This topic describes the service-linked role AliyunServiceRoleForLiveKes for the video encryption service of ApsaraVideo Live. This topic also describes how to delete this role.

The service-linked role AliyunServiceRoleForLiveKes is a RAM role provided for accessing Key Management Service (KMS) when the video encryption service of ApsaraVideo Live creates a key pair used for encryption.

Note For more information about the service-linked role, see Service-linked roles.

Scenarios

To access KMS, the video encryption service of ApsaraVideo Live obtains the access permissions by using the service-linked role AliyunServiceRoleForLiveKes that is automatically created.

Permissions

The following code shows the access permissions that the AliyunServiceRoleForLiveKes role has:

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "kms:Encrypt",
        "kms:Decrypt",
        "kms:GenerateDataKey"
      ],
      "Resource": "*",
      "Effect": "Allow"
    }
  ]
}

Delete the AliyunServiceRoleForLiveKes role

Assume that you use the video encryption service. If you need to delete the AliyunServiceRoleForLiveKes role for security reasons, you must be aware that the deletion causes the following effect: The video encryption service cannot create a key pair used for encryption, which may affect the use of the video encryption service.

To delete the AliyunServiceRoleForLiveKes role, perform the following steps:
  1. Log on to the RAM console. In the left-side navigation pane, click RAM Roles.
  2. On the RAM Roles page, enter AliyunServiceRoleForLiveKes in the search box. The RAM role named AliyunServiceRoleForLiveKes is returned in the search result.
  3. Click Delete in the Actions column.
  4. In the message that appears, click OK.