AliyunServiceRoleForPolarDB is a service-linked role that grants PolarDB the permissions it needs to access other Alibaba Cloud services on your behalf. For more information about service-linked roles, see Service-linked roles.
When PolarDB uses this role
PolarDB assumes AliyunServiceRoleForPolarDB in the following scenarios:
Binding a private domain name: To bind a private domain name to a private IP address of a PolarDB cluster, PolarDB must access Alibaba Cloud DNS PrivateZone resources.
Migrating or cloning an ApsaraDB RDS for MySQL instance: When you create a PolarDB for MySQL cluster by migrating an ApsaraDB RDS for MySQL instance or clone an ApsaraDB RDS for MySQL instance to a PolarDB for MySQL cluster, PolarDB must access Data Transmission Service (DTS) resources.
Role details
Field | Value |
Role name |
|
Role policy |
|
Policy document:
{
"Action": [
"pvtz:DescribeUserServiceStatus",
"pvtz:DescribeZones",
"pvtz:DescribeZoneInfo",
"pvtz:DescribeZoneRecords",
"pvtz:CheckZoneName",
"pvtz:AddZone",
"pvtz:BindZoneVpc",
"pvtz:DeleteZone",
"pvtz:AddZoneRecord",
"pvtz:UpdateZoneRecord",
"pvtz:DeleteZoneRecord",
"dts:CreateDtsInstance",
"dts:ConfigureDtsJob",
"dts:StartDtsJob",
"dts:DescribePreCheckStatus",
"dts:DescribeDtsJobDetail",
"dts:DescribeDtsJobs",
"dts:ModifyDtsJob",
"dts:SuspendDtsJob",
"dts:StopDtsJob",
"dts:DeleteDtsJob"
],
"Resource": "*",
"Effect": "Allow"
}The pvtz:* actions cover DNS PrivateZone operations (creating zones, binding VPCs, and managing zone records). The dts:* actions cover DTS job lifecycle management required for RDS migration and cloning.
Delete the service-linked role
Before deleting AliyunServiceRoleForPolarDB, release all PolarDB clusters that depend on it.
To release a cluster, see Release a cluster. After all dependent clusters are released, delete the role from the RAM console.
For information about how to delete a service-linked role, see Delete a service-linked role.