All Products
Search

This Product

    :Advisor Service Association Role (Aliyun Service Role For Advisor)

    Document Center

    :Advisor Service Association Role (Aliyun Service Role For Advisor)

    Last Updated:Jun 28, 2024

    This article describes the service association role of Advisor and how to delete it.

    Background information

    Aliyun Service Role For Advisor is the RAM role provided by the Advisor in order to complete one of its own functions and obtain access to other cloud services. For more information about service association roles, see Aliyun Service Role For Advisor.

    Application scenario

    When the Advisor needs to access the resources of SLB (Server Load Balancer), VPC (Virtual Private Cloud), ECS (Elastic Compute Service) and other cloud services, the access rights can be obtained through the automatically created Aliyun Service Role For Advisor.

    Permission description

    The access permissions of Aliyun Service Role For Advisor for cloud services are as follows. For more information about permissions, see Permission Policy Management.

    Access Permissions for ECS

            {
            "Action": [
                "ecs:DescribeSnapshots", "
                 ecs:CreateDiagnosticReport", 
                "ecs:DescribeDiagnosticReports"
                "ecs:DescribeInstances",
                "ecs:DescribeTags",
                "ecs:DescribeDisks",
                "ecs:DescribeRegions",
                "ecs:DescribeInstanceMonitorData",
                "ecs:DescribeDiskMonitorData",
                "ecs:ValidateSecurityGroup",
                "ecs:DescribeCommands",
                "ecs:DescribeDisksFullStatus",
                "ecs:DescribeDeploymentSets",
                "ecs:DescribeAccountAttributes",
                "ecs:DescribeNetworkInterfaces",
                "ecs:DescribeSecurityGroups",
                "ecs:DescribeAccountAttributes",
                "ecs:DescribeDedicatedHosts",
                "ecs:DescribeDedicatedHostAutoRenew",
                "ecs:DescribeSecurityGroupAttribute"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }

    Access Permissions for SLB

            {
            "Action": [
                "slb:DescribeLoadBalancers",
                "slb:DescribeRegions",
                "slb:DescribeLoadBalancerAttribute",
                "slb:DescribeHealthStatus",
                "slb:DescribeLoadBalancerTCPListenerAttribute",
                "slb:DescribeLoadBalancerUDPListenerAttribute",
                "slb:DescribeLoadBalancerHTTPListenerAttribute",
                "slb:DescribeLoadBalancerHTTPSListenerAttribute"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }

    Access Permissions for VPC

            {
            "Action": [
                "vpc:DescribeVpcs",
                "vpc:DescribeVSwitches",
                "vpc:DescribeEipAddresses",
                "vpc:DescribeRegions",
                "vpc:DescribeEipMonitorData",
                "vpc:DescribePhysicalConnections"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },

    Delete the Advisor service association role (Aliyun Service Role For Advisor)

    Deleting Aliyun Service Role For Advisor will affect the data obtained by the Advisor. Please be careful. The steps to delete Aliyun Service Role For Advisor are as follows:

    1. Log in to the RAM console and click RAM Role Management in the left navigation bar.

    2. In the search box of the RAM role management page, enter Aliyun Service Role For Advisor to automatically search for the RAM role named Aliyun Service Role For Advisor.

    3. In the right action column, click Delete.

    4. In the Delete RAM Role dialog box, click OK.

    Restart Aliyun Service Role For Advisor

    If you still need to use cloud resources after deleting the Aliyun Service Role For Advisor, you will be prompted to create the Aliyun Service Role For Advisor. Log in to the Advisor console and complete the authorization according to the prompts.

    FAQ:

    Q:Why can't my RAM user automatically create Aliyun Service Role For Advisor?

    A:You need to have the specified permissions to automatically create or delete Aliyun Service Role For Advisor. Therefore, when RAM users cannot automatically create Aliyun Service Role For Advisor, you need to add the following permission policies for them:

    {
    "Statement": [
        {
            "Action": [
                "ram:CreateServiceLinkedRole"
            ],
            "Resource": "acs:ram:*:Main Account ID:role/*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": [
                        "advisor.aliyuncs.com"
                    ]
                }
            }
        }
    ],
    "Version": "1"
}
    Note

    Tips: Please replace the master account ID with your actual Alibaba Cloud account (master account) ID.