本文为您介绍服务关联角色AliyunServiceRoleForCEN以及如何删除该服务关联角色。
背景信息
服务关联角色SLR(Service Linked Role)是指与某个云服务关联的RAM角色。在某些场景下,为了完成云服务的某个功能,需要获取其他云服务的访问权限。通过服务关联角色,您可以更好地创建云服务正常操作所需的权限,避免误操作带来的风险。关于服务关联角色的更多信息,请参见服务关联角色。
创建服务关联角色AliyunServiceRoleForCEN
您在企业版转发路由器中创建专有网络VPC(Virtual Private Cloud)网络实例连接时,系统将会为您自动创建一个名称为AliyunServiceRoleForCEN的服务关联角色,并且为该角色添加名称为AliyunServiceRolePolicyForCEN的权限策略,该权限会允许企业版转发路由器在VPC中创建弹性网卡,作为VPC发往企业版转发路由器的流量入口。权限策略内容如下:
说明
如果服务关联角色AliyunServiceRoleForCEN已存在,系统则不会重复创建。
{
"Version": "1",
"Statement": [
{
"Action": [
"vpc:DescribeVSwitchAttributes",
"vpc:CreateRouteEntries",
"vpc:DeleteRouteEntries",
"vpc:DescribeRouteEntryList",
"vpc:GetVpcRouteEntrySummary"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:CreateNetworkInterface",
"ecs:CreateSecurityGroup",
"ecs:AuthorizeSecurityGroup",
"ecs:RevokeSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:JoinSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:LeaveSecurityGroup",
"ecs:DescribeSecurityGroups",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:CreateNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:DeleteNetworkInterfacePermission",
"ecs:CreateSecurityGroupPermission",
"ecs:AuthorizeSecurityGroupPermission",
"ecs:RevokeSecurityGroupPermission",
"ecs:DeleteSecurityGroupPermission",
"ecs:JoinSecurityGroupPermission",
"ecs:DeleteSecurityGroupPermission",
"ecs:LeaveSecurityGroupPermission",
"ecs:DescribeSecurityGroupPermissions",
"ecs:AttachNetworkInterfacePermissions",
"ecs:DetachNetworkInterfacePermissions"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"expressconnectrouter:CreateExpressConnectRouterAssociation",
"expressconnectrouter:DeleteExpressConnectRouterAssociation"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "cen.aliyuncs.com"
}
}
}
]
}
删除服务关联角色AliyunServiceRoleForCEN
相关文档
文档内容是否对您有帮助?