Cloud Native Application Performance Optimizer (CNP) uses the service-linked role AliyunServiceRoleForEfloCnp to access other Alibaba Cloud services on your behalf. This role is a Resource Access Management (RAM) role that CNP assumes to access other Alibaba Cloud services to implement CNP features in specific scenarios. For background on service-linked roles, see Service-linked roles.
Scenarios
To perform a performance evaluation for a Lingjun cluster, CNP needs to access the Application Real-Time Monitoring Service (ARMS) resources of the cluster. In this case, a service-linked role is required.
Permissions
The role grants CNP the following permissions:
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"arms:OpenVCluster",
"arms:CheckServiceStatus",
"arms:GetCloudClusterAllUrl"
],
"Resource": "*"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "cnp.eflo.aliyuncs.com"
}
}
}
]
}Delete the service-linked role
Delete AliyunServiceRoleForEfloCnp if you no longer need CNP to perform performance evaluations. After deletion, CNP cannot run performance evaluations for any cluster in the current account.
Log on to the RAM console. In the left-side navigation pane, choose Identities > Roles.
On the Roles page, enter AliyunServiceRoleForEfloCnp in the search box.
Click Delete Role in the Actions column.
In the Delete Role message, click Delete Role.