All Products
Search

This Product

    :RDS Custom service-linked role

    Document Center

    :RDS Custom service-linked role

    Last Updated:Aug 07, 2025

    This topic describes the scenarios for the RDS Custom service-linked role and how to delete the role.

    Background information

    A service-linked role is a RAM role that RDS Custom assumes to access other Alibaba Cloud services for specific features. For more information about service-linked roles, see Service-linked roles.

    AliyunServiceRoleForRds

    Role name

    AliyunServiceRoleForRds

    Policy for the role

    AliyunServiceRolePolicyForRds

    Permission details

    Content of the AliyunServiceRolePolicyForRds policy

    {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:CreateNetworkInterface",
                "ecs:DeleteNetworkInterface",
                "ecs:AttachNetworkInterface",
                "ecs:DetachNetworkInterface",
                "ecs:DescribeNetworkInterfaces",
                "ecs:CreateNetworkInterfacePermission",
                "ecs:DescribeNetworkInterfacePermissions",
                "ecs:CreateSecurityGroup",
                "ecs:DeleteSecurityGroup",
                "ecs:DescribeSecurityGroupAttribute",
                "ecs:DescribeSecurityGroups",
                "ecs:ModifySecurityGroupAttribute",
                "ecs:AuthorizeSecurityGroup",
                "ecs:AuthorizeSecurityGroupEgress",
                "ecs:RevokeSecurityGroup",
                "ecs:RevokeSecurityGroupEgress",
                "ecs:DescribeKeyPairs",
                "ecs:ModifyImageSharePermission",
                "ecs:DescribeImages"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "vpc:DescribeVSwitches",
                "vpc:DescribeVpcs"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ram:DeleteServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "rds-ecs-service.rds.aliyuncs.com"
                }
            }
        }
    ]
}

    Create the role

    This role is used for RDS Custom authorization. You can create the role as prompted in the console when you create an instance.

    Delete the role

    If you want to delete the service-linked role, you must first release all RDS Custom instances that rely on this service role.

    1. Unsubscribe from RDS Custom instances in the console. For more information, see Unsubscribe from an instance.

    2. Delete the AliyunServiceRoleForRds role. For more information, see Delete a service-linked role.

    References

    Introduction to RDS Custom