This topic describes the service-linked role of Backup and Disaster Recovery Center (BDRC) and how to delete the role.
Background information
A service-linked role for BDRC is a RAM role that BDRC assumes to access other cloud services. For more information about service-linked roles, see Service-linked roles.
When BDRC needs to access other cloud services, it uses an automatically created service-linked role to get the required permissions.
AliyunServiceRoleForBDRC
When BDRC needs to access services such as ECS, OSS, NAS, Tablestore, and Cloud Backup, it assumes the automatically created service-linked role AliyunServiceRoleForBDRC to obtain the required access permissions.
AliyunServiceRoleForBdrcRd
After you enable cross-account unified management and add member accounts, BDRC automatically creates the service-linked role AliyunServiceRoleForBdrcRd in each member account. This role accesses resources in services such as ECS, OSS, NAS, Tablestore, Cloud Backup, and Resource Center within the member accounts.
Permissions
This section describes the permissions for each service-linked role.
AliyunServiceRoleForBDRC
To perform basic data disaster recovery operations, BDRC requires access to resources in services such as ECS, OSS, NAS, Tablestore, and Cloud Backup.
Associated system policy: AliyunServiceRolePolicyForBDRC
Policy document:
{ "Version": "1", "Statement": [ { "Action": "ram:DeleteServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "bdrc.aliyuncs.com" } } }, { "Effect": "Allow", "Action": [ "ecs:DescribeRegions", "ecs:DescribeInstances", "ecs:DescribeDisks", "ecs:DescribeAutoSnapshotPolicyEx", "oss:ListBuckets", "oss:GetBucketStat", "oss:GetBucketVersioning", "oss:getBucketReplication", "nas:DescribeRegions", "nas:DescribeFileSystems", "nas:GetRecycleBinAttribute", "ots:DescribeRegions", "ots:ListInstance", "hbr:DescribeRegions", "hbr:DescribeUserBusinessStatus", "hbr:DescribeBackupPlans", "hbr:DescribeUniBackupInstances", "hbr:DescribeUniBackupPlans", "hbr:DescribeVaults" ], "Resource": "*" } ] }
AliyunServiceRoleForBdrcRd
After you enable cross-account unified management and add member accounts, BDRC automatically creates this role in each member account. The role allows BDRC to access resources in services such as ECS, OSS, NAS, Tablestore, Cloud Backup, and Resource Center for unified data protection management across accounts.
Associated system policy: AliyunServiceRolePolicyForBdrcRd
Policy document:
{ "Version": "1", "Statement": [ { "Action": "ram:DeleteServiceLinkedRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "ram:ServiceName": "rd.bdrc.aliyuncs.com" } } }, { "Effect": "Allow", "Action": [ "ecs:DescribeRegions", "ecs:DescribeInstances", "ecs:DescribeDisks", "ecs:DescribeAutoSnapshotPolicyEx", "ecs:ApplyAutoSnapshotPolicy", "oss:ListBuckets", "oss:GetBucketStat", "oss:GetBucketInfo", "oss:GetBucketVersioning", "oss:PutBucketVersioning", "oss:GetBucketReplication", "oss:GetBucketTagging", "nas:DescribeRegions", "nas:DescribeFileSystems", "nas:GetRecycleBinAttribute", "nas:EnableRecycleBin", "nas:UpdateRecycleBinAttribute", "ots:DescribeRegions", "ots:ListInstance", "ots:GetInstance", "hbr:DescribeRegions", "hbr:DescribeUserBusinessStatus", "hbr:DescribeBackupPlans", "hbr:DescribeUniBackupInstances", "hbr:DescribeUniBackupPlans", "hbr:DescribeVaults", "hbr:DescribePoliciesV2", "hbr:DescribePolicyBindings", "hbr:CreatePolicyBindings", "resourcecenter:GetResourceCenterServiceStatus", "resourcecenter:SearchResources", "resourcecenter:GetResourceConfiguration" ], "Resource": "*" } ] }
Delete the AliyunServiceRoleForBDRC role
If you no longer use BDRC, you should delete its service-linked roles for security.
Before you delete the AliyunServiceRoleForBDRC role, make sure that no BDRC resources exist within your account.
Log on to the RAM console.
In the left-side navigation pane, go to .
Search for the name of the role you want to delete, such as AliyunServiceRoleForBDRC.
In the Actions column, click Delete Role and follow the prompts.