Cloud Monitor:Manage the service-linked role for Cloud Monitor

Scenarios

• When Cloud Monitor automatically installs the Cloud Monitor agent on hosts, Cloud Monitor uses the service-linked role to obtain the permissions to use Cloud Assistant.

• When you use the log monitoring feature, Cloud Monitor uses the service-linked role to obtain the permissions to read data from Log Service.

• When you import metric data from Alibaba Cloud services to Cloud Monitor and use the resource usage report feature in Hybrid Cloud Monitoring, Cloud Monitor uses the service-linked role to obtain the permissions to query the instances of other Alibaba Cloud services.

• When you use the alert service of Cloud Monitor, Cloud Monitor uses the service-linked role to obtain the permissions to query the instances of other Alibaba Cloud services.

Permission description

This section describes the permissions of the service-linked role.

• Name: AliyunServiceRoleForCloudMonitor

• Policy attached to the role: AliyunServiceRolePolicyForCloudMonitor

• Policy description: grants Cloud Monitor the permissions to use Cloud Assistant to view status, run commands, and view command output on all instances of the current account.

  Note

  For more information about the policy, see AliyunServiceRolePolicyForCloudMonitor.

Create the service-linked role

When Cloud Monitor automatically installs the Cloud Monitor agent on hosts, Cloud Monitor automatically creates the service-linked role.

Delete the service-linked role

To delete the service-linked role, perform the following steps:

1. On the Host Monitoring page, check whether Automatically Install CloudMonitor Agent on Newly Purchased ECS Instances is turned off.

   If Automatically Install CloudMonitor Agent on Newly Purchased ECS Instances is turned on, which is shown as , turn the switch off, which is shown as .

2. Delete the service-linked role.

   For more information about how to delete a service-linked role, see Delete a service-linked role.