Manage the service-linked role - Developer‘s Guide| Alibaba Cloud Documentation Center

This topic describes how to use and delete the service-linked role AliyunServiceRoleForAnalyticDBForMySQL of AnalyticDB for MySQL.

Background information

To implement a feature, AnalyticDB for MySQL may require permissions to access other Alibaba Cloud services. The service-linked role AliyunServiceRoleForAnalyticDBForMySQL is a RAM role that authorizes AnalyticDB for MySQL to access such services. For more information about service-linked roles, see Service-linked roles.

Role description

Role name: AliyunServiceRoleForAnalyticDBForMySQL

Policy attached to the role: AliyunServiceRolePolicyForAnalyticDBForMySQL

Permission description:

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "log:GetProject",
        "log:ListProject",
        "log:GetCursorTime",
        "log:GetLogs",
        "log:GetHistograms",
        "log:GetContextLogs",
        "log:GetLogStoreLogs",
        "log:GetLogStoreHistogram",
        "log:GetLogStore",
        "log:ListLogStores",
        "log:GetConfig",
        "log:ListConfig",
        "log:GetShipperStatus",
        "log:GetCheckPoint",
        "log:HeartBeat",
        "log:UpdateCheckPoint",
        "log:PostLogStoreLogs",
        "log:CreateConsumerGroup",
        "log:UpdateConsumerGroup",
        "log:DeleteConsumerGroup",
        "log:ListConsumerGroup",
        "log:ConsumerGroupUpdateCheckPoint",
        "log:ConsumerGroupHeartBeat",
        "log:GetConsumerGroupCheckPoint",
        "log:CreateExport",
        "log:GetExport",
        "log:ListExport",
        "log:UpdateExport",
        "log:DeleteExport",
        "log:CreateJob",
        "log:GetJob",
        "log:ListJobs",
        "log:UpdateJob",
        "log:DeleteJob",
        "log:GetCursor",
        "log:PullLogs",
        "log:GetCursorOrData",
        "log:ListShards",
        "dts:CreateSynchronizationJob",
        "dts:ConfigureSynchronizationJob",
        "dts:DescribeSynchronizationJobStatus",
        "dts:StartSynchronizationJob",
        "dts:DeleteSynchronizationJob",
        "dts:DescribeSynchronizationJobs",
        "vpc:DescribeVpcAttribute",
        "ecs:CreateSecurityGroup",
        "ecs:AuthorizeSecurityGroup",
        "ecs:AuthorizeSecurityGroupEgress",
        "ecs:DeleteSecurityGroup",
        "ecs:CreateNetworkInterface"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "ads.aliyuncs.com"
        }
      }
    }
  ]
}

Method to delete the service-linked role

Before you delete the AliyunServiceRoleForAnalyticDBForMySQL role, you must release all the clusters that depend on the role.

For more information about how to delete a cluster, see Delete a cluster.
For more information about how to delete the service-linked role, see Delete a service-linked role.