This topic describes the application scenarios of the service linked role AliyunServiceRoleForADBPG of AnalyticDB for PostgreSQL and provides guidance on how to delete the role.

Application scenarios

To implement some features, AnalyticDB for PostgreSQL uses the service linked role named AliyunServiceRoleForADBPG to access other Alibaba Cloud services. The service linked role is a type of Resource Access Management (RAM) role. For more information, see Service linked roles.

Role description

Role name: AliyunServiceRoleForADBPG

Permission policy attached to the role: AliyunServiceRolePolicyForADBPG

Permission description:

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "ecs:CreateNetworkInterface",
        "ecs:DeleteNetworkInterface",
        "ecs:AttachNetworkInterface",
        "ecs:DetachNetworkInterface",
        "ecs:DescribeNetworkInterfaces",
        "ecs:CreateNetworkInterfacePermission",
        "ecs:DescribeNetworkInterfacePermissions",
        "ecs:CreateSecurityGroup",
        "ecs:DeleteSecurityGroup",
        "ecs:DescribeSecurityGroupAttribute",
        "ecs:DescribeSecurityGroups",
        "ecs:ModifySecurityGroupAttribute",
        "ecs:AuthorizeSecurityGroup",
        "ecs:AuthorizeSecurityGroupEgress",
        "ecs:RevokeSecurityGroup",
        "ecs:RevokeSecurityGroupEgress"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "adbpg.aliyuncs.com"
        }
      }
    }
  ]
}

Delete the service linked role

Before you delete the AliyunServiceRoleForADBPG role, release all the instances that the role is bound to.