CloudMonitor:Manage the service-linked role for CloudMonitor

Scenarios

• When CloudMonitor automatically installs the CloudMonitor agent on hosts, CloudMonitor uses the service-linked role to obtain the permissions to use Cloud Assistant.
• When you use the log monitoring feature, CloudMonitor uses the service-linked role to obtain the permissions to read data from Log Service.
• When you import metric data from Alibaba Cloud services to CloudMonitor and use the resource usage report feature in Hybrid Cloud Monitoring, CloudMonitor uses the service-linked role to obtain the permissions to query the instances of other Alibaba Cloud services.
• When you use the alert service of CloudMonitor, CloudMonitor uses the service-linked role to obtain the permissions to query the instances of other Alibaba Cloud services.

Permission description

This section describes the permissions of the service-linked role.

• Name: AliyunServiceRoleForCloudMonitor
• Policy attached to the role: AliyunServiceRolePolicyForCloudMonitor
• Policy description: grants CloudMonitor the permissions to use Cloud Assistant to view status, run commands, and view command output on all instances of the current account.
  Note For more information about the policy, see AliyunServiceRolePolicyForCloudMonitor.

Create the service-linked role

When CloudMonitor automatically installs the CloudMonitor agent on hosts, CloudMonitor automatically creates the service-linked role.

Delete the service-linked role

To delete the service-linked role, perform the following steps:

1. On the Host Monitoring page, check whether Automatically Install CloudMonitor Agent on Newly Purchased ECS Instances is turned off.
   If Automatically Install CloudMonitor Agent on Newly Purchased ECS Instances is turned on, which is shown as , turn the switch off, which is shown as .
2. Delete the service-linked role.
   For more information about how to delete a service-linked role, see Delete a service-linked role.