This topic describes the AliyunServiceRoleForHbrDr service linked role and how to delete the role.

Background information

In some cases, Hybrid Backup Recovery (HBR) may need to access resources from other cloud services to implement a disaster recovery-related feature. To meet the need, Alibaba Cloud offers a Resource Access Management (RAM) role named AliyunServiceRoleForHbrDr. For more information about service linked roles, see Service linked roles.

The ECS disaster recovery service of HBR may need to create VSwitches, security groups, Elastic Compute Service (ECS) instances, images, and other resources. You can use the AliyunServiceRoleForHbrDr service linked role to authorize the service to access Virtual Private Cloud (VPC) and ECS resources.

Introduction

Role name: AliyunServiceRoleForHbrDr

Policy name: AliyunServiceRolePolicyForHbrDr

Policy document:

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "ecs:DescribeImages",
        "ecs:CreateDisk",
        "ecs:AttachDisk",
        "ecs:ReInitDisk",
        "ecs:DetachDisk",
        "ecs:DescribeDisks",
        "ecs:ReplaceSystemDisk",
        "ecs:DeleteDisk",
        "ecs:ResizeDisk",
        "ecs:CreateInstance",
        "ecs:StartInstance",
        "ecs:StopInstance",
        "ecs:RebootInstance",
        "ecs:DeleteInstance",
        "ecs:DescribeInstances",
        "ecs:CreateSecurityGroup",
        "ecs:DescribeSecurityGroups",
        "ecs:AuthorizeSecurityGroup",
        "ecs:AuthorizeSecurityGroupEgress",
        "ecs:DeleteSecurityGroup",
        "ecs:AllocatePublicIpAddress",
        "ecs:ModifyInstanceAttribute",
        "ecs:JoinSecurityGroup",
        "ecs:CreateNetworkInterface",
        "ecs:DeleteNetworkInterface",
        "ecs:DescribeNetworkInterfaces",
        "ecs:CreateNetworkInterfacePermission",
        "ecs:DescribeNetworkInterfacePermissions",
        "ecs:DeleteNetworkInterfacePermission",
        "ecs:CreateSnapshot",
        "ecs:DeleteSnapshot",
        "ecs:DescribeSnapshots",
        "ecs:DescribeSnapshotLinks",
        "ecs:CreateCommand",
        "ecs:InvokeCommand",
        "ecs:StopInvocation",
        "ecs:DeleteCommand",
        "ecs:DescribeCommands",
        "ecs:DescribeInvocations",
        "ecs:DescribeInvocationResults",
        "ecs:DescribeCloudAssistantStatus",
        "ecs:ModifyResourceMeta"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "vpc:DescribeVpcs",
        "vpc:DescribeVSwitches",
        "vpc:DescribeEipAddresses",
        "vpc:AssociateEipAddress"
      ],
      "Resource": "*",
      "Effect": "Allow"
    }
  ]
}

Delete the AliyunServiceRoleForHbrDr role

Before you delete the AliyunServiceRoleForHbrDr service linked role, you must remove all site pairs in the HBR console.

For more information, see Delete a service linked role.