Before you use Auto Scaling, you must create the service-linked role AliyunServiceRoleForAutoScaling. Then, Auto Scaling can use the service-linked role to access cloud resources such as Elastic Compute Service (ECS) and Virtual Private Cloud (VPC). This topic describes how to manage the service-linked role AliyunServiceRoleForAutoScaling for Auto Scaling.
Prerequisites
- System policies. The two system policies are AliyunESSFullAccess and AliyunESSReadOnlyAccess. AliyunESSFullAccess provides the management permissions on Auto Scaling. AliyunESSReadOnlyAccess provides the ready-only permissions on Auto Scaling.
- Custom policies. The following code shows a sample custom policy:
Note Replace the value of <account ID> with the ID of your Alibaba Cloud account.
{ "Statement": [ { "Action": [ "ram:CreateServiceLinkedRole" ], "Resource": "acs:ram:*:<account ID>:role/*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": [ "ess.aliyuncs.com" ] } } } ], "Version": "1" }
Background information
The AliyunServiceRolePolicyForAutoScaling system policy is attached to the AliyunServiceRoleForAutoScaling service-linked role. System policies that are attached to service-linked roles are defined and used by the linked Alibaba Cloud services. You cannot add, modify, or delete permissions for service-linked roles. You can view policies attached to a RAM role in the RAM role details. For more information, see View the basic information about a RAM role.
Create AliyunServiceRoleForAutoScaling
When you use Auto Scaling, the system checks whether the AliyunServiceRoleForAutoScaling service-linked role is created for your account. If AliyunServiceRoleForAutoScaling is not created, the system prompts you that you do not have the required permissions. Perform the following steps to create AliyunServiceRoleForAutoScaling:
Delete AliyunServiceRoleForAutoScaling
After you delete AliyunServiceRoleForAutoScaling, you cannot use Auto Scaling to create or manage resources.