Overview
The service linked role AliyunServiceRoleForDNS is a Resource Access Management (RAM) role that only Alibaba Cloud Domain Name System (DNS) can assume to access other Alibaba Cloud services. This topic describes the scenarios that the service linked role is applicable to and how to delete the role.
Background information
Alibaba Cloud DNS may need to access other Alibaba Cloud services to implement a specific feature. To meet this requirement, Alibaba Cloud provides the AliyunServiceRoleForDNS role that allows Alibaba Cloud DNS to access other Alibaba Cloud services. For more information about service linked roles, see Service linked roles.
Scenarios
When you use the DNS Monitoring feature, Alibaba Cloud DNS assumes the AliyunServiceRoleForDNS role to access your CloudMonitor resources. You do not need to manually create the service linked role. If the role does not exist, Alibaba Cloud DNS automatically creates the role when you use the DNS Monitoring feature.
Role description
- Role name: AliyunServiceRoleForDNS
- Policy name: AliyunServiceRolePolicyForDNS
- This permission policy grants Alibaba Cloud DNS the permission to access the CloudMonitor resources of the current account.
{"Version": "1","Statement": [{"Action": ["cms:QueryTaskConfig","cms:DescribeISPAreaCity","cms:CreateTask","cms:ModifyTask","cms:DeleteTasks","cms:DescribeTasks","cms:DescribeTaskDetail","cms:CreateAlarm","cms:DeleteAlarm","cms:UpdateAlarm","cms:ListAlarm","cms:QueryAlarm","cms:QueryMetricList","cms:QueryMetricLast","cms:QueryTaskMonitorData","cms:QueryStaticsAvailability","cms:QueryStaticsErrorRate","cms:QueryStaticsResponseTime","cms:QueryErrorDistribution"],"Resource": "*","Effect": "Allow"}]}
Delete the AliyunServiceRolePolicyForDNS role
Before you delete the AliyunServiceRoleForDNS role, you must delete all the created monitoring tasks in Alibaba Cloud DNS.
- For more information about how to delete a service linked role, see the “Delete a service linked role” section of the Service linked roles topic.