This topic describes the service-linked role AliyunServiceRoleForNatgw for NAT Gateway and how to delete the service-linked role.
What is a service-linked role?
A service-linked role is a Resource Access Management (RAM) role that can be assumed only by the linked service. An Alibaba Cloud service may need to access other services to use a specific feature. Before you can access a service, make sure that you are authorized to access the service. Service-linked roles simplify the authorization process and avoid risks caused by user errors. For more information, see Service-linked roles.
Create a service-linked role
{
"Version": "1",
"Statement": [
{
"Action": [
"vpc:DescribeVSwitchAttributes"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:CreateNetworkInterface",
"ecs:CreateSecurityGroup",
"ecs:AuthorizeSecurityGroup",
"ecs:RevokeSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:JoinSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:LeaveSecurityGroup",
"ecs:DescribeSecurityGroups",
"ecs:AttachNetworkInterface",
"ecs:DetachNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:CreateNetworkInterfacePermission",
"ecs:DescribeNetworkInterfacePermissions",
"ecs:DeleteNetworkInterfacePermission",
"ecs:CreateSecurityGroupPermission",
"ecs:AuthorizeSecurityGroupPermission",
"ecs:RevokeSecurityGroupPermission",
"ecs:DeleteSecurityGroupPermission",
"ecs:JoinSecurityGroupPermission",
"ecs:DeleteSecurityGroupPermission",
"ecs:LeaveSecurityGroupPermission",
"ecs:DescribeSecurityGroupPermissions",
"ecs:AttachNetworkInterfacePermissions",
"ecs:DetachNetworkInterfacePermissions"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "nat.aliyuncs.com"
}
}
}
]
}