本文介绍多云成本运营服务关联角色AliyunServiceRoleForACMP以及如何删除该角色。
背景信息
多云成本运营服务关联角色AliyunServiceRoleForACMP是同步阿里云账号下资源及账单数据时,获取其他云服务的访问权限而提供的RAM角色,更多关于服务关联角色的信息请参见服务关联角色。
AliyunServiceRoleForACMP应用场景
多云成本运营服务需要访问云服务器ECS、容器服务ACK、专有网络VPC、云数据库RDS等云服务的资源时,可通过自动创建的多云成本运营服务关联角色AliyunServiceRoleForACMP获取访问权限。
AliyunServiceRoleForACMP权限说明
AliyunServiceRoleForACMP仅涉及您账号下的云资源及账单数据的查询权限。
AliyunServiceRoleForACMP权限策略详情
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecs:DescribeInstances",
"ecs:DescribeInstanceStatus",
"ecs:DescribeDisks",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribeStorageCapacityUnits"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cs:DescribeClusterDetail",
"cs:DescribeClusters",
"cs:DescribeClusterNodes"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cr:ListInstance",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "eci:DescribeContainerGroups",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"log:ListLogStores",
"log:ListProject",
"log:GetLogStore"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "oss:ListBuckets",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "nas:DescribeFileSystems",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "polardb:DescribeDBClusters",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstanceAttribute",
"rds:DescribeDBInstances"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "dts:DescribeDtsJobs",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"kvstore:DescribeInstanceAttribute",
"kvstore:DescribeInstances"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"hbase:DescribeInstance",
"hbase:DescribeInstances"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "dds:DescribeDBInstances",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "dbs:DescribeBackupPlanList",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "clickhouse:DescribeDBClusters",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "gpdb:DescribeDBInstances",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"adb:DescribeDBClusterAttribute",
"adb:DescribeDBClusters"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"polardbx:DescribeDBInstances",
"drds:DescribeDrdsInstance"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"elasticsearch:DescribeInstance",
"elasticsearch:ListInstance"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "alb:ListLoadBalancers",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "slb:DescribeLoadBalancers",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "nlb:ListLoadBalancers",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cdn:DescribeUserDomains",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "vpc:DescribeNatGateways",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "vpc:DescribeCommonBandwidthPackages",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "vpc:DescribeEipAddresses",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs",
"vpc:DescribeRouteTableList"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cen:DescribeCens",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "yundun-waf:DescribeInstanceInfos",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "rocketmq:ListTopics",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "alikafka:ListInstance",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"bssapi:DescribeInstanceBill",
"bssapi:QuerySettleBill",
"bssapi:GetOrderDetail",
"bssapi:QueryOrders",
"bssapi:DescribeSplitItemBill",
"bssapi:QueryRelationList",
"bssapi:QueryFinancialAccountInfo",
"bss:FrDeductLogQueryRequest",
"bssapi:QueryResourcePackageInstances"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ram:ListUserBasicInfos",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cloudcontrol:GetResources",
"Resource": "*"
}
]
}删除AliyunServiceRoleForACMP
如果您的账号已接入多云成本运营,然后需要删除多云成本运营服务关联角色AliyunServiceRoleForACMP,例如您出于安全考虑,需要删除该角色,则需要先明确删除后的影响:删除AliyunServiceRoleForACMP后,无法将当前账号下的云资源及账单数据同步至多云成本运营平台中。
删除AliyunServiceRoleForACMP的操作步骤如下:
文档内容是否对您有帮助?