All Products
Search
Document Center

Elastic Compute Service:Manage the Auto Provisioning service-linked role

Last Updated:Apr 27, 2026

Create or delete the AliyunServiceRoleForAutoProvisioning role that Auto Provisioning uses to manage instances in your provisioning groups.

Prerequisites

If you log on as a RAM user, you must have the following permissions. See Grant permissions to a RAM user.

Permissions

Important

Replace <account ID> with your Alibaba Cloud account ID. A policy contains a set of permissions.

{
  "Statement": [
    {
      "Action": [
        "ram:CreateServiceLinkedRole"
      ],
      "Resource": "acs:ram:*:<account ID>:role/*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
        "ram:ServiceName": [
          "autoprovisioning.ecs.aliyuncs.com"
        ]
        }
      }
    }
  ],
  "Version": "1"
}

Create AliyunServiceRoleForAutoProvisioning

When you create an auto provisioning group, the system prompts you to create AliyunServiceRoleForAutoProvisioning if it does not exist. The role is automatically created after you confirm. To manually create the role, see Create a RAM role for a trusted Alibaba Cloud service.

Important

Service-linked role permissions are defined by cloud services and cannot be modified. To view the role permissions, see View RAM role details.

Delete AliyunServiceRoleForAutoProvisioning

To delete AliyunServiceRoleForAutoProvisioning, see Delete a RAM role.

Important
  • You must first delete all auto provisioning groups in all regions. See Delete auto provisioning groups.

  • After AliyunServiceRoleForAutoProvisioning is deleted, Auto Provisioning can no longer create or manage resources.

References

To create an auto provisioning group, see Create auto provisioning group.