This topic describes the AliyunServiceRoleForLiveKes service-linked role for video encryption in ApsaraVideo Live, including its purpose and how to delete it.
Overview
AliyunServiceRoleForLiveKes is a service-linked role that ApsaraVideo Live uses to obtain access permissions on Key Management Service (KMS) and create encrypted key pairs.
Scenarios
ApsaraVideo Live automatically creates the AliyunServiceRoleForLiveKes role when you use video encryption.
Permissions
The following code shows the access permissions granted to the AliyunServiceRoleForLiveKes role:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource": "*",
"Effect": "Allow"
}
]
}Delete AliyunServiceRoleForLiveKes
If you no longer use video encryption, delete the AliyunServiceRoleForLiveKes role as follows:
Log on to the RAM console. In the left navigation pane, click Roles.
On the Roles page, enter AliyunServiceRoleForLiveKes in the search box and press Enter.
In the Actions column, click Delete.
In the Delete Role dialog box, click OK.
After it is deleted, the system automatically recreates it when you use the video encryption feature again.
References
Service-linked roles are RAM roles whose trusted entities are set to Alibaba Cloud services. These roles resolve cross-service authorization issues.