The service linked role for CloudMonitor, AliyunServiceRoleForCloudMonitor, is the Resource Access Management (RAM) role that authorizes CloudMonitor to access other Alibaba Cloud services in certain scenarios.

Note For more information, see Service linked roles.

Scenario

When CloudMonitor automatically installs the CloudMonitor agent on hosts, CloudMonitor uses the AliyunServiceRoleForCloudMonitor role to obtain the permission to use Cloud Assistant.

Role description

This section describes the details of the AliyunServiceRoleForCloudMonitor role.

  • Name: AliyunServiceRoleForCloudMonitor
  • Policy attached to the role: AliyunServiceRolePolicyForCloudMonitor
  • Policy description: grants CloudMonitor the permissions to use Cloud Assistant to view status, run commands, and view command output on all instances of the current account.
    {
        "Version": "1",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "ecs:RunCommand",
                    "ecs:DescribeInvocations",
                    "ecs:DescribeCloudAssistantStatus"
                ],
                "Resource": [
                    "acs:ecs:*:*:instance/*",
                    "acs:ecs:*:*:command/*"
                ]
            }
        ]
    }               

Delete the AliyunServiceRoleForCloudMonitor role

To delete the AliyunServiceRoleForCloudMonitor role, perform the following steps:

  1. Log on to the CloudMonitor console. In the left-side navigation pane, click Host Monitoring. On the Host Monitoring page, check whether the New purchase ECS automatically installs cloud monitoring switch is turned off.
    If the New purchase ECS automatically installs cloud monitoring switch is turned on, click Switch to turn the switch off.
  2. Delete the AliyunServiceRoleForCloudMonitor role.
    For more information, see Delete a service linked role.