All Products
Search

This Product

    Cloud Backup:Service linked role for ECS disaster recovery

    Document Center

    Cloud Backup:Service linked role for ECS disaster recovery

    Last Updated:Sep 21, 2023

    This topic describes the AliyunServiceRoleForHbrDr service linked role and how to delete the role.

    Background information

    In some cases, Cloud Backup may need to access resources from other cloud services to implement a disaster recovery-related feature. To meet the need, Alibaba Cloud offers a Resource Access Management (RAM) role named AliyunServiceRoleForHbrDr. For more information about service linked roles, see Service-linked roles.

    The ECS disaster recovery service of Cloud Backup may need to create vSwitches, security groups, Elastic Compute Service (ECS) instances, images, and other resources. You can use the AliyunServiceRoleForHbrDr service linked role to authorize the service to access Virtual Private Cloud (VPC) and ECS resources.

    Introduction

    Role name: AliyunServiceRoleForHbrDr

    Policy name: AliyunServiceRolePolicyForHbrDr

    Policy document:

    {
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "ecs:DescribeImages",
        "ecs:CreateDisk",
        "ecs:AttachDisk",
        "ecs:ReInitDisk",
        "ecs:DetachDisk",
        "ecs:DescribeDisks",
        "ecs:ReplaceSystemDisk",
        "ecs:DeleteDisk",
        "ecs:ResizeDisk",
        "ecs:CreateInstance",
        "ecs:StartInstance",
        "ecs:StopInstance",
        "ecs:RebootInstance",
        "ecs:DeleteInstance",
        "ecs:DescribeInstances",
        "ecs:CreateSecurityGroup",
        "ecs:DescribeSecurityGroups",
        "ecs:AuthorizeSecurityGroup",
        "ecs:AuthorizeSecurityGroupEgress",
        "ecs:DeleteSecurityGroup",
        "ecs:AllocatePublicIpAddress",
        "ecs:ModifyInstanceAttribute",
        "ecs:JoinSecurityGroup",
        "ecs:CreateNetworkInterface",
        "ecs:DeleteNetworkInterface",
        "ecs:DescribeNetworkInterfaces",
        "ecs:CreateNetworkInterfacePermission",
        "ecs:DescribeNetworkInterfacePermissions",
        "ecs:DeleteNetworkInterfacePermission",
        "ecs:CreateSnapshot",
        "ecs:DeleteSnapshot",
        "ecs:DescribeSnapshots",
        "ecs:DescribeSnapshotLinks",
        "ecs:CreateCommand",
        "ecs:InvokeCommand",
        "ecs:StopInvocation",
        "ecs:DeleteCommand",
        "ecs:DescribeCommands",
        "ecs:DescribeInvocations",
        "ecs:DescribeInvocationResults",
        "ecs:DescribeCloudAssistantStatus",
        "ecs:ModifyResourceMeta"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "vpc:DescribeVpcs",
        "vpc:DescribeVSwitches",
        "vpc:DescribeEipAddresses",
        "vpc:AssociateEipAddress"
      ],
      "Resource": "*",
      "Effect": "Allow"
    }
  ]
}

    Delete the AliyunServiceRoleForHbrDr role

    Before you delete the AliyunServiceRoleForHbrDr service linked role, you must remove all site pairs in the Cloud Backup console.

    For more information, see Delete a service-linked role.