AliyunServiceRoleForServiceMesh is a service-linked role that is provided by Resource Access Management (RAM) to grant Alibaba Cloud Service Mesh (ASM) the access permissions on other Alibaba Cloud resources. This topic describes how to create and delete the service-linked role for ASM.
Background information
Service-linked roles are RAM roles that only the linked Alibaba Cloud services can assume. AliyunServiceRoleForServiceMesh is the service-linked role that is used to grant ASM the access permissions on other Alibaba Cloud services, such as Container Service for Kubernetes (ACK), Virtual Private Cloud (VPC), Server Load Balancer (SLB), Log Service, Tracing Analysis, Application Real-Time Monitoring Service (ARMS), and Cloud Enterprise Network. For more information about service-linked roles, see Service-linked roles.
Precautions
{
"Statement": [
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "servicemesh.aliyuncs.com"
}
}
}
],
"Version": "1"
}
Create the service-linked role for ASM
When you use ASM, the system checks whether the AliyunServiceRoleForServiceMesh service-linked role is created for your ASM service. If the AliyunServiceRoleForServiceMesh service-linked role is not created for your ASM service, the system instructs you to create the service-linked role. You can click Create on the Service-linked Role for ASM page to create the service-linked role.
System policies that are attached to service-linked roles are defined and used by the linked Alibaba Cloud services. You cannot add, modify, or remove permissions for service-linked roles. You can view the policies that are attached to a service-linked role on the details page of the service-linked role. For more information, see View the basic information of a RAM role.