",
        "ecs:DeleteNetworkInterface",
        "ecs:DescribeNetworkInterfaces",
        "ecs:CreateNetworkInterfacePermission",
        "ecs:DescribeNetworkInterfacePermissions",
        "ecs:DeleteNetworkInterfacePermission",
        "ecs:CreateSecurityGroupPermission",
        "ecs:AuthorizeSecurityGroupPermission",
        "ecs:RevokeSecurityGroupPermission",
        "ecs:DeleteSecurityGroupPermission",
        "ecs:JoinSecurityGroupPermission",
        "ecs:DeleteSecurityGroupPermission",
        "ecs:LeaveSecurityGroupPermission",
        "ecs:DescribeSecurityGroupPermissions",
        "ecs:AttachNetworkInterfacePermissions",
        "ecs:DetachNetworkInterfacePermissions"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "expressconnectrouter:CreateExpressConnectRouterAssociation",
        "expressconnectrouter:DeleteExpressConnectRouterAssociation"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "cen.aliyuncs.com"
        }
      }
    }
  ]
}

删除服务关联角色AliyunServiceRoleForCEN

系统不会自动删除服务关联角色AliyunServiceRoleForCEN。如果您要删除服务关联角色AliyunServiceRoleForCEN,请先删除所有云企业网实例下企业版转发路由器下的VPC网络实例连接。具体操作,请参见:

相关文档

创建VPC连接