本文为您介绍DBFS服务关联角色(AliyunServiceRoleForDbfs)的应用场景以及如何删除服务关联角色。
背景信息
DBFS服务关联角色(AliyunServiceRoleForDbfs)是在某些情况下,为了完成DBFS自身的某个功能,需要获取其它云服务的访问权限而提供的RAM角色。更多关于服务关联角色的信息请参见服务关联角色
应用场景
DBFS的创建、挂载、卸载、扩容、快照和删除操作需要访问ECS云服务和私网连接(PrivateLink)的资源,通过服务关联角色功能获取访问权限。
DBFS使用ECS云助手完成版本在线升级、日志收集等功能,通过服务关联角色功能获取云助手访问权限。
DBFS样板间功能为用户自动创建ECS、VPC、虚拟交换机、安全组资源,通过服务关联角色功能获取访问权限。
AliyunServiceRoleForDbfs介绍
角色名称:AliyunServiceRoleForDbfs
角色权限策略:AliyunServiceRolePolicyForDbfs
权限说明:
{
"Action": [
"ecs:CreateDisk",
"ecs:AttachDisk",
"ecs:DetachDisk",
"ecs:DeleteDisk",
"ecs:ResizeDisk",
"ecs:CreateSnapshot",
"ecs:DeleteSnapshot",
"ecs:DescribeSnapshots",
"ecs:DescribeSnapshotLinks",
"ecs:ResetDisk",
"ecs:DescribeDisks",
"ecs:DescribeInstanceAttribute",
"ecs:DescribeInstances",
"ecs:AuthorizeSecurityGroup",
"ecs:RevokeSecurityGroup",
"ecs:DescribeCloudAssistantStatus",
"ecs:DescribeInvocations",
"ecs:DescribeInvocationResults",
"ecs:RunCommand",
"ecs:DescribeSecurityGroups",
"ecs:CreateSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:RunInstances",
"ecs:CreateInstance",
"ecs:StartInstance",
"ecs:CreateNetworkInterface",
"ecs:AttachNetworkInterface",
"privatelink:CreateVpcEndpoint",
"privatelink:DeleteVpcEndpoint",
"privatelink:GetVpcEndpointAttribute",
"privatelink:ListVpcEndpoints",
"privatelink:ListVpcEndpointZones",
"privatelink:AddZoneToVpcEndpoint",
"privatelink:RemoveZoneFromVpcEndpoint",
"privatelink:OpenPrivateLinkService",
"vpc:DescribeVpcs",
"vpc:DescribeVSwitches",
"vpc:AssociateVpcCidrBlock",
"vpc:CreateVpc",
"vpc:CreateVSwitch",
"vpc:DeleteVpc",
"vpc:DeleteVSwitch"
],
"Resource": "*",
"Effect": "Allow"
},{
"Action": "ecs:DeleteInstance",
"Condition": {
"StringEqualsIgnoreCase": {
"ecs:tag/DBFS": "AutoCreated"
}
},
"Resource": "acs:ecs:*:*:*",
"Effect": "Allow"
}删除服务关联角色
如果您需要删除AliyunServiceRoleForDbfs(服务关联角色),需要先删除依赖这个服务关联角色的DBFS实例。
删除DBFS实例具体操作请参见删除文件系统
删除服务关联角色具体操作请参见删除服务关联角色