AliyunServiceRoleForPolarDB is the service-linked role for PolarDB. This topic describes the scenarios of the service-linked role and how to delete the service-linked role.
Background information
PolarDB may need to access other cloud services to implement features. Alibaba Cloud provides the AliyunServiceRoleForPolarDB role that allows PolarDB to access other cloud services.
Scenarios
-
If you want to bind a private domain name to a private IP address of PolarDB, PolarDB must access the resources of Alibaba Cloud DNS PrivateZone. In this case, PolarDB can assume the AliyunServiceRoleForPolarDB role to obtain the required access permissions.
-
When you Create a PolarDB for MySQL cluster by migrating an ApsaraDB RDS for MySQL instance and Create a PolarDB for MySQL cluster by cloning an ApsaraDB RDS for MySQL instance, you need to access DTS resources. You must use the service-linked role to obtain access permissions.
AliyunServiceRoleForPolarDB
Role name: AliyunServiceRoleForPolarDB
Role policy: AliyunServiceRolePolicyForPolarDB
Policy document:
{
"Action": [
"pvtz:DescribeUserServiceStatus",
"pvtz:DescribeZones",
"pvtz:DescribeZoneInfo",
"pvtz:DescribeZoneRecords",
"pvtz:CheckZoneName",
"pvtz:AddZone",
"pvtz:BindZoneVpc",
"pvtz:DeleteZone",
"pvtz:AddZoneRecord",
"pvtz:UpdateZoneRecord",
"pvtz:DeleteZoneRecord",
"dts:CreateDtsInstance",
"dts:ConfigureDtsJob",
"dts:StartDtsJob",
"dts:DescribePreCheckStatus",
"dts:DescribeDtsJobDetail",
"dts:DescribeDtsJobs",
"dts:ModifyDtsJob",
"dts:SuspendDtsJob",
"dts:StopDtsJob",
"dts:DeleteDtsJob"
],
"Resource": "*",
"Effect": "Allow"
}
Delete the service-linked role
Before you delete the AliyunServiceRoleForPolarDB role, you must release the PolarDB cluster that is dependent on the role.
- For more information about how to release an PolarDB cluster, see Release a cluster.