This topic describes the AliyunServiceRoleForHbrDr service linked role and how to delete the role. This role is used for Elastic Compute Service (ECS) disaster recovery.

Background information

In some cases, Hybrid Backup Recovery may need to access resources from other cloud services to implement a disaster recovery-related feature. To meet the need, Alibaba Cloud offers a Resource Access Management (RAM) role named AliyunServiceRoleForHbrDr. For more information about service linked roles, see Service linked roles.

In the Hybrid Backup Recovery console, you may need to create new VSwitches, security groups, Elastic Compute Service (ECS) instances, images, and other resources. You can use the AliyunServiceRoleForHbrDr service linked role to access Virtual Private Cloud (VPC) and ECS resources.

Introduction

Role name: AliyunServiceRoleForHbrDr

Policy name: AliyunServiceRolePolicyForHbrDr

Policy document:

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "ecs:DescribeImages",
        "CreateDisk",
        "ecs:AttachDisk",
        "ecs:ReInitDisk",
        "ecs:DetachDisk",
        "ecs:DescribeDisks"
        "ecs:ReplaceSystemDisk",
        "ecs:DeleteDisk",
        "ecs:ResizeDisk",
        "ecs:CreateInstance",
        "ecs:StartInstance",
        "ecs:StopInstance",
        "ecs:RebootInstance",
        "ecs:DeleteInstance",
        "ecs:DescribeInstances",
        "ecs:CreateSecurityGroup",
        "ecs:DescribeSecurityGroups",
        "ecs:AuthorizeSecurityGroup",
        "Action": "ecs:AuthorizeSecurityGroupEgress",
        "ecs:DeleteSecurityGroup",
        "ecs:AllocatePublicIpAddress",
        "ecs:ModifyInstanceAttribute",
        "ecs:JoinSecurityGroup",
        "ecs:CreateNetworkInterface",
        "ecs:DeleteNetworkInterface",
        "ecs:DescribeNetworkInterfaces",
        "ecs:CreateNetworkInterfacePermission"
        "ecs:DescribeNetworkInterfacePermissions",
        "ecs:DeleteNetworkInterfacePermission",
        "ecs:CreateSnapshot",
        "hbr:DeleteSnapshot"
        "ecs:DescribeSnapshots",
        "ecs:DescribeSnapshotLinks",
        "ecs:CreateCommand",
        "ecs:InvokeCommand",
        "ecs:StopInvocation",
        "ecs:DeleteCommand",
        "ecs:DescribeCommands",
        "ecs:DescribeInvocations",
        "ecs:DescribeInvocationResults",
        "ecs:DescribeCloudAssistantStatus",
        "ecs:ModifyResourceMeta"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "vpc:DescribeVpcs",
        "vpc:DescribeVSwitches",
        "vpc:DescribeEipAddresses"
        vpc:AssociateEipAddress
      ],
      "Resource": "*",
      "Effect": "Allow"
    }
  ]
}

Delete the AliyunServiceRoleForHbrDr role

Before you delete the AliyunServiceRoleForHbrDr service linked role, you must remove all site pairs on the Cloud Disaster Recovery page of the Hybrid Backup Recovery console.

For more information about how to delete a service linked role, see Delete a service linked role.