Create, manage, or delete the AliyunServiceRoleForECSImageBuilder role that grants Image Builder access to OOS, ECS, and VPC resources.
Prerequisites
If you use a RAM user, the RAM user is granted permissions to use Image Builder.
Attach the following policy to grant the RAM user Image Builder permissions.
Replace <account ID> with your Alibaba Cloud account ID.
{
"Statement": [
{
"Action": [
"ram:CreateServiceLinkedRole"
],
"Resource": "acs:ram:*:<account ID>:role/*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"imagebuilder.ecs.aliyuncs.com"
]
}
}
}
],
"Version": "1"
}Background
Image Builder assumes the AliyunServiceRoleForECSImageBuilder role to access CloudOps Orchestration Service (OOS), ECS, and Virtual Private Cloud (VPC).
Create the AliyunServiceRoleForECSImageBuilder role
When you create an image component or template, the system automatically creates the AliyunServiceRoleForECSImageBuilder role if it does not exist in your account.
Call CreateImagePipeline to create image templates and CreateIageComponent to create image components.
Delete the AliyunServiceRoleForECSImageBuilder role
If you no longer need the AliyunServiceRoleForECSImageBuilder role, delete the RAM role.
Before you delete the AliyunServiceRoleForECSImageBuilder role, delete all image templates in all regions of your account.
After the role is deleted, Image Builder can no longer create, share, or distribute images.